What is Pi-hole
Pi-Hole is a light weight DNS server originally made for the Raspberry Pi. Although it was designed for the Raspberry Pi it can be run on many different favors of Linux. It allows for a user to control DNS and do network wide ad blocking.
Requirements
System Specs
Min. 2GB free space, 4GB recommended |
512MB RAM |
Operating Systems
Linux | Release | Architecture |
Raspberry Pi OS | Buster / Bullseye | ARM |
Armbian OS | Any | ARM / x86_64 / riscv64 |
Debian | 20.x / 22.x / 23.x | ARM / x86_64 / i386 |
Fedora | 38 / 39 | ARM / x86_64 |
CentOS Stream | 8 / 9 | x86_64 |
Ubuntu | 10 / 11 / 12 | ARM / x86_64 |
Required Firewall Ports
Service | Port | Protocol |
pihole-FTL | 53 (DNS) | TCP/UDP |
pihole-FTL | 67 (DHCP) | IPv4 UDP |
pihole-FTL | 547 (DHCPv6) | IPv6 UDP |
lighttpd | 80 (HTTP) | TCP |
pihole-FTL | 4711 | TCP |
Installing Pi-hole
There are four recommended ways to install Pi-Hole. The first is to install it using the Pi-Hole script. It second is to install it using Docker. The third is a cloning the Pi-hole repository. The fourth is a manual install. We will cover all of these below. We will be installing in a Debian 12 container.
Before setting Pi-hole we should open up the firewall. Although it will work without setting the firewall it is best practice to have a firewall in place.
ufw allow 80/tcp
ufw allow 53/tcp
ufw allow 53/udp
ufw allow 67/tcp
ufw allow 67/udp
If you plan on using IPv6 add the following line. If not leave it out.
ufw allow 546:547/udp
Method 1: Installing via a one-step automated script.
This is the easiest way have installing Pi-hole.
First we will need to install a few other packages including sudo. We will first need to run update then install sudo. Some Linux packages already include sudo. Sudo allows a non-privileged user to act as a root. From a security stand point it is safer than running commands directly from root.
apt-get update
apt-get install sudo -y
Now we can create a user
adduser <userid>
We now must add the user to the sudo group.
moduser -aG sudo <userid>
We can now login using our newly created account and install curl.
apt-get install curl -y
We are now ready to install Pi-hole from a script.
curl -sSL https://install.pi-hole.net | bash
Answer yes to all the questions. It will has for an upstream DNS provider. I would recommend Google or Cloudflare. It will then install everything and give you login information.
Method 2: Clone the Pi-hole Repository
In this method we will use the automated install script but will use a cloned repository to run it. It is very similar to method one and will require sudo. It also will require git.
We will first need to run update then install sudo. Some Linux packages already include sudo. Sudo allows a non-privileged user to act as a root. From a security stand point it is safer than running commands directly from root.
apt-get update
apt-get install sudo -y
Now we can create a user.
adduser <userid>
We now must add the user to the sudo group.
pihole@piholedemo:~$ sudo apt-get install git -y
Simply run the following command.
git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
cd "Pi-hole/automated install/"
sudo bash basic-install.sh
Answer yes to all the questions. It will has for an upstream DNS provider. I would recommend Google or Cloudflare. It will then install everything and give you login information.
Method 3: Installing in a Docker container
We will be using Docker and Docker Compose to install Pi-hole in a Docker container. It will require us to install Docker and the Docker Compose plugin along with sudo if not already added.
We will first need to run update then install sudo. Some Linux packages already include sudo. Sudo allows a non-privileged user to act as a root. From a security stand point it is safer than running commands directly from root.
apt-get update
apt-get install sudo -y
Simply run the following commands to install Docker and Docker Compose
sudo apt-get install docker -y
sudo apt-get install docker -y
We will make a directory for the container and cd into it.
mkdir pihole
cd pihole
Use your favorite editor to create “docker-compose.yml” that will hold all server parameters.
nano docker-compose.yml
Paste the following syntax into the file modifying it for your needs and time zone.
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
environment:
TZ: 'America/New_York'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
Ctrl-X to exit and save.
Run the Docker Compose command to bring up the container. Depending on your system it will be “docker compose up -d” or “docker-compose up -d”
sudo docker-compose up -d
We now must change the password to access the web interface. The command would be pihole -a -p, but since we are running it in a container the command must be run inside the container.
sudo docker exec -ti <container name> pihole -a -p
Pi-hole is now set up.
Method 4: Manual Install
This method involves downloading the binaries to the server and installing them locally. This was is a little slower, but is still straight forward.
We will first need to run update then install sudo. Some Linux packages already include sudo. Sudo allows a non-privileged user to act as a root. From a security stand point it is safer than running commands directly from root.
apt-get update
apt-get install sudo -y
We will use wget to download the binaries from the web and run them locally
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh
Answer yes to all the questions. It will has for an upstream DNS provider. I would recommend Google or Cloudflare. It will then install everything and give you login information.
Conclusion
With any luck you should have access the admin page of Pi-hole.