Advertisers Hate This One Weird Trick

Pi-hole without A Raspberry Pi

Yes, you can absolutely run a Pi-hole without a Raspberry Pi.
Yes, you can absolutely install Pi-hole on to your laptop and take it with you.

Pi-hole to go! Yummy!

If you like the network-wide protection your home pi-hole provides against adverts, domains that are known phishing sites, or domains that are known to serve malware, then you are going to love finding out that you can have a local laptop install of pi-hole and take it with you wherever you go.

Just you, and your laptop. Nothing else.

A local laptop install of pi-hole can, in addition to other precautions, boost your protection if you are out and about in cafes, hotels and airports.

I’m going to cover installing a Docker powered Pi-hole on Windows and Linux systems.

At the very end of this article I will mention how a Pi-hole can protect you from the latest Google’s manifest V3 threat to your personal privacy.

Windows Laptops

Prerequisites

Prerequisite 1) Docker Desktop

Head over to docker.com and install Docker Desktop.
https://www.docker.com/products/docker-desktop/

Prerequisite 2) Autostart Windows

Ideally after installation you should enable autostart for Docker Desktop.

This ensures that you can still access webpages. Pi-hole will resolve all of your website/DNS requests, if the Pi-hole docker container is off then you won’t be able to visit webpages.

You also need to make a change in Docker Desktop settings, make sure that you check the ‘Start Docker Desktop when you log in‘ box.

Pull Official Pi-hole Docker Image

We are going to use the official Pi-Hole Docker image, use their docker-compose.yml with a minor modification. Head over to https://hub.docker.com/r/pihole/pihole to find out more about the official Pi-hole Docker Image.

The rest of this article fills in the gaps so that you can have Pi-hole up and running on your PC.

Open up a command prompt and run the pull command.

C:\Users\goodboy>docker pull pihole/pihole
Using default tag: latest
latest: Pulling from pihole/pihole
31b3f1ad4ce1: Pull complete
2cf454ba7aa0: Pull complete
4f4fb700ef54: Pull complete
d5d1e33c70cc: Pull complete
82b13da8209d: Pull complete
48e71cb85034: Pull complete
Digest: sha256:aa6140856dfc67f3ae36c352e30903f944e4e220699ffeeaf6b85235b2d84c95
Status: Downloaded newer image for pihole/pihole:latest
docker.io/pihole/pihole:latest

C:\Users\goodboy>

Docker Compose File

We want to run Pi-hole only locally on your laptop and not as a wider network service.
The docker-compose.yml file below is taken from the example docker-compose.yml file on the official Pi-hole docker page but with all DHCP references removed.

You should change the time zone, and add your own ‘WEBPASSWORD‘ password. You will use this password later to access the Pi-hole admin page.

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      WEBPASSWORD: 'choose a password'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'    
    restart: unless-stopped

Create a new folder/directory (also referred to a ‘docker context’), anywhere on your user account and create the file with name ‘docker-compose.yml’ and add the above content.

Open up a command prompt and run the command ‘docker-compose up –detach‘ .

C:\Users\goodboy\pihole>docker-compose up --detach
[+] Running 2/2
 - Network pihole_default  Created                                                                                 0.9s
 - Container pihole        Started                                                                                 2.0s

C:\Users\goodboy\pihole>

If you check your Docker Desktop you should see a Pi-hole container running.

Check For Admin Page

Before we finalise your Pi-hole network settings lets check that your Pi-hole is actually running.

Open a web browser and visit the following local webpage ‘http://localhost/admin/, you should bookmark this for convenience.

Login with the password you chose in the docker-context.yml file above.

You should be met with the Pi-hole admin page.

Modify Windows Network Settings

The final step is to let windows know it should use your Pi-hole to run DNS requests.

This isn’t a permanent change and you can always change this back, but, because it’s semi-permanent you need to make sure that docker starts up when windows starts up so that your web browsers have a target to make DNS requests.

Open up control panel, and select ‘Network and Sharing Center‘.

Then select ‘Change adapter settings‘.

You should do the following steps for each adapter you use to connect to the internet.
I’m going to do this to my Wi-Fi adapter as that is the only way I connect to the internet.

Right click on your adapter and select ‘Properties

Select ‘Internet Protocol Version 4(TCP/IPv4)‘ and click ‘Properties

Since we are running Pi-hole locally on our laptop, we need to point our ‘Preferred DNS server‘ to our local loopback IP address. Select the ‘Use the following DNS server addresses:‘ radio button, and add the address ‘127.0.0.1‘ to ‘Preferred DNS server:

Click okay. If you go back to your pihole admin page ‘http://localhost/admin/‘ and log in, you should
see that the Pi-hole is immediately taking DNS requests and protecting you.

If your internet ever drops out, if your docker fails, return your adapter settings to the values before or even set the ‘Obtain DNS server address automatically‘ radio button.
Caution: You will no longer be protected by Pi-hole in this case.

VPN compatibility

A portable Pi-hole in your bag is one great advantage.

The other advantage of running docker directly from your local laptop is that suddenly you have Pi-hole protection when connecting to your VPN provider. ProtonVPN, NordVPN, whichever other VPN provider you user, via their VPN apps or OpenVPN, your web browser will make a DNS request to your local Pi-hole before tunneling through your VPN.

Pi-hole working with VPN? Cool eh? Well…. enjoy your Pi-hole.

Linux Laptops

I’m working on Debian based systems, so Ubuntu and Linux Mint and will cover installing a laptop portable Pi-hole for these systems.

Prerequisites

Prerequisite 1) Docker

There are two options for you here. You could go ahead and install Docker just to be used from the command line (which I prefer), or with Docker Desktop.

Option 1) Docker Install Without Docker Desktop

Open up a terminal and update your system.

[email protected]:~$ sudo apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Ign:2 http://packages.linuxmint.com vanessa InRelease                                                                                                                                                                                        
Get:3 http://packages.microsoft.com/repos/code stable InRelease [10,4 kB]                                                                                                                                                                    
Hit:4 https://brave-browser-apt-release.s3.brave.com stable InRelease                                                                                        
Hit:5 https://repo.protonvpn.com/debian stable InRelease                                                                                                     
Get:6 http://packages.linuxmint.com vanessa Release [24,1 kB]                                        
Hit:7 http://archive.ubuntu.com/ubuntu jammy InRelease                                  
Get:8 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB]
...
...
...
Fetched 2.670 kB in 5s (505 kB/s)             
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
50 packages can be upgraded. Run 'apt list --upgradable' to see them.
[email protected]:~$ 

You are ready to install Docker. Run the following command and don’t forget the astrix ‘*’, the astrix catches all necessary docker packages.

 sudo apt install docker*

Your output should look something like the following. I have removed a lot of output to keep it neat.

[email protected]:~$ sudo apt install docker*
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'docker-compose' for glob 'docker*'
Note, selecting 'docker.io-doc' for glob 'docker*'
Note, selecting 'docker2aci' for glob 'docker*'
Note, selecting 'docker-doc' for glob 'docker*'
Note, selecting 'docker-ce' for glob 'docker*'
Note, selecting 'docker.io' for glob 'docker*'
Note, selecting 'docker' for glob 'docker*'
Note, selecting 'docker-clean' for glob 'docker*'
Note, selecting 'docker-registry' for glob 'docker*'
Note, selecting 'docker-doc' instead of 'docker.io-doc'
The following additional packages will be installed:
...
...
...
Need to get 74,3 MB of archives.
After this operation, 311 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Let’s check if docker is installed.

[email protected]:~$ docker --version
Docker version 20.10.12, build 20.10.12-0ubuntu4
[email protected]:~$ 

Okay, we are ready to continue.

Option 2) Docker Install With Docker Desktop

You do also have the option to instead install Docker Desktop on your linux machine.
Follow the instructions at the following ling to do this.

https://docs.docker.com/desktop/install/linux-install/

Prerequisite 2) Autostart Linux

As noted at https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot
on Debian and Ubuntu based systems, the Docker service is configured to start on boot by default.
To setup autostart for non Debian systems please read the above link.

Pull Official Pi-hole Docker Image

As in the Windows case, run the following command to pull the official Pi-hole image.

[email protected]:~$ docker pull pihole/pihole
Using default tag: latest
latest: Pulling from pihole/pihole
31b3f1ad4ce1: Pull complete 
2cf454ba7aa0: Pull complete 
4f4fb700ef54: Pull complete 
d5d1e33c70cc: Pull complete 
82b13da8209d: Pull complete 
48e71cb85034: Pull complete 
Digest: sha256:aa6140856dfc67f3ae36c352e30903f944e4e220699ffeeaf6b85235b2d84c95
Status: Downloaded newer image for pihole/pihole:latest
docker.io/pihole/pihole:latest
[email protected]:~$ 

Docker Compose File

Create And Run Docker Compose File

We’re going to use the same docker-compose.yml file as we did before. Here it is again.

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      WEBPASSWORD: 'choose a password'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'    
    restart: unless-stopped

Save this file in a directory/folder, again usually referenced to as a docker context.
Then run the command ‘docker-compose up –detach’.

[email protected]:~/pihole$ docker-compose up --detach
Creating network "pihole_default" with the default driver
Creating pihole ... 
Creating pihole ... error

ERROR: for pihole  Cannot start service pihole: driver failed programming external connectivity on endpoint pihole (daf6fe4a4b196b99572098bece676988056341f86dd260cd4a3bc0ad4647a153): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use

ERROR: for pihole  Cannot start service pihole: driver failed programming external connectivity on endpoint pihole (daf6fe4a4b196b99572098bece676988056341f86dd260cd4a3bc0ad4647a153): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use
ERROR: Encountered errors while bringing up the project.

Now… I thought it was going to run smoothly. From the above output it is clear it did not. You will most likely face the same issue on your linux machine so were going to run through troubleshooting this. Lets run netstat and see what is hogging port 53.

[email protected]:~/pihole$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      576/systemd-resolve 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           576/systemd-resolve 

Well, well, well… if it isn’t systemd-resolve.

Manage The Port 53 Conflict

If you look at the documentation for systemd-resolve you will see that it is a ‘Network Name Resolution manager’, which is exactly what Pi-hole is. No wonder there is a conflict.

The Pi-hole Docker documentation covers this, as can be read here.

WARNING: Managing this conflict will remove DNS resolution until your Pi-Hole is up and running!! Make a local copy of these instructions before continuing.

Step 1) Disable The Stub Resolver

You can edit the ‘/etc/systemd/resolved.conf’ directly or run the following command.

sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf

I would open up ‘/etc/systemd/resolved.conf’ and double check anyway.

Step 2) Change The resolv.conf Sym Link

Run the following command.

sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'

Step 3) Restart systemd-resolved

Run the following command.

systemctl restart systemd-resolved

Continue Installing Pi-hole

At this point your machine won’t be able to resolve DNS requests, and so will have no real internet access until we finish installing Pi-hole.

Step1) Re-run Docker Compose Up

[email protected]:~/pihole$ docker-compose up --detach
Starting pihole ... done
[email protected]:~/pihole$ 

That worked quite well.

Step 2) Modify Linux Network Settings

This may vary for your machine. I got to this place by left clicking on my network icon and clicking network settings.

Set your DNS to your local machine.

Access Pi-hole Admin Page

I was expecting to be able to access the Pi-hole admin page using ‘localhost/admin/’, but it turns out you need to use the host address under network settings to view your admin page.

Doesn’t seem right, and i’ll continue to look in to this. If you know why, let me know in the comments section.

It does work, here it is taking DNS requests.

VPN

If you are running a VPN, if you set your DNS to your machine IP the Pi-hole also works.
Again, I though using ‘127.0.0.1’ would work too.

Google Manifest V3 & Ad Blockers

Considering Google’s entire business model is to track you, create profiles, and push adverts to you it is clear why they have made it near impossible for you to prevent them from doing this in any chrome based browser, that included ‘Microsoft Edge’. Of course, they try to sell this to you as something ‘for your own protection’ LOL.

Previously in the old Chrome Manifest V2 the API webRequest was available to Chrome extension developers. webRequest is the backbone of all Ad Blocker / Tracker Blocker Chrome extension technology and without it in browser Ad Blockers will be affected, which will severely limit what Ad Blockers can do and harms your privacy – some extensions will just not work at all.

Pi-hole implements network level blocking, which your browser has no control over.

What can you do? Three options.

  • Install a Pi-hole in your home network with a Raspberry Pi or another cheap computer.
  • Install a Docker powered Pi-hole on your personal laptop or computer.
  • Switch to a browser that will continue to support the webRequest API. Download Firefox.

Why not all three? I do, and it works really well. My preference is Brave Browser which, although does use Manifest V3, does have inbuilt tracker and advert blocking.

If you want further protection for your phone, consider using https://grapheneos.org/ and buy a second cheap phone for any Google authentication you need.

I know… as a small website that runs adverts to support itself, I am shooting myself in the foot giving you this advice – but I hope with the freedom of choice, you will control which adverts and which websites you choose to support and add to your whitelist. 😉

%d bloggers like this: