Pi-Hole, docker, docker-compose, x86 and Traefik as reverse proxy

Hi everybody,

I have some trouble getting pi-hole work in combination with my used reverse proxy Traefik in a docker environment.

I used https://github.com/diginc/docker-pi-hole as inspiration and I was able to create my own docker-compose.yml file. pi-hole starts and I’m able to reach the admin interface via

pihole.my.domain/admin

The port 80 is not exposed to the docker host as the reverse proxy uses it but the domain is routed to pi-hole. Unfortunately I can’t see the pi-hole blocked page in my setup and some requests in the browser (I suppose HTTPS requests) are slow and wait for a timeout.

As my network knowledge is exhausted I wanted to ask if there is any chance to get an example of a fully working pi-hole + docker-compose + traefik?

Thank you in advance,
Christoph

1 Like

I’d like to give this a shot, never used traefic before.

Are your Traefik & Pi-Hole containers in the same docker-compose file? each docker-compose stack gets it’s own segregated docker network, which you must connect to get inter-stack communication.

Hi,

no, traefik and pi-hole are separated and have their own docker-compose file. They are connected via a shared network.

Network definition in traefik docker-compose.yml:

networks:
 default:
  external:
     name: reverseproxy_default

Network definition in pi-hole docker-compose.yml

version: "3"
volumes:
  pihole:
services:
  pihole:
    container_name: pihole
    ...
    ports:
     - "53:53/tcp"
      - "53:53/udp"
    ...
	volumes:
      - pihole:/etc/pihole/
      # WARNING: if this log don't exist as a file on the host already
      # docker will try to create a directory in it's place making for lots of errors
      # - '/var/log/pihole.log:/var/log/pihole.log'
      - ./conf/02-lan.conf:/etc/dnsmasq.d/02-lan.conf
      - ./etc/pihole/lan.list:/etc/pihole/lan.list
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:pihole.my.domain"
      - "traefik.docker.network=reverseproxy_default"
      - "traefik.protocol=http"
      - "traefik.port=80"
      - "traefik.frontend.entryPoints=http"
    networks:
      - "reverseproxy_default"

networks:
  reverseproxy_default:
    external:
      name: reverseproxy_default

Hope this helps and thanks for your help!

hello, I am just curious. I’ve docker running on readynas os6 and have the pihole image. How did you get things to “work”?

I got this working by writing a custom catch all rule that acts as the ‘default server’. I thought it deserved it’s own post since it wasn’t very well search engine indexed / google-able. Made a quick blog for it:

http://www.techjunktrunk.com/docker/2017/11/03/traefik-default-server-catch-all/

The trick was making the pi-hole container the default traefik proxy site with the following labels:

      - "traefik.frontend.rule=HostRegexp:{catchall:.*}"
      - "traefik.frontend.priority=1"

That way when doubleclick.com or whatever random ad domain connects to the traefik proxy it gets routed correctly to pi-hole. The priority is how you prevent this from catching ALL traffic including your other containers.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.