sambuc/pi-hole
1
0
Fork 0
generated from sambuc/tpl.docker-compose
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d6b908a5923b03c15a9d14eec60ee360f3e0f63d
pi-hole/docker-compose.yml
Lionel Sambuc d6b908a592 chore: Upgraded to v6
2026-01-06 10:57:33 +01:00

70 lines
3.3 KiB
YAML
Raw Blame History

version: "3.8"
networks:
proxy_infra:
external: true
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
image: pihole/pihole:2025.11.1
ports:
# LSC: I am not relying on Traefik to proxy DNS, in order to not loose
# name resolution when restarting the reverse proxy.
- "53:53/tcp"
- "53:53/udp"
# LSC: No need for DHCP, already handeld.
# This is for BOOTP, taken over by DHCP.
#- "67:67/udp"
# Web UI handled through Traefik
#- "9000:80/tcp"
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: "Europe/Zurich"
FTLCONF_misc_etc_dnsmasq_d: 'true'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
FTLCONF_dns_listeningMode: 'ALL'
WEBPASSWORD_FILE: "/webpassword"
# Volumes store your data between container upgrades
volumes:
- "./conf/webpassword:/webpassword:ro"
# For persisting Pi-hole's databases and common configuration file
- "./etc-pihole/:/etc/pihole/:rw"
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- "./etc-dnsmasq.d/:/etc/dnsmasq.d/:rw"
- "./etc-pihole-updatelists:/etc/pihole-updatelists/:rw"
#cap_add:
# # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# # Required if you are using Pi-hole as your DHCP server, else not needed
# - NET_ADMIN
# # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
# - SYS_TIME
# # Optional, if Pi-hole should get some more processing time
# - SYS_NICE
restart: always
networks:
- proxy_infra
- default
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy_infra"
- "traefik.http.services.pi-hole.loadbalancer.server.port=80"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.permanent=true"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.regex=https://${FQDN}/?$$"
- "traefik.http.middlewares.pi-hole-redirect.redirectregex.replacement=https://${FQDN}/admin"
# Priority goes from first in the list to last.
- "traefik.http.middlewares.pi-hole.chain.middlewares=headers-base@file,headers-sts@file,headers-policy-self@file"
# Pi-Hole
- "traefik.http.routers.pi-hole.service=pi-hole"
- "traefik.http.routers.pi-hole.entrypoints=web-secure"
# Do not filter on prefix, otherwise the redirect does not work...
- "traefik.http.routers.pi-hole.rule=Host(`${FQDN}`)"
- "traefik.http.routers.pi-hole.tls=true"
# This service is allowed only inside the LAN, but a Let's Encrypt
# certificate is now required for access from Safari 15
- "traefik.http.routers.pi-hole.tls.certresolver=letsencrypt"
- "traefik.http.routers.pi-hole.middlewares=pi-hole,net-home@file,auth-traefik@file,pi-hole-redirect"
Reference in New Issue View Git Blame Copy Permalink