Raspberry Pi, pihole, unbound, nginx, doh-server: some quick notes
Some quick thoughts, mainly to remind me, as I run through a pi-hole migration.
Install pihole
Here.
Change the password to something stronger:
pihole -a -p
Install unbound
Here.
Install nginx
Here.
Remember to add user www-data
to group pihole
:
usermod -a -G pihole www-data
Reboot.
(If you don’t do this, you will not be able to import settings from a previous Pi-Hole instance, or add new ad lists.)
DNS-over-https
Server-side
The gist is here.
I compiled from source.
Install go. For a Raspberry Pi, you’ll want the arm64 version.
Then install the doh-server.
Do not do the doh-client config bit; switch back to the original guide.
When done, enable it via systemd
:
systemctl enable --now doh-server
Client-side
Here’s the .mobileconfig profile I use for Apple devices - it works on my iPhone, and seemingly on my Apple TV too.
For my Debian machine, I followed “Step 6: Configure DoH Client on Debian Desktop” from here. Warning - this site has (had?) some dubious adverts, if you browse it before your ad blocker is working.
The gist is:
- install dnscrypt-proxy
- add the details for your doh-server, and add the stamp from https://dnscrypt.info/stamps/. (Don’t forget to change the generator from dnscrypt to doh, else you’re not generating the correct stamp.)
You may also like:
- DNS-over-https on macOS and iOS
- YouTube (and other video sites) without the irritations: integrating yt-dlp and jellyfin, with a web interface
- Migrating mastodon to a Raspberry Pi 4
- A change of plan: why you wont be able to vote for me for the Nominet board
- I am standing for election as a Nominet non-executive director
- Internet access via iPhone's personal hotspot on Lubuntu 21.04