Merge pull request #893 from pi-hole/dev

Sync dev into master

.github/workflows/workflow_dispatch.yml

@@ -2,6 +2,10 @@ name: Build & Deploy custom image manually
 on:
   workflow_dispatch:
     inputs:
+      branch:
+        description: "Name of Branch to base build on"
+        required: false
+        default: dev
       name:
         description: 'Name of tag'
         required: true
@@ -30,7 +34,7 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v2
         with:
-          ref: dev
+          ref: ${{ github.event.inputs.branch }}
       - name: Patching Versions File
         run: |
           git checkout -b ${{ github.event.inputs.name }}

Dockerfile

@@ -8,8 +8,8 @@ ARG S6_VERSION
 ENV S6OVERLAY_RELEASE "https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-${S6_ARCH}.tar.gz"
 
 COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
+COPY VERSIONS /etc/pi-hole-versions
+ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
 
 RUN bash -ex install.sh 2>&1 && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/*

Dockerfile.py

@@ -20,12 +20,16 @@
 import os
 import sys
 import subprocess
+from dotenv import dotenv_values
 
-__version__ = None
-dot = os.path.abspath('.')
-with open('{}/VERSION'.format(dot), 'r') as v:
-    raw_version = v.read().strip()
-    __version__ = raw_version.replace('release/', 'release-')
+FTL_VERSION = None
+
+
+def read_pihole_versions():
+    global FTL_VERSION
+    dot = os.path.abspath('.')
+    config = dotenv_values('{}/VERSIONS'.format(dot))
+    FTL_VERSION = config['FTL_VERSION'].replace('/','-')
 
 
 def build_dockerfiles(args) -> bool:
@@ -60,12 +64,12 @@ def run_and_stream_command_output(command, environment_vars, verbose) -> bool:
 
 
 def build(docker_repo: str, arch: str, debian_version: str, hub_tag: str, show_time: bool, no_cache: bool, verbose: bool) -> bool:
-    create_tag = f'{docker_repo}:{__version__}-{arch}-{debian_version}'
+    create_tag = f'{docker_repo}:{FTL_VERSION}-{arch}-{debian_version}'
     print(f' ::: Building {create_tag}')
     time_arg = 'time' if show_time else ''
     cache_arg = '--no-cache' if no_cache else ''
     build_env = os.environ.copy()
-    build_env['PIHOLE_VERSION'] = __version__
+    build_env['PIHOLE_VERSION'] = FTL_VERSION
     build_env['DEBIAN_VERSION'] = debian_version
     build_command = f'{time_arg} docker-compose -f build.yml build {cache_arg} --pull {arch}'
     print(f' ::: Building {arch} into {create_tag}')
@@ -81,6 +85,7 @@ def build(docker_repo: str, arch: str, debian_version: str, hub_tag: str, show_t
 
 if __name__ == '__main__':
     args = docopt(__doc__, version='Dockerfile 1.1')
+    read_pihole_versions()
     success = build_dockerfiles(args)
     exit_code = 0 if success else 1
     sys.exit(exit_code)

Pipfile

@@ -58,6 +58,7 @@ Jinja2 = "==2.11.3"
 MarkupSafe = "==1.1.1"
 PyYAML = "==5.4"
 websocket_client = "==0.57.0"
+python-dotenv = "==0.17.1"
 
 [requires]
 python_version = "3.8"

README.md

@@ -36,7 +36,8 @@ services:
       - NET_ADMIN
     restart: unless-stopped
 ```
-2. Run `docker-compose up --detach` to build and start pi-hole
+2. Run `docker-compose up -d` to build and start pi-hole
+3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting
 
 [Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
 
@@ -103,7 +104,7 @@ There are other environment variables if you want to customize various things in
 | `ADMIN_EMAIL` | unset | email address | Set an administrative contact address for the Block Page |
 | `PIHOLE_DNS_` |  `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` |
 | `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support |
-| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Enable forwarding of reverse lookups for private ranges |
+| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges |
 | `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs |
 | `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
 | `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
@@ -122,6 +123,8 @@ There are other environment variables if you want to customize various things in
 | `TEMPERATUREUNIT` | `c` | `<c\|k\|f>` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
 | `WEBUIBOXEDLAYOUT` | `boxed` | `<boxed\|traditional>` | Use boxed layout (helpful when working on large screens)
 | `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not.
+| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light">`| User interface theme to use.
+| `WEBPASSWORD_FILE`| unset | `<Docker secret path>` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`.
 
 ### Advanced Variables
 | Variable | Default | Value | Descrption |
@@ -131,6 +134,8 @@ There are other environment variables if you want to customize various things in
 | `DNSMASQ_LISTENING` | unset | `<local\|all\|single>` | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified.
 | `WEB_PORT` | unset | `<PORT>` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
 | `SKIPGRAVITYONBOOT` | unset | `<unset\|1>` | Use this option to skip updating the Gravity Database when booting up the container.  By default this environment variable is not set so the Gravity Database will be updated when the container starts up.  Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up.
+| `CORS_HOSTS` | unset | `<FQDNs delimited by ,>` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`.
+| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
 
 ### Experimental Variables
 | Variable | Default | Value | Descrption |
@@ -175,6 +180,7 @@ Here is a rundown of other arguments for your docker-compose / docker run.
   * Ubuntu users see below for more detailed information
 * You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
   * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.
+* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".
 
 ### Installing on Ubuntu
 Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
@@ -213,6 +219,8 @@ The primary docker tags / versions are explained in the following table.  [Click
 | `v5.0-buster`           | auto detect  | Versioned tags, if you want to pin against a specific Pi-hole and Debian version, use one of these |  |
 | `v5.0-<arch>-buster `   | based on tag | Specific architectures and Debian version tags | |
 | `dev`                   | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
+| `beta-*`                | auto detect  | Early beta releases of upcoming versions - here be dragons              | |
+| `nightly`               | auto detect  | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL)  | |
 
 ### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
 

VERSIONS

@@ -0,0 +1,3 @@
+CORE_VERSION=v5.3.1
+WEB_VERSION=v5.5.1
+FTL_VERSION=v5.8.1

bash_functions.sh

@@ -13,7 +13,7 @@ fix_capabilities() {
 
 prepare_configs() {
     # Done in /start.sh, don't do twice
-    PH_TEST=true . $PIHOLE_INSTALL
+    PH_TEST=true . "${PIHOLE_INSTALL}"
     # Set Debian webserver variables for installConfigs
     LIGHTTPD_USER="www-data"
     LIGHTTPD_GROUP="www-data"
@@ -103,6 +103,7 @@ setup_dnsmasq() {
     setup_dnsmasq_interface "$interface"
     setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
     setup_dnsmasq_user "${DNSMASQ_USER}"
+    setup_cache_size "${CUSTOM_CACHE_SIZE}"
     ProcessDNSSettings
 }
 
@@ -157,6 +158,32 @@ setup_dnsmasq_hostnames() {
     fi
 }
 
+setup_cache_size() {
+    local warning="WARNING: CUSTOM_CACHE_SIZE not used"
+    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+    # Quietly exit early for empty or default
+    if [[ -z "${1}" || "${1}" == '10000' ]] ; then return ; fi
+
+    if [[ "${DNSSEC}" == "true" ]] ; then
+        echo "$warning - Cannot change cache size if DNSSEC is enabled"
+        return
+    fi
+
+    if ! echo $1 | grep -q '^[0-9]*$' ; then
+        echo "$warning - $1 is not an integer"
+        return
+    fi
+
+    local -i custom_cache_size="$1"
+    if (( $custom_cache_size < 0 )); then
+        echo "$warning - $custom_cache_size is not a positive integer or zero"
+        return
+    fi
+    echo "Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
+
+    sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
+}
+
 setup_lighttpd_bind() {
     local serverip="$1"
     # if using '--net=host' only bind lighttpd on $ServerIP and localhost
@@ -172,19 +199,22 @@ setup_php_env() {
       VIRTUAL_HOST="$ServerIP"
     fi;
     local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\","
+    local corshosts_line="\t\t\t\"CORS_HOSTS\" => \"${CORS_HOSTS}\","
     local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\","
     local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\","
 
     # idempotent line additions
     grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \
         sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG"
+    grep -qP "$corshosts_line" "$PHP_ENV_CONFIG" || \
+        sed -i "/bin-environment/ a\\${corshosts_line}" "$PHP_ENV_CONFIG"
     grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \
         sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG"
     grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \
         sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG"
 
     echo "Added ENV to php:"
-    grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
+    grep -E '(VIRTUAL_HOST|CORS_HOSTS|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
 }
 
 setup_web_port() {

build.yml

@@ -26,7 +26,7 @@ services:
       context: .
       args:
         <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:armel-${DEBIAN_VERSION:-buster}-slim
+        PIHOLE_BASE: pihole/debian-debootstrap:armel-${DEBIAN_VERSION:-buster}-slim
         PIHOLE_ARCH: armel
         S6_ARCH: arm
   armhf:
@@ -35,7 +35,7 @@ services:
       context: .
       args:
         <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:armhf-${DEBIAN_VERSION:-buster}-slim
+        PIHOLE_BASE: pihole/debian-debootstrap:armhf-${DEBIAN_VERSION:-buster}-slim
         PIHOLE_ARCH: arm
         S6_ARCH: arm
   arm64:
@@ -44,7 +44,7 @@ services:
       context: .
       args:
         <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:arm64-${DEBIAN_VERSION:-buster}-slim
+        PIHOLE_BASE: pihole/debian-debootstrap:arm64-${DEBIAN_VERSION:-buster}-slim
         PIHOLE_ARCH: arm64
         S6_ARCH: aarch64
   i386:
@@ -53,6 +53,6 @@ services:
       context: .
       args:
         <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:i386-${DEBIAN_VERSION:-buster}-slim
+        PIHOLE_BASE: pihole/debian-debootstrap:i386-${DEBIAN_VERSION:-buster}-slim
         PIHOLE_ARCH: i386
         S6_ARCH: x86

docker-compose-jwilder-proxy.yml → docker-compose-nginx-proxy.yml

@@ -3,8 +3,8 @@ version: "3"
 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
 
 services:
-  jwilder-proxy:
-    image: jwilder/nginx-proxy
+  nginx-proxy:
+    image: nginxproxy/nginx-proxy
     ports:
       - '80:80'
     environment:
@@ -38,7 +38,7 @@ services:
     extra_hosts:
       # Resolve to nothing domains (terminate connection)
       - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
-      # LAN hostnames for other docker containers using jwilder
+      # LAN hostnames for other docker containers using nginx-proxy
       - 'yourDomain.lan:192.168.41.55'
       - 'pihole pihole.yourDomain.lan:192.168.41.55'
       - 'ghost ghost.yourDomain.lan:192.168.41.55'