I have stopped using the cloudflared proxy as my DoH interface and went to DNSCRYPT. I have been running this way over 6 months and haven't had any issues like I had with the cloudflared proxy. Here is my commented yaml file for docker-compose. You can use it as a template. You may want to do some reading on macvlan networks and some of their limitations for host access in docker but you will find that Pi-hole works best in this configuration.
Version: '2'
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
hostname: pihole2
domainname: somedomain.com # <-- Update
# mac_address: d0:ca:ab:cd:ef:01
cap_add:
- NET_ADMIN
networks:
pihole_network:
ipv4_address: 192.168.x.x # <-- Update
dns:
- 1.1.1.1
- 1.0.0.1
ports:
- 443/tcp
- 53/tcp
- 53/udp
- 67/udp
- 80/tcp
environment:
ServerIP: 192.168.x.x # <-- Update (match ipv4_address)
VIRTUAL_HOST: host.domain # <-- Update (match hostname + domainname)
WEBPASSWORD: letmein # <-- Add password (if required)
UTC: America/Chicago
DNS1: 192.168.x.x#53 # <-- DNS1 of pihole configured to DNSCRYPT address
DNS2: 192.168.x.x#53 # <-- DNS2 of pihole configured to DNSCRYPT address
volumes:
- '/volume1/docker/pi-hole/etc-pihole/:/etc/pihole/'
- '/volume1/docker/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
restart: unless-stopped
dnscrypt:
container_name: dnscrypt-proxy
image: gists/dnscrypt-proxy:latest
hostname: dnscrypt
domainname: somedomain.com # <-- Update
ports:
- 53/udp
- 53/tcp
networks:
pihole_network:
ipv4_address: 192.168.x.x # <--Update
volumes:
- '/volume1/docker/dnscrypt-proxy/dnscrypt-proxy.toml:/etc/dnscrypt-proxy/dnscrypt-proxy.toml' # <--custom toml file for easy editing
restart: always
networks:
pihole_network:
driver: macvlan
driver_opts:
parent: eth0 # <-- validate the native network inferface on host
ipam:
config:
- subnet: 192.168.x.x/24 # <-- Update
gateway: 192.168.x.x # <-- Update
ip_range: 192.168.x.x/32 # <-- Update