Pi-Hole, docker, docker-compose, x86 and Traefik as reverse proxy

flexguse · November 2, 2017, 4:08pm

Hi everybody,

I have some trouble getting pi-hole work in combination with my used reverse proxy Traefik in a docker environment.

I used https://github.com/diginc/docker-pi-hole as inspiration and I was able to create my own docker-compose.yml file. pi-hole starts and I'm able to reach the admin interface via

pihole.my.domain/admin

The port 80 is not exposed to the docker host as the reverse proxy uses it but the domain is routed to pi-hole. Unfortunately I can't see the pi-hole blocked page in my setup and some requests in the browser (I suppose HTTPS requests) are slow and wait for a timeout.

As my network knowledge is exhausted I wanted to ask if there is any chance to get an example of a fully working pi-hole + docker-compose + traefik?

Thank you in advance,
Christoph

diginc · November 2, 2017, 7:21pm

I'd like to give this a shot, never used traefic before.

Are your Traefik & Pi-Hole containers in the same docker-compose file? each docker-compose stack gets it's own segregated docker network, which you must connect to get inter-stack communication.

flexguse · November 2, 2017, 9:13pm

Hi,

no, traefik and pi-hole are separated and have their own docker-compose file. They are connected via a shared network.

Network definition in traefik docker-compose.yml:

networks:
 default:
  external:
     name: reverseproxy_default

Network definition in pi-hole docker-compose.yml

version: "3"
volumes:
  pihole:
services:
  pihole:
    container_name: pihole
    ...
    ports:
     - "53:53/tcp"
      - "53:53/udp"
    ...
	volumes:
      - pihole:/etc/pihole/
      # WARNING: if this log don't exist as a file on the host already
      # docker will try to create a directory in it's place making for lots of errors
      # - '/var/log/pihole.log:/var/log/pihole.log'
      - ./conf/02-lan.conf:/etc/dnsmasq.d/02-lan.conf
      - ./etc/pihole/lan.list:/etc/pihole/lan.list
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:pihole.my.domain"
      - "traefik.docker.network=reverseproxy_default"
      - "traefik.protocol=http"
      - "traefik.port=80"
      - "traefik.frontend.entryPoints=http"
    networks:
      - "reverseproxy_default"

networks:
  reverseproxy_default:
    external:
      name: reverseproxy_default

Hope this helps and thanks for your help!

helpme555 · November 3, 2017, 1:21pm

hello, I am just curious. I've docker running on readynas os6 and have the pihole image. How did you get things to "work"?

diginc · November 4, 2017, 5:04am

I got this working by writing a custom catch all rule that acts as the 'default server'. I thought it deserved it's own post since it wasn't very well search engine indexed / google-able. Made a quick blog for it:

The trick was making the pi-hole container the default traefik proxy site with the following labels:

      - "traefik.frontend.rule=HostRegexp:{catchall:.*}"
      - "traefik.frontend.priority=1"

That way when doubleclick.com or whatever random ad domain connects to the traefik proxy it gets routed correctly to pi-hole. The priority is how you prevent this from catching ALL traffic including your other containers.