New install of Pi-Hole running in a Docker Container does not allow Gravity to update

Help docker
,
1

Please help...I'm cross eyed!

Two days and no progress. I cannot see the problem and I do not know how to run the gravity db using the command line in a docker. I doubt the command line update would help.

Pi-Hole is the only thing I am running on a new Raspberry Pi 5, running the Raspberry Pi OS lite (64 bit) OS. I have sudo apt update && sudo apt upgrade -y several times today. I have started from scratch reinstalling the OS using the Raspberry Pi Imager v1.8.5 three times today.

The Raspberry is connected to the router by ethernet. I connect to it wirelessly.
I have rebooted the ASUS RT-AX82U Router (192.168.50.1) multiple times and have always had good internet connectivity via Google Fiber.

I have removed the docker container (docker rm --force pihole) and rerun the docker-compose.yml (docker-compose up -d), file included below, six or seven times in the past two days.

I can ssh into the Raspberry Pi 5 (192.168.50.226) and navigate around in it.

I can access the web interface for the Pi-Hole (192.168.50.245/admin).

I can ping the block list address and google.com from within the Pi-Hole directory.

The block lists have been Teleport/Import from a Pi 3B running Pi-Hole (no docker) without error. I have also removed block lists and reentered them manually.

Pi-Hole running in a Docker Container does not allow Gravity to update, sample is below (there are nine block lists total, only showing one for brevity):

[i] Neutrino emissions detected... [βœ“] Pulling blocklist source list into range

[βœ“] Preparing new gravity database
[βœ“] Creating new gravity databases
[i] Using libz compression

[i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
[βœ—] Status: Connection Refused
[βœ—] List download failed: no cached list available

[βœ“] Building tree
[βœ“] Swapping databases
[βœ“] The old database remains available
[i] Number of gravity domains: 0 (0 unique domains)
[i] Number of exact blacklisted domains: 39
[i] Number of regex blacklist filters: 0
[i] Number of exact whitelisted domains: 293
[i] Number of regex whitelist filters: 8
[βœ“] Cleaning up stray matter

[βœ“] FTL is listening on port 53
[βœ“] UDP (IPv4)
[βœ“] TCP (IPv4)
[βœ“] UDP (IPv6)
[βœ“] TCP (IPv6)
[βœ“] Pi-hole blocking is enabled

This is my docker-compse.yml file:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
      networks:
      pihole_network:
        ipv4_address: '192.168.50.245'
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'America/New_York ' # update according to your timezone
      WEBPASSWORD: 'password'
    volumes:
      - '/home/piledhigh/pihole/etc-pihole:/etc/pihole'
      - '/home/piledhigh/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

networks:
  pihole_network:
    driver: macvlan
    driver_opts:
      parent: eth0 # eth0 will need to be replaced by name of your ethernet network interface
    ipam:
      config:
        - subnet: 192.168.50.0/24
          gateway: 192.168.50.1

Taken, with modification, from the Ultimate Raspberry Pi Server: Pi-Hole with Docker Compose on YouTube.

I’m exhausted, been chasing my tail around for two days.

Please throw this dog a bone…any help will be gratefully appreciated.

CraigM

1 Like
2

I'm glad to hear that I'm not the only one went sideways for a few days ago. This lines up with when I lost mine with docker. Watching for updates.

3

I would suggest installing using the offical guide via the pihole github. Seems to be some differences. I've only played around with the docker images but using the guide on a 4B I had no issues OTB.

4

This is the real issue.
Your container is not able to access the Internet to download the lists.

Without a debug log is not possible to understand exactly what is causing the connection issue, but macvlan is an advanced network mode.
By default (without creating a special network interface), this mode doesn't allow communication between host and container, which usually causes connection issues.

If Pi-hole is the only thing running on the machine, why did you choose to use a macvlan network?

The default network mode (bridge) is usually simpler and, since you are not running other services, you probably don't need an IP for the container.

5

macvlan is not for the faint of heart.

The final statement in the docker-compose.yml file was changed to:
gateway: 192.168.50.1 update if needed
which is the address of the LAN setting in my ASUS RT-AX82U router. It seems perhaps this was the key change to get things working. I am just not sure, everything is blurring together. Even my notes are a mess.

I tried several things and ended up rebuilding the entire SD card from scratch again today...but the docker and Pi-Hole are both working now. Gravity updates and the Pi-hole is blocking network traffic again. Oh Joy!

Things that I tried to solve: Gravity Status: Connection Refused

At the command line I tried : sudo ip link set eth0 promisc on

That did not help on its own.

Then I tried: sudo ip link add macvlan-shim link eth0 type macvlan mode bridge

It did not seem to help with promisc set to on but I left it that way. "It is important to note, that the parent will go into promiscuous mode when a container is attached to the parent since each container has a unique MAC address." a quote from somewhere that ended up in my notes. Even when macvlan mode is not specified it defaults to a bridge configuration.

Then I added: sudo ip addr add 192.168.50.249/28 dev macvlan-shim. I changed the address of the Pi-Hole to see if that changed anything. It did not, so I moved it back to 192.168.50.226

This did not solve the updating the Gravity database issue.

I then changed it to: sudo ip addr add 192.168.50.226/28 dev macvlan-shim

That did not help either. I think the shim helped get the pihole-network talking to the full network but I am not sure.

I then fooled around with the DNS settings and the DHCP service on my ASUS RT-AX82U router. I am not using the DHCP from the Pi-Hole. The final setting is DNS1: 192.168.50.245 and DNS2: 1.1.1.1 in the LAN settings. I went to the WAN settings and manually assigned the same two addresses there.

Then somewhere between numerous reboots of the Pi updating Gravity started working. I wish I had a specific answer what exactly was wrong but I don't. The pihole-network lives happily at 19+2.169.50.245 while the Pi-Hole itself lives at 192.168.50.226. Thats the end result I was looking for.

Next is to get the Plex server running in a Docker. I won't even have the parts for that until the end of the week. I suspect that I will need to change the macvlan statements to something like:
parent: eth0.10 and
parent: eth0.20

I may run out of little grey cells soon!

This is the final version of the docker-compose.yml file I used:

services:
pihole:
container_name: pihole
image: pihole/pihole:latest
networks:
pihole_network:
ipv4_address: '192.168.50.245' update, assign open ip manually
ports:
- "53:53/tcp"
- "53:53/udp"
#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP serv>
- "80:80/tcp"
environment:
TZ: 'America/New_York' # update according to your timezone
WEBPASSWORD: 'password' update password
volumes:
- '/home/username/pihole/etc-pihole:/etc/pihole' update
- '/home/username/pihole/etc-dnsmasq.d:/etc/dnsmasq.d' update
cap_add:
- NET_ADMIN
restart: unless-stopped

networks:
pihole_network:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.50.0/24 update if needed
gateway: 192.168.50.1 update if needed

6

I am not sure but on day three I got it working. Working in this case means the Update Gravity works and the Pi-hole blocks traffic.

THANKS to those who responded and offered advice. I believe the issue was in the macvlan area. I've read a lot and gotten more confused.