Make Pi-Hole first time setup more appealing for the masses


#1

I would like to raise awareness for the need of a much easier first time setup process.

I’m using Pi-Hole myself for almost a year now.
I consider the main functionality of Pi-Hole has reached ‘good enough’.
It has most of the featueres needed to do a network-wide adblocking and tracking-blocking.
Lots of bugs were cleared out of the way.
All Pi-Holes I’ve setup are running stable 24/7 now.

Recently I’ve started setting up Pi-Holes for family & friends.
What came to my mind while another person (non IT guy) was watching me doing the setup was: He would have never ever been able to do this himself!
ssh, command line, copy&paste install script download. No way!
And then Pi-Hole setup setting the static IP on initial install makes it impossible to pre-provision Pi-Holes where you don’t know the IP net and a free IP in advance.

I feel like the time has come for Pi-Hole to get a ‘ssh-less’ setup process and thereby be more appealing for the masses.
For example:

  1. Buy Raspberry Pi & supply.
  2. Etch complete Pi-Hole image on microSD card and start it.
    (Alternative: Sell Raspberry Pi Kit incl. ready to start microSD card.)
  3. Find Pi-Hole’s IP address on network.
  4. Open webbrowser and complete Pi-Hole setup incl. static IP.
  5. Change DNS server in router/DHCP server. (Provide a website/database with screenshots for most common routers.)
  6. Login to Pi-Hole and fine-tune blocking if needed.
    Done.

Ready-to-use image should include:

  • Default option to install and use unbound as your own DNS server
  • Unattended updates for security updates enabled
  • SSH login rules
  • UFW installed and enabled with propper rules
  • Fail2ban installed and enabled
  • Web interface should ask for new ‘pi’ user password on first login
  • Better set of default Blocklists, Whitelists and Blacklists
  • Turn logging off and use privacy leve 3 as default

I would love to see Pi-Hole become more popular! :slight_smile:


#2

What security updates are you referring to?

How would you define a “better” set?


#3

Thank you for this hint!
Sorry, I was not able to find this myself due to bad german translation of the article’s title.

https://wiki.debian.org/UnattendedUpgrades

Looking for the sweet spot of blocking and not blocking I found so many posts on the web where users struggle with this. And I don’t understand the necessity of this.


Why let almost every new Pi-Hole user run into trouble with so many commonly used services and not do something about it? Just include this whitelist and give a hint how to deactivate it if needed.
Fun fact: I wasn’t able to pay with paypal for my Pi-Hole patreon account until I found out that js.braintreegateway.com was part of a blocklist. Why hurt yourself this way?

On the other hand I wonder why blocking the tracking of smart TVs isn’t part of the default blocklist set, for example. That was one of the most important arguments for family & friends getting a Pi-Hole.


Sooner or later most users will find this list and end up copying it into Pi-Hole blocklists section, no?
Why not include a longer list of blocklists and give the user the option to select/unselect those in the setup process?


#4

I looked into it. From the Q&A section it reads: ‘You will need to run a simple command in the Terminal to setup the Pi-hole on the Raspberry Pi…’
This is a high wall and will make it impossible for most non-IT people to install it on their own.
That’s what I meant. Why not make the setup process easier to complete. Why not use the web interface for the setup process as well?


#5

The options you want are unique to your needs, and are not likely desired by most other users. That is why Pi-Hole is configurable to meet individual needs.

Several of the items you want on a base image change OS software or otherwise modify the behavior of the OS, and that is not something that Pi-Hole should do. Unattended updates, additional firewalling (UFW), additional software unrelated to Pi-Hole function (Fail2Ban), changing the Pi user password from Pi-Hole.

For your custom configuration in setting up additional Pi-Holes, you should write a script that puts all these features on the Pi prior to deployment as a Pi-Hole, and then insert your own desired block lists, blacklist and whitelist tailored to your needs.


#6

This was something you did. Searching the default 7 block lists, this domain is not blocked. It appears to have been included in a block list that you loaded after installation.

If more block lists are added at installation, then more sites are blocked, and user experience suffers. If whitelists are then added, there could be unintended effects.

A recent change in Pi-Hole (V4 I think) was that whitelists for blocklists-serving domains were removed from the software; for that reason.


#7

I understand that you have to draw a clear line between things that are part of the Pi-Hole solution – and things that aren’t.
And I don’t want to criticise Pi-Hole as beign such a nicely configurable solution. Not at all!

What I’m saying is, that regular people aren’t able to get their own Pi-Hole, the way the setup process is designed at the moment.
You still have to have pretty much IT knowledge for beign able to setup your own Pi-Hole.
That could be changed. Next to the current option with the install script there could be a second option to install Pi-Hole.

Yes, I can build the image mentioned above myself and/or maybe script many of the parts I mentioned.
But here’s the line that I have to draw for myself. I’m not the one to design Pi-Hole for a greater audience.
That can only come from Pi-Hole itself.

Let me sum up the things that I’m not able to script as they aren’t part of the Pi-Hole solution right now:

  • Pre-install Pi-Hole in a state where it does not need to have a static IP, yet.
  • Complete Setup later using the web interface.
  • Password set by setup completion using the web interface.
  • Provide a longer list of inactive blockist, that then can be simply activated using the web interface
  • Provide a list of commonly whitelisted domains that then can be simply activated using the web interface.

For me, Pi-Hole is not about ad blocking. It’s about privacy.
And I would love to see more people beign able to take care of their privacy on their own.


#8

I agree that making the process even easier will appeal to a wider audience, but the very nature of a network-wide DNS-based blocker is much more technical than say installing an ad blocking browser plugin.

There are several companies/products that have already come closer to achieving what you are asking for with a “plug and play” box that’s “easy,” but those also often come with the sacrifice of openness that you get with Pi-hole.

All that aside, I’m personally impressed that non-technical people are able to effectively setup and secure a wireless SSID with a password, and sometimes even set up a 2.4 and 5GHz network. People were doing this with a router’s Web interface even before they had all the helpful GUIs and wizards to help them set things up.

If people can accomplish that technical task, then it seems to me that it’s not unreasonable to think they will learn more about DNS as network-wide ad blockers become more mainstream. True, there can be a lot of steps to installing a Pi-hole if you’re setting it up on a raspberry Pi for example, but that’s not to say we shouldn’t strive to make the install as easy as possible as you are recommending–I think that’s a reasonable goal to have and I think this feature request is a good one to have out there.