Pi-hole setup(docker) for ad blocking

Recently, I set up Pi-hole for network-wide ad blocking, starting with the goal of blocking ads on TV subscriptions like JioHotstar, YouTube, and other video streaming platforms.

Disclaimer: This didn’t work for streaming services, since their CDNs now frequently change and serve content and ads from constantly rotating domains.

Still, Pi-hole is a powerful tool for disabling redundant ads. What impressed me most was how it blocked about 20% of all requests sent from my devices. Even without noticing issues, it was eye-opening to analyse online activity across my home network. I could see just how many unnecessary requests my devices make — when I connected my laptop for five minutes while idle, it sent over 400 requests.

I highly encourage anyone with a Raspberry Pi to set up Pi-hole. It’s a great way to gain insight into your network activity and enjoy a cleaner web experience. I’ll follow up this post with a new blog about using PiVPN and WireGuard, though there are a few nuances I missed—currently, the tunnel isn’t working properly.

Get started

Install docker and docker-compose

sudo apt install docker docker-compose

Add the user to the group:

$USER
sudo usermod -aG docker $USER

Then, either log out and log back in or restart the system to apply group membership changes.

Link to repo

Copy the docker-compose.yml file:

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "80:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "443:443/tcp"
      # Uncomment the line below if you are using Pi-hole as your DHCP server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'Europe/London'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'correct horse battery staple'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped

Make sure the Docker daemon is actually running before you run the compose command.

sudo systemctl status docker
sudo systemctl restart docker

If the status is active, run the following command in the directory you created the docker-compose.yml file:

sudo docker-compose up -d

It will pull all the images, after successful installation, run:

docker ps

If you see the pi-hole container is running, open a new tab in your preferred web browser. Before that:

Get the PI IP:

hostname -I

Copy the first local IP address of your Pi. Then type:

<PI_IP_ADDRESS>/admin

into the web browser.

You will need to log in using an existing account. The password is given in the docker-compose.yml file under the variable: FTLCONF_webserver_api_password: 'correct horse battery staple'

Copy the password and log in.

Connecting devices:

In mobile:

Wifi -> Advanced Settings -> DHCP -> Manual

Then, on the DNS-1 server, add your Pi IP address you just copied. Then save it.

Look into the client connection in the Pi-Hole dashboard. You will see the connected device IP address.

In a laptop:

Wifi -> Connection Manager -> Update the DNS there.

Adding custom blocklist

If you go to Lists in the dashboard, you can already see a list added by the Pi-Hole team. An extensive list. You can find more lists on GitHub and the internet. You can add an allowlist and a blocklist to the connections based on your needs.

Some of the lists I use:

• https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt
• https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/youtubelist.txt
• https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/crowed_list.txt
• https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

After you add this list as a blocklist, go to tools -> update gravity -> update

Now we have successfully added a custom list as well. Now you can monitor your network by device. Which are sending which, why, what type of request and more.

The current setup is enough to play around with the tool, thus figure out and break things, and explore other solutions. Mantra: "Use this until it breaks down". Use this as a monitoring tool heavily rather than an ad blocker. There are hidden gems there.