Table of Contents
Pi-Hole - Setup Pi-Hole running in LXC - Not Working
TODO: These instructions do not work completely.
Best to not use lxc-xxxx but instead the lxc xxxx instructions.
Create an LXC Container
lxc-create -t download -n pihole -- --keyserver hkp://p80.pool.sks-keyservers.net:80 -d ubuntu -r xenial -a amd64
NOTE: Some versions of lxc allow this, which would replaced the installation of additional packages below:
lxc-create -t ubuntu -n pihole -- -r bionic --package=cron,curl,wget,openssh-server,vim,ping,ca-certificates
Start the Container
lxc-start -n pihole
Check the status
lxc-info -n pihole
Get a Shell inside the Container
lxc-attach -n pihole
Install additional packages
sudo apt install cron curl wget openssh-server vim ca-certificates
NOTE: Some of these additional packages may already be installed. Not a concern.
The ca-certificates package is needed to prevent errors later with curl.
Without this, errors such as: curl: (60) SSL certificate problem: unable to get local issuer certificate may be seen.
Of course, this package, as well as any other package can be installed later with commands such as:
apt install ca-certificates
Check the Network
Ensure that LXC is configured properly in that it is able to access the internet.
ip a
Determine the IP subnet.
Try to ping.
ping 192.168.1.1 -c 1
NOTE: Change the ping address as needed to the correct subnet.
LXC should ideally be configured in macvlan mode:
See Make your LXD containers get IP addresses from your LAN using macvlan
Install Pi-Hole
curl -sSL https://install.pi-hole.net | bash
or
curl -sSL https://install.pi-hole.net -o pihole.sh
NOTE: The 2nd option here just downloads the script. It does not actually install Pi-Hole until it is run.
This is a little safer, as it allows you to check the code in the script against trojans etc. Once you are sure it is okay then run:
bash pihole.sh
Select the defaults until the DNS screen and then choose Cloudflare as your DNS.
- Accept all the rest of the defaults and be careful not to change them. This will assure that you get the admin web interface and that statistics are logged.
- The installation will continue for a few minutes after you answer the prompts.
- After your installation completes, you will receive a message telling you to set up the DHCP settings on your router to make the address of your Pi-Hole the primary DNS for your network.
- That will insert the Pi-Hole as the “man-in-the-middle” to scrutinize all DNS names before they are either passed to the Internet or “Pi-Holed”.
When you return to the prompt in the terminal session, enter the following command to set your Pi-hole password:
pihole -a -p
Have the LXC Container Start Automatically
By default, LXC containers may not start automatically.
To fix this, edit the container config file:
- /var/lib/lxc/pihole/config
lxc.start.auto = 1 lxc.start.delay = 1
NOTE: Autostart is mainly used to select which containers to start.
When the host system boots, LXC decides the order and the delay between each startup.
In this case:
- The first line actually does the autostart.
- The second line is optional and will delay the start of this container to give the current container time to begin initialization and reduce overloading the host system.