Does anyone have a list of quick steps
# netmakerb
blue-painting-27230
03/22/2023, 7:17 AMDoes anyone have a list of quick steps to setup pihole alongside netmaker on the same host?
Got a fully functioning netmaker setup, and want to basically replace coredns on it with pihole, can I basically just comment out the coredns lines in the docker compose and run a pihole docker instead?
j
jolly-london-20127
03/22/2023, 9:01 AMthe coredns doesn't really get used much at all, we mostly set /etc/hosts file for dns entries on the netclient
jolly-london-20127
03/22/2023, 9:01 AMthe only way to use a dns server right now is with the ext clients
jolly-london-20127
03/22/2023, 9:01 AMfor those you can just set the "default ext client dns" field on the network, and the ext clients will get the DNS= entry
jolly-london-20127
03/22/2023, 9:02 AMso you would just set that to your pihole address
b
blue-painting-27230
03/23/2023, 7:00 AMThe issue is that I want to run pihole on the same host, and since coredns is hogging port 53 that's a bit of an issue, and if I comment out the coredns lines in docker-compose and run pi-hole instead, everything seems to break 🤔
blue-painting-27230
03/23/2023, 7:45 AMSetting coredns to not use 53 (mapping it to 54) seems to let netmaker start, but having pi-hole on port 53 now and setting my DNS to the address of the netmaker server seems to just keep using coredns/redirect it to the default fallback DNS for coredns
j
jolly-london-20127
03/23/2023, 11:07 AMYou should be able to run without CoreDNS just fine. However, you should set DNS_MODE=off in the docker-compose
jolly-london-20127
03/23/2023, 11:08 AMby default, we do some port forwarding where DNS requests on the private network automatically route to netmaker, setting DNS_MODE to off should resolve that
b
blue-painting-27230
03/23/2023, 11:47 AMI set DNS_MODE to off, but it doesn't seem to change anything, though I'm not sure if setting that will make the DNS tab in the webui show that DNS is off?
If I comment out all of coredns the DNS tab will show as DNS Off, but all my nodes and stuff just disappear when I do that
j
jolly-london-20127
03/23/2023, 12:44 PMthat shouldn't happen...we run without coredns pretty regularly and it doesn't affect anything; there must be something else getting changed
b
blue-painting-27230
03/23/2023, 1:10 PMNeat, I'll experiment a bit and report back
blue-painting-27230
03/23/2023, 6:01 PMSo the DNS tab not going to off I think might be related to me having set it up with the quick and the vpn setup argument. Did a clean install without that and I can set DNS_MODE to off and it seems to behave as it should.
However.. When I comment out the CoreDNS lines in my docker-compose, it seems like everything breaks and even though I've set it up with an account and all, I get sent to the create and admin prompt, which if I fill out fails to reach server and refreshing gives me connection refused, a ctrl+shift+r brings me back to the create admin prompt.
Uncommenting the CoreDNs lines brings me to the normal login and everything seems fine
j
jolly-london-20127
03/23/2023, 6:04 PMvery strange...i dont know why you'd be experiencing that. CoreDNS just sort of sits there for the most part, and netmaker just writes to a file that coredns picks up
b
blue-painting-27230
03/23/2023, 6:04 PMnetmaker | [netmaker] Fatal: Unable to initialize iptables on host: lookup coredns on 127.0.0.11:53: no such hostblue-painting-27230
03/23/2023, 6:05 PMFollowed by exited with code 2
j
jolly-london-20127
03/23/2023, 6:05 PMahhhh, this is something we removed in the new version
jolly-london-20127
03/23/2023, 6:06 PMport forward services
jolly-london-20127
03/23/2023, 6:06 PMset PORT_FORWARD_SERVICES=""
b
blue-painting-27230
03/23/2023, 6:06 PMOh so removing the dns part for that might solve this
blue-painting-27230
03/23/2023, 6:06 PMMakes sense
j
jolly-london-20127
03/23/2023, 6:06 PMyeah
b
blue-painting-27230
03/23/2023, 6:06 PMThat did indeed let me login properly
blue-painting-27230
03/23/2023, 7:05 PMNeat got it all figured out
blue-painting-27230
03/23/2023, 7:05 PMDid a quick writeup for what I had to do to configure everything as a pihole'd vpn:
Copy code
So if anyone stumbles over this when searching, this is what I did to get pihole working with netmaker as a vpn:
Install netmaker as normal with the installer script on github, after it is up and running and you've confirmed that it works do the following:
Stop the containers (docker-compose down)
Edit the docker-compose.yml:
1. change 'DNS_MODE: "on"' to 'DNS_MODE: "off"'
2. change 'PORT_FORWARD_SERVICES: "dns"' to 'PORT_FORWARD_SERVICES: ""'
3. Comment out every line for coredns (you don't need it anymore, probably)
4. add a standard pihole setup from the pi-hole github instructions for pihole, but change ports 80 to 8080, and add 'WEB_PORT: 8080' under environment.
Start the containers again (docker-compose up)
Bash into the pihole container (docker exec -it pihole bash)
Set a new password for pihole (pihole -a -p) and exit it
Port forward 8080 if you haven't for pihole
Go into the pihole webui, and make sure DNS is set to allow only local requests
Run the command "docker network inspect root_default" on your server and find the IPv4Adress for your pihole docker
In the netmaker ui, setup a new network, and go to the newly created node and make it an ingress and egress node
Go to the newly created network, and set "Default Ext Client DNS" to the ip address for the pihole docker that you grabbed earlier
Add an external client, add it to your wireguard on your phone/laptop/smart toaster, and you're up and running with a pihole'd VPN.
Un-portforward your pihole webui, it can be accessed on the open internet currently, you want that to only be available when on vpnblue-painting-27230
03/23/2023, 7:07 PMI have no clue if that internal docker IP for pihole will change (I assume it might) but that's a problem for another time
8 Views