Skip to content

Instantly share code, notes, and snippets.

@jasiek

jasiek/docker-compose.yml

Last active February 21, 2025 15:21
Show Gist options
  • Save jasiek/ee68ce49bcaaa45aa1fa86dccb8e72f9 to your computer and use it in GitHub Desktop.
Save jasiek/ee68ce49bcaaa45aa1fa86dccb8e72f9 to your computer and use it in GitHub Desktop.
Download ZIP
Runs pihole with support for private DNS (Android) and DNS-over-HTTPS
Raw
docker-compose.yml
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
environment:
TZ: 'Europe/Warsaw'
WEBPASSWORD: 'yourpassword'
VIRTUAL_HOST: 'hostname.example.com'
IPv6: 'false'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`hostname.example.com`)"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.routers.pihole.tls.certresolver=myresolver"
- "traefik.http.routers.pihole.entrypoints=websecure"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.tcp.routers.dnstls.rule=HostSNI(`hostname.example.com`)"
- "traefik.tcp.routers.dnstls.tls=true"
- "traefik.tcp.routers.dnstls.tls.certresolver=myresolver"
- "traefik.tcp.routers.dnstls.entrypoints=dnstls"
- "traefik.tcp.routers.dnstls.service=dnstls"
- "traefik.tcp.services.dnstls.loadbalancer.server.port=53"
doh:
container_name: doh-server
image: satishweb/doh-server
environment:
UPSTREAM_DNS_SERVER: "udp:pihole:53"
DOH_HTTP_PREFIX: "/dns-query"
DOH_SERVER_LISTEN: ":8053"
DOH_SERVER_VERBOSE: "true"
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.doh.rule=Host(`hostname.example.com`) && Path(`/dns-query`)"
- "traefik.http.routers.doh.tls=true"
- "traefik.http.routers.doh.tls.certresolver=myresolver"
- "traefik.http.routers.doh.entrypoints=websecure"
- "traefik.http.services.doh.loadbalancer.server.port=8053"
traefik:
container_name: traefik
image: traefik:v3.0
ports:
- 443:443
- 853:853
dns:
- 8.8.8.8
- 1.1.1.1
restart: unless-stopped
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
- "./traefik.yml:/traefik.yml"
- "./dynamic.yml:/dynamic.yml"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment