Pi-Hole - Setup Pi-Hole running in LXC - Not Working

TODO: These instructions do not work completely.

Best to not use lxc-xxxx but instead the lxc xxxx instructions.

Create an LXC Container

lxc-create -t download -n pihole -- --keyserver hkp://p80.pool.sks-keyservers.net:80 -d ubuntu -r xenial -a amd64

NOTE: Some versions of lxc allow this, which would replaced the installation of additional packages below:

lxc-create -t ubuntu -n pihole -- -r bionic --package=cron,curl,wget,openssh-server,vim,ping,ca-certificates

lxc-start -n pihole

lxc-info -n pihole

lxc-attach -n pihole

sudo apt install cron curl wget openssh-server vim ca-certificates

NOTE: Some of these additional packages may already be installed. Not a concern.

The ca-certificates package is needed to prevent errors later with curl.

Without this, errors such as: curl: (60) SSL certificate problem: unable to get local issuer certificate may be seen.

Of course, this package, as well as any other package can be installed later with commands such as:

apt install ca-certificates

Ensure that LXC is configured properly in that it is able to access the internet.

ip a

Determine the IP subnet.

Try to ping.

ping 192.168.1.1 -c 1

NOTE: Change the ping address as needed to the correct subnet.

LXC should ideally be configured in macvlan mode:

curl -sSL https://install.pi-hole.net | bash

curl -sSL https://install.pi-hole.net -o pihole.sh

NOTE: The 2nd option here just downloads the script. It does not actually install Pi-Hole until it is run.

This is a little safer, as it allows you to check the code in the script against trojans etc. Once you are sure it is okay then run:

bash pihole.sh

Select the defaults until the DNS screen and then choose Cloudflare as your DNS.

Accept all the rest of the defaults and be careful not to change them. This will assure that you get the admin web interface and that statistics are logged.
The installation will continue for a few minutes after you answer the prompts.
After your installation completes, you will receive a message telling you to set up the DHCP settings on your router to make the address of your Pi-Hole the primary DNS for your network.
That will insert the Pi-Hole as the “man-in-the-middle” to scrutinize all DNS names before they are either passed to the Internet or “Pi-Holed”.

When you return to the prompt in the terminal session, enter the following command to set your Pi-hole password:

pihole -a -p

By default, LXC containers may not start automatically.

To fix this, edit the container config file:

lxc.start.auto = 1
lxc.start.delay = 1

NOTE: Autostart is mainly used to select which containers to start.

When the host system boots, LXC decides the order and the delay between each startup.

In this case:

The first line actually does the autostart.
The second line is optional and will delay the start of this container to give the current container time to begin initialization and reduce overloading the host system.