Giving Ads the Boot with Pi-hole 🕳️🚫📡

virtruvius 17.05.2025 Uncategorized 0

Alright, we’ve set up our Raspberry Pi with Docker, Portainer, Nginx reverse proxy, and even a WordPress site — not bad for a glorified creditcard-sized computer.

Now it’s time to level up your home network privacy game:
Enter Pi-hole — your personal DNS sinkhole that nukes ads, trackers, and analytics right at the network level.

Yup. All devices. One shot. Clean.

Running Pi-hole with Docker (on a static IP)

Since we’re already using a macvlan setup, we can give Pi-hole its own dedicated IP — just like a real device on the network. Here’s the docker-compose.yml I used:

version: "3.7"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      macvlan_net:
        ipv4_address: 192.168.178.4
    environment:
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: 'jouwSterkWachtwoord'  # <-- update this!
    volumes:
      - ./etc-pihole/:/etc/pihole/
      - ./etc-dnsmasq.d/:/etc/dnsmasq.d/
    dns:
      - 127.0.0.1
      - 1.1.1.1
    cap_add:
      - NET_ADMIN

networks:
  macvlan_net:
    external: true

Start it up with:

sudo docker-compose -p pihole up -d

And then head over to the admin interface in your browser:
https://192.168.178.4/admin

🔒 Tip: the first time you log in, use the password you set in WEBPASSWORD.

Forgot the password or the password not working? No worries.

Open Portainer
Go to your pihole container
Open the Console
Run this command:

pihole -a -p

You’ll be prompted to set a new password. Easy fix. 👍

Next step? Set your router’s DNS to Pi-hole’s IP

Once Pi-hole is up, update your router to use 192.168.178.4 as the primary DNS.
Boom — all devices in your network are now protected from sketchy ad servers.

Coming soon: connecting Pi-hole to Unbound for even more privacy (no third-party DNS services). 🕵️‍♂️

Stay tuned.