In the realm of networking and privacy, two powerful tools merge to enhance control and security: Pi-hole and LXC (Linux Containers).
Pi-hole, a network-wide ad blocker, and LXC, a lightweight virtualization solution, are instrumental in fortifying network infrastructure and optimizing resource utilization. Together, they offer a potent combination for users seeking to bolster their privacy, enhance browsing experiences, and streamline network management. Let’s explore the capabilities of Pi-hole and LXC, and how they synergize to create robust and efficient network environments.
Installing Debian
Before we continue installing Pihole, lets assume you already have a working proxmox cluster or atleast one node.
To get debian installed we’ll first download the latest debian lxc,
Go to your proxmox node where you wish to install Pihole on, select your “local” drive, and finely go to the tab “CT Templates”
Here you got 3 choices:
You either upload the template you downloaded to your PC, Download directly from an URL, or go thru the list of readily available for Proxmox.
For ease of use we’ll use the latest available Debian LXC container from the Templates. Press download and in no time (literally if you have a somewhat decent internet connection) you are good to go.
In my case it took around 30 seconds.
Installing LXC container
Now that we have our LXC Template downloaded its time to install our first LXC container.
In the upper right corner we can create a new container by clicking the “Create CT” button
On the first tab you can chose the “Node” you want to install the LXC container on, give it an “CT ID” and its “Hostname”.
Of course don’t forget to enter a secure password here.
Next we select the template we downloaded
In the “Disks” tab, its time to allocate the disk size. I recommend 16Gb, If you run low in space 8Gb will do just fine. If you have multiple drives installed you can also change its location here if you would like.
For this LXC 1 Core will do just fine, as is 2048GB of RAM. Note that this is the maximum the container can use. This is not allocated all the time to it.
In the network tab we’ll set our static ip and the physical port to be used (in case you have multiple lan ports available).
If you set a static ip on your router you should chose DHCP here (recommended). For local networking it’s adviced to disable IPv6.
In the DNS settings be carefull not to create loops in DNS.
In this case just leave as is as we’ll define the DNS in pihole.
Confirm and start the LXC container.
Installing PiHole
Open your newly created containers shell (terminal).
Login with root and the chosen password.
Now we can run some updates, and if you wish you could create a new user.
apt update && apt upgrade -y
Depending on the container’s template this can take a while.
Once the updates are complete we’ll download the installer script using curl, and run the bash command. Note that we’ll first need to install curl.
apt install curl -y
curl -sSL https://install.pi-hole.net | bashOnce the installer starts you’ll get a few notice windows where all you need to do is press OK (enter).
Ignore the Static IP warning, you’ve either set this in proxmox or your router.
Do note that a STATIC IP is required to operate poperly.
Select your preferred& upstream DNS provider, I prefere Cloudflare but you can take whatever you desire.
Now on to the blocklists, we’ll add more in the future but for starting of we’ll just accept the standard provided once. And say yes to all the following screens unless you wish to install them manually.
You can chose your level of logging in the next screen, if you are running this in the cloud i’d suggest you go for one of the latter.
in my case i’m running locally and want full logging.
Now that all configuration has been done the installation will take a few seconds, afterwards we are rewarded with the endscreen that includes the webui’s password. We’ll replace this password STAT.
Press ok and continue on to the console.
Here we’ll replace the webui’s Password with a stronger one.
Configuring Pi Hole
Open your browser and browse to the ip you gave your Pi Hole LXC instance.
If you get the page like above you forgot to add /admin after the IP address of the PI.
Now all you have to do is either set your main DNS in your router to the IP address of the PI-hole container, or set every single device you wish to use it seperatly.
Congratulations your network wide adblocker is installed and up and running. if you chose to set your routers DNS to the pihole the effects might take longer.
As stated earlier we’ll need to add a few more blocking rules before we are actually blocking what we want. To add more block lists go to the tab called “adlists”. Here you can add as much lists as you wish.
You can find blocklists all over the web, but here is a site that has some: https://avoidthehack.com/best-pihole-blocklists
Conclusion
In conclusion, the installation and use of Pi-hole represent a significant stride towards fortifying network security, enhancing privacy, and improving the browsing experience. As a powerful network-wide ad blocker, Pi-hole offers granular control over online content, effectively mitigating intrusive advertisements and potential security threats at the DNS level. Its user-friendly interface and extensive community support make it accessible to users with varying levels of technical expertise.
By leveraging Pi-hole, individuals and organizations can reclaim control over their online environments, reduce bandwidth usage, and safeguard their devices against malicious content. Whether deployed on a home network or within enterprise settings, Pi-hole stands as a testament to the efficacy of open-source solutions in addressing contemporary challenges of online privacy and security.
As the digital landscape continues to evolve, Pi-hole remains a steadfast ally in the pursuit of a safer, more streamlined online experience. Its versatility, coupled with its commitment to user empowerment, underscores its enduring relevance in an era marked by increasing concerns over data privacy and online security. Embracing Pi-hole is not just a technological choice; it is a proactive step towards reclaiming sovereignty over one’s digital footprint and fostering a more secure and enjoyable online ecosystem.