sambuc/pi-hole
1
0
Fork 0
generated from sambuc/tpl.docker-compose
Code Issues Pull Requests Projects Releases Wiki Activity
Files
53305794569f7014226ed2df02993bd460da5e5d
pi-hole/docker-compose.yml

60 lines
2.4 KiB
YAML
Raw Blame History

version: "3.8"
networks:
proxy_infra:
external: true
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
image: pihole/pihole:latest
ports:
# LSC: I am not relying on Traefik to proxy DNS, in order to not loose
# name resolution when restarting the reverse proxy.
- "53:53/tcp"
- "53:53/udp"
# LSC: No need for DHCP, already handeld.
# This is for BOOTP, taken over by DHCP.
#- "67:67/udp"
# Web UI handled through Traefik
#- "9000:80/tcp"
environment:
TZ: "Europe/Zurich"
WEBPASSWORD_FILE: "/webpassword"
# Volumes store your data between container upgrades
volumes:
- "./conf/webpassword:/webpassword:ro"
- "./etc-pihole/:/etc/pihole/:rw"
- "./etc-dnsmasq.d/:/etc/dnsmasq.d/:rw"
- "./etc-pihole-updatelists:/etc/pihole-updatelists/:rw"
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# LSC: Commented out, DHCP already handeld
#cap_add:
# - NET_ADMIN
restart: always
networks:
- proxy_infra
- default
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy_infra"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.permanent=true"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.regex=https://${FQDN}/?$$"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.replacement=https://${FQDN}/admin"
# Priority goes from first in the list to last.
- "traefik.http.middlewares.pihole.chain.middlewares=headers-base@file,headers-sts@file,headers-policy-self@file"
# Pi-Hole
- "traefik.http.routers.pihole.service=pihole"
- "traefik.http.routers.pihole.entrypoints=web-secure"
# Do not filter on prefix, otherwise the redirect does not work...
- "traefik.http.routers.pihole.rule=Host(`${FQDN}`)"
- "traefik.http.routers.pihole.tls=true"
# Not using Letsencrypt, as this service is not accessible from outside
# the LAN, and no wildcard domain certificate yet.
#- "traefik.http.routers.pihole.tls.certresolver=letsencrypt"
- "traefik.http.routers.pihole.middlewares=pihole,net-home@file,auth-traefik@file,pi-hole-redirect"
Reference in New Issue View Git Blame Copy Permalink