Pihole database is a mess in self-created Docker image

I made a Docker image that runs with Pi-hole, Unbound and Keepalived.

Everything works except the database for the Pihole, which always messes up when I install a Pihole. What do you do so it just works?

I tried inside the docker container to do a:

rm /etc/pihole/gravity.db  
pihole -g

Didn't help. Anyhow, when using docker, it should just work from when starting the container.

The docker-compose.yml is like this:

version: '3.8'

services:
  pihole-unbound-keepalived:
    build: .
    container_name: pihole-unbound-keepalived
    hostname: pihole-unbound1
    cap_add:
      - NET_ADMIN        # Tillad ændringer i netværkskonfigurationen
      - NET_BROADCAST    # Tillad at sende broadcast pakker
      - SYS_MODULE       # Tillad indlæsning af kernelmoduler
    privileged: true       # Tillad fulde privilegier til containeren
    environment:
      - TZ=Europe/Copenhagen
      - WEBPASSWORD=the_password
      - PIHOLE_INTERFACE=eth0
      - PIHOLE_DNS_=127.0.0.1#5335 # Primær DNS-server (Unbound DNS)
      - DNSSEC=true
      - DNS_BOGUS_PRIV=true
      - DNS_FQDN_REQUIRED=true
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"   # Pi-hole web interface port
    restart: unless-stopped
    networks:
      pihole_network:
        ipv4_address: 10.27.20.5  # Pi-hole IP-adresse
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'

networks:
  pihole_network:
    external: true

Debug token: https://tricorder.pi-hole.net/oeLNw8p4/

Where's this image coming from? That's not a stock Pi-hole image.

From the Dockerfile I made.
But I think I got it now, made a .sh that delete the db after start up, and then create it again.

Can post it when I get back home.

Here is the Dockerfile I made.

# Brug Pi-hole's officielle image som base
FROM pihole/pihole:latest

# Installer Unbound, Keepalived og Nano
RUN apt-get update && \
    apt-get install -y \
    unbound \
    keepalived \
    nano \
    && rm -rf /var/lib/apt/lists/*

# Kopier konfigurationsfiler for Keepalived og Unbound fra lokal mappe
COPY ./keepalived.conf /etc/keepalived/keepalived.conf
COPY ./unbound.conf /etc/unbound/unbound.conf

# Start Unbound og Keepalived i baggrunden og Pi-hole i foreground
CMD sh -c "unbound -d & keepalived -n -l -D & pihole start"

You're missing all of the startup scripting from the pihole/pihole image.

Also, generally not a great idea to run services like that in the final command.

If you really want only one docker container, then using a supervisor like something described here:

Also, you are using docker-compose, much better off using the standard docker images for each service and running many services.

I would do something like this:


version: '3.8'

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    environment:
      TZ: 'America/New_York' # Set your timezone
      WEBPASSWORD: 'securepassword' # Set a secure password for Pi-hole
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80" # Web admin interface
    volumes:
      - pihole_data:/etc/pihole
      - dnsmasq_data:/etc/dnsmasq.d
    restart: unless-stopped
    depends_on:
      - unbound
    networks:
      pihole_net:
        ipv4_address: 192.168.1.2

  unbound:
    image: mvance/unbound:latest
    container_name: unbound
    ports:
      - "5335:53/udp" # Local Unbound DNS resolution
    volumes:
      - unbound_data:/opt/unbound/etc/unbound
    restart: unless-stopped
    networks:
      pihole_net:
        ipv4_address: 192.168.1.3

  keepalived:
    image: osixia/keepalived:latest
    container_name: keepalived
    environment:
      KEEPALIVED_UNICAST_PEERS: '#PYTHON2BASH:["192.168.1.2","192.168.1.3"]' # Adjust peer IPs
      KEEPALIVED_ROUTER_ID: '42'
      KEEPALIVED_PASSWORD: 'securepassword'
    volumes:
      - keepalived_data:/container/service/keepalived/assets
    restart: unless-stopped
    networks:
      pihole_net:
        ipv4_address: 192.168.1.4

volumes:
  pihole_data:
  dnsmasq_data:
  unbound_data:
  keepalived_data:

networks:
  pihole_net:
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.1.0/24

This is not tested. May not work, May not serve your needs. Could harass your cat. Your mileage may vary.

Let me know if you have questions.

1 Like

I am almost sure this will fail. My test with Pi-hole and Keepalived in their containers didn't work because Keepalives are using Pi-hole's network because of the failover.

vrrp_instance Pihole {
    state MASTER
    interface eth0
    virtual_router_id 2
    priority 200
    unicast_src_ip xxx.xxx.xxx.xxx
    unicast_peer {
        xxx.xxx.xxx.xxx
    }
    authentication {
        auth_type PASS
        auth_pass secret-code
    }
    virtual_ipaddress {
        xxx.xxx.xxx.xxx/24
    }
}

Got it work now with a work around.
Probably not the right way to due it, but it is working.

#!/bin/bash
set -e

echo "Checking configuration files and services..."

# Make sure necessary configuration files exist
if [ ! -f /etc/keepalived/keepalived.conf ]; then
echo "Missing Keepalived configuration file! Exiting."
exit 1
fi

if [ ! -f /etc/unbound/unbound.conf ]; then
echo "Missing Unbound configuration file! Exiting."
exit 1
fi

# Start Unbound in the background
echo "Starting Unbound DNS resolver..."
unbound -d &

# Start Keepalived in the background
echo "Starting Keepalived..."
keepalived -n -l -D &

# Wait for Pi-hole's setupVars.conf to be ready (e.g. on first boot)
while [ ! -f /etc/pihole/setupVars.conf ]; do
echo "Waiting for setupVars.conf..."
sleep 1
done

# Remove existing pihole-FTL.db if necessary
if [ -f /etc/pihole/pihole-FTL.db ]; then
echo "Removing existing pihole-FTL.db..."
rm /etc/pihole/pihole-FTL.db
fi

# Start Pi-hole
echo "Starting Pi-hole..."
exec /s6-init
1 Like