2023 user assist queries adguard home docker
[ updated as of 12 aug 2023 ]
Do refer to my 2nd postings, it will work regardless what settings you have done on your Gold/ Purple etc,
Does it work during travel , as Travel Router ? --> Yes, but takes time to boot up and load
Alternatively --> Gl-iNet Slate AX (GL-AXT1800) , if you need to keep your purple at home, or you have 2 extended groups of families/ friends
Regarding having traffic to flow through the Adguard
[Docker AdGuard ] -->
Via [ Firewalla App ] --> [ Network Manager ] --> your default [ Local Network ] , the one you first create for your home network, --> Edit --> change the [ Primary DNS Server ] to 172.16.0.2
** if you followed my 2nd posting, that's the ip address ive set for my own AdGuardHome
*** should you use other ip-address, feel free and remember to set the DNS server to that
As of now, I do not, know how to automatically update it, without redoing the purple [ as ive no idea how Firewalla does its image backup for us, its 50.50 ]
Some of the recommended lists, [ fkfkadblock / project block list ] followed by the default adguard lists,
and no, it doesn't Borg down my purple at all, base from SSH and then docker status , its barely hitting its 40% cpu or ram.
Why not pihole ? --> adguard is more flexible and layman, if I were to recommend and subsequently become that [ IT Guy/ person ] for my friends or extended family, pihole will just make it more complex. Adguard is easier on the [ visual ] and [ remote screenshot support ]
will try to visit this thread every now and then , to see if ive found anything new, however, most of the Adguard recommendations, ive reference from [ asusmerlin ] and redidit ,
cheers ! and on with the main Post
---------------------------------
Referencing to the older posts [ 2 years back ]
wondering if im missing out
https://help.firewalla.com/hc/en-us/community/posts/1500000495762-AdGuard-Home-Docker
Questions as follows :
1) do i have to install [ Docker ] via ssh first ?
or its simply following what @mastadon extinction , the poster has done ?
Creating the directory
/home/pi/.firewalla/run/docker/AdGuardHome
by mkdir /home/pi/.firewalla/run/docker/AdGuardHome
followed by @Nishal Patel's corrected VI version
version: "3"
services:
adguardhome:
container_name: adguardhome
image: adguard/adguardhome
volumes:
- '/data/adguardhome/work/:/opt/adguardhome/work'
- './adguardhome/conf/:/opt/adguardhome/conf'
restart: unless-stopped
networks:
default:
# static IP address for adguardhome
ipv4_address: 172.16.0.2
networks:
default:
driver: bridge
ipam:
config:
# your chosen docker network here
- subnet: 172.16.0.0/24
2) for the IPV4 address and subnet,
Do i have to specially reserve the [ static ip ] , say [ 192.168.50.3 ] and [ 192.168.50.0/24 ] in firewalla first ?
Last querey from Alessandro Miccono, made me post this as, there doesnt seem to be alot of response, which, brought me to create this new thread in the first place
Summary : do i have to run [ Docker ] setup first ? before running [ Adguard pihole for docker ] thread ?
and do i have to reserve IP addresses prior in creating ?
or am i understanding, completely wrong, that the 172.16.0.2 is actually the ip address produced, when logging in to pi@ipadress ??
do thank any one in advance for pointing me to the right steps, as ive gotten some routing issues which im actually confused the steps in setting up adguard home
[ why adguard home : just for the more versatile expandsion from Country / Language base formatting ]
humbly
-
An update,
ive finally figured out what ( might have ) went wrong initially.
[ im a purple user btw ]
The following links are required for reference materials :
1) The original ADguard home docker reference thread , by [ mastadon extinction ]
https://help.firewalla.com/hc/en-us/community/posts/1500000495762-AdGuard-Home-Docker2) the Guide from Firewalla team :
** you must follow the steps first, and remove any if not all of the related docker folders **
Personal tip : for those steps with mkdir/ create folder,
do a :
[ rm -rf ] /< long directory > , before actually creating, this will solve alot of future headaches.
3) AdGuard home In docker on golde [ thread query ]https://help.firewalla.com/hc/en-us/community/posts/360052119873-AdGuard-Home-In-Docker-on-Gold-
specifically, post from [ Marino Rancier ] helped tons
** ssh within terminal, is where all the commands are, search in the forums for enabling and doing ssh on your purple **
now on to the stepsStep 1-> clear out all and any of the folders listed, from those threads and guides
using the following
sudo su -
systemctl stop docker-compose@*
systemctl stop docker
cd /var/lib/docker/
rm -rf overlay2/*
systemctl start docker
sudo docker system prune -a
exitStep 2--> Remove the ip docker0 and/or bridge
code:
ip link delete docker0
** note that, whenever you ssh into your firewalla , the terminal, will display briefly the IPv4 and 6 addresses **those listed , apart from the Docker0 or BrXXX, are the same as your networks, VLANs, created within the firewalla app
e.g if you navigate to [ Network Manager ],it displays the list of LAN/ WAN / and in my case the WLAN ive set for whenever i travel with my PurpleFor those who arent familiar or not noticing at first, googling [ removal of docker ip address in ubuntu linux terminal ] should explain moreStep 3--> Proceed to the steps listed in/ from those threads, but ive sorted of recombo from those 2 greatscreate directory [ /home/pi/.firewalla/run/docker/adguardhome ]bymkdir /home/pi/.firewalla/run/docker/adguardhome
** note, that, this is where, the biggest mistake i made, for following exactly what [mastadon extinction ] did,but its actually lower caps adguardhome, and not AdGuardHomeif one is careful enough, which i wasnt, the code inserted all points to the lower caps adguardhome, instead of ADGuardHome
**create the file [ docker-compose.yaml ]bytouch docker-compose.yaml
Step 4 -->
validate bycd /home/pi/.firewalla/run/docker/adguardhome
then followed byls
there should be a docker-compose.yaml file listedStep 5 -->
vi the filevi docker-compose.yaml
** as a complete beginner, and the absolute lack of help from the forums, this is to assist those who have and wish to cross and try out adguard / docker **
google for vi usage and commands on Linux terminal, vi, basically is the editor inbuilt within the Firewalla devices [ ubuntu base ]Step 6 --> press [ i ], to start " inserting / pasting the codes " for the docker-compose yaml file** yaml basically is the yet-another-markdown-language file type, but as those 2 threads and the discussions have mentioned, its very sensitive to spacing and what not **Step 7 --> copy and paste the following** ive copied from [ Marino Rancier ], as his has the cleanest yaml layout and what not **
*** ive changed the ip addresses, to follow [ mastadon extinction ]'s ip address **version: "3"
# More info at https://github.com/r/adguard/adguardhome
services:
adguardhome:
container_name: adguardhome
image: adguard/adguardhome
volumes:
- '/data/adguardhome/work/:/opt/adguardhome/work'
- './adguardhome/conf/:/opt/adguardhome/conf'
restart: unless-stopped
networks:
default:
# static IP address for adguardhome
ipv4_address: 172.16.0.2
networks:
default:
driver: bridge
ipam:
config:
# your chosen docker network here
- subnet: 172.16.0.0/24
after pasting the above,[ note your adguardhome is address 172.16.0.2 ]press [ esc ] on your keyboard,key in ::wq!
that will " save and Quit"Step 8 --> from here, im a complete novice, and if any networking expert can correct me or to educate why its required or not required, just post away
the following are to be entered, line by line in your ssh terminal
sudo systemctl start docker
sudo docker-compose pull
sudo docker-compose up --no-start
sudo ipset create -! docker_lan_routable_net_set hash:net
sudo ipset add -! docker_lan_routable_net_set 172.16.0.2/24
sudo ipset create -! docker_wan_routable_net_set hash:net
sudo ipset add -! docker_wan_routable_net_set 172.16.0.0/24
sudo ip route add 172.16.0.0/24 dev br-$(sudo docker network inspect adguardhome_default |jq -r '.[0].Id[0:12]') table lan_routable
sudo ip route add 172.16.0.0/24 dev br-$(sudo docker network inspect adguardhome_default |jq -r '.[0].Id[0:12]') table wan_routable
sudo docker-compose up --detach
sudo systemctl start docker-compose@adguardhometo explain what happens,docker-compose pull, will start to download adguardhome and the binary etcdocker-compose up --no-start is to enable the docker for adguard but not start the thingipset and route, here, i suspect is to add the routes and ip into your firewalla and thus allowing the traffic to be routed and detected
sudo systemctl start docker-compose@adguardhome --> basically starts up your adguardwhich from [ mastadon extinction ] , is 172.16.0.2:3000, that was configured earlier on
Step 9 --> optional, from [ mastadon extinction ]make directory [ /home/pi/.firewalla/config/post_main.d/ ]mkdir /home/pi/.firewalla/config/post_main.d/
create batch file[ start_AdGuard_home.sh]touch start_AdGuard_home.sh
check the file exists[ ls ]vi start_AdGuard_home.sh
press [ i ] to editpaste the followingsudo systemctl start docker
sudo ipset create -! docker_lan_routable_net_set hash:net
sudo ipset add -! docker_lan_routable_net_set 172.16.0.0/24
sudo ipset create -! docker_wan_routable_net_set hash:net
sudo ipset add -! docker_wan_routable_net_set 172.16.0.0/24
sudo systemctl start docker-compose@adguardhomepress [ esc ]:wq!hit enter10) --> check the contentscat start_AdGuard_home.sh
thus, i hope this resolves, any future newbies like myself and not stop people from trying out
j , sg -
@W M
Im not sure what your asking is,but i am interpreting it as , [ i want to have specific ip addresses, but its not showing up in ADguard home ]
Firstly ,
For the above set up, the firewalla [ DNS Service ] is [ Disabled/ not switched on ],
im using the purple, thus theres no Unbound,
For the Reserved IPs, its almost impossible due to the nature of how my setup is done,
[ ISP fiber to router ( just routing the fiber to network ) --> to my Firewalla --> to Asus router ( as AP ) ]
As [ FIrewalla ] device is configured as the main [ DHCP provider] , your/ our ADguard home will only see traffic as [ 172.16.01 ] if you have followed the guide above
im not very knowledgeable nor too familiar, but all i know is, if you enabled [ DNS SERVICE ] via firewalla, the adblocking will not work, at least for my case, nothing shows up on the ADGuard home.
Validated by :
[ Enable Unbound ] --> Disable [ ADguard home via the web GUI ] --> refresh page --> [ Re-enable ADGuard home ] --> refresh the [ Query Log ]
repeat the above [ enable/ disable ] to confirm either my setup was not really proper, or that theres something interferring with ADGuards [ sight ], as mentioned earlier, theres only the main [ 172.16.0.1 ] with all the requests counts -
@ Jay Carter,
thanks for chiming in,
for those not aware : https://help.firewalla.com/hc/en-us/articles/360035362614-What-is-DNS-Booster-#:~:text=DNS%20Booster%20is%20Firewalla's%20DNS,websites%20and%20other%20internet%20domains.
and for my setup, it is enabled and applied to all devices
so not sure where else or what is missing , however , it works as long [ Unbound ] isnt enabled on my firewalla purple -
gotcha and i think i've figured out that i was just confused trying to understand the client settings page on adguardhome...due to pervious experimentation with pi-hole where i feel like it pulled through more information than just the IP address. (honestly i've just been fiddling a little too much)
appreciate the time spent helping me figure it out!
-
@kyle
at the moment, i wouldn't have the exact steps nor do i know how [ or if it does automatically update ] , however, it might be possible to simply pull the installer, and overwrite it, with your config still intact,
was this your post on reddit ?
https://www.reddit.com/r/AdGuardHome/comments/15nllfm/how_to_update_adguard_home_docker/
https://hub.docker.com/r/adguard/adguardhome --> seems like there is a section
Pull the new version from Docker Hub:-
docker pull adguard/adguardhome -
docker stop adguardhome docker rm adguardhome
though point 2, isnt necessary, i recokon, would have to do some testing first, mind you, as i dont see a need to force update/ nor auto update frequently, just because its running as a docker instance,
but for our purpose, it should and likely to be back to using
sudo systemctl start docker
sudo docker-compose pull
sudo docker-compose up --no-start
someone with more knowledge to correct me if im wrong here,
just simply docker-compose pull and then up --no-start, should technically work , to update, and not overwrite the existing configuration -
-
Thanks I will have to give this a try when a update does get release. I just wanted to make sure because I noticed installing via docker rather than directly to the firewalla it lost the settings option to update. Originally I installed it wrong and was told when rebooting I'd lose the install. The way I installed it before had a option to update in the settings of adguard home.
I just SSH'd in before and ran this single script.. it worked but lost it upon reboot.
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
All this linux/ssh/docker stuff confuses me I wish Firewalla would just implement toggles to automatically install docker containers like the gl.inet firewalls. I'd get one of those but their specs suck;D
-
@Kyle,
no problems, if I recall, one of the steps mentioned on one of the pihole or something had users explicitly mentioned that,oddly, even when I rebooted my purple [ power off/ unplug the power and replug ] , my config sticks, not updating mind you, just in the event of [ power failure, my stuff works, after powering up and obtaining my ISP's GNAT ]
but again, as the reconfiguration isn't that hard to do, [ 1hr of downtime ] , every couple of months I would refresh the purple and take stock,
that means referencing this guide ive mashed together quite [ frequently ]
im glad you managed to go about implementing the Adguard home, instead of bang on table, like some brat in the other forums in Firewalla,
Btw, for those who chance upon to this thread/ posting, and considering Purple or Gold S.E
Firewalla Purple is definitely Great for home security AND as a travel router,
however, that said,
What Kyler mentioned about Gl-iNet, works equally well if not far better, as travel router with more flexibility- Slate AX (GL-AXT1800) would be honestly just set and forget type , with Adguard Home built right in,
in terms of expandability for security, ranked, imho
1) Gold S.E just on specs and pricing , which you can remote anywhere in the world2) Purple for more flexible travel router +/ home security portal
followed by
3) GL-AXT, base of future proofing and ports
[ Gl-iNet : https://www.gl-inet.com/products/gl-axt1800/ ]
ive travelled extensively back to my spouse's home town, and I can assure folks, base on real life experience, Purple will always be the fall back router, at the moment, before I purchase Gl-iNet , for travel, in the up coming months
the ability to simply use type C USB cable to a fairly capable GaN charger 60W, preferrably , gives more me and my family more security [ aside from home error ]
and to dive and expand further, within this topic [ travel / adblocking / security ] those folks who can only get one or the other, may consider Asus wifi routers, supported by asusmerlin, custom scripts, that can be installed with [ amtm ] with [ adguard home ] via ssh [ as mentioned by Kyler and the tons, this really. needs to be mainstream more as the amount of crap I see going through my Purple is insane ]
should anyone need more information [ not that I'm great, just experienced in failures haha ] , just post here or ping me directly
cheers,
j , from SG
Please sign in to leave a comment.
Comments
12 comments