https://github.com/88plug/wireguard-pi-hole-unbound

https://github.com/88plug/wireguard-pi-hole-unbound

Last synced: 5 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/88plug/wireguard-pi-hole-unbound
• Owner: 88plug
• Created: 2023-09-17T19:00:55.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-09-17T19:20:36.000Z (almost 3 years ago)
• Last Synced: 2025-04-09T17:58:31.199Z (about 1 year ago)
• Size: 18.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Wireguard - Pi-hole - Unbound: Root Server Edition

## Overview

This repository provides an all-in-one solution for network security and privacy. It uses Pi-hole with Unbound for DNS-level ad-blocking and DNSSEC validation, along with WireGuard via WG-Easy for a fast and secure VPN. All services are containerized using Docker for easy deployment and management.

## Table of Contents

1. [Overview](#overview)

2. [Features](#features)

3. [Prerequisites](#prerequisites)

4. [Getting Started](#getting-started)

    1. [Installation](#installation)

    2. [Configuration](#configuration)

## Features

- **Pi-hole**: DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.

- **Unbound**: A secure, validating, recursive, and caching DNS resolver with support for DNSSEC.

- **WireGuard via WG-Easy**: A fast and modern VPN that uses state-of-the-art cryptography.

## Prerequisites

- Docker and Docker Compose installed.

- Basic understanding of DNS, Docker, and VPN concepts.

- A machine with a static IP address for hosting the services.

## Getting Started

### Installation

1. **Clone the Repository**

    ```bash

    git clone https://github.com/wireguard-pi-hole-unbound

    ```

2. **Navigate to the Project Directory**

    ```bash

    cd wireguard-pi-hole-unbound

    ```

3. **Update Essential Variables**

    Before deploying the services, you must update the following essential environment variables in the `docker-compose.yml` file:

    - **WG_HOST**: Replace with your public IP address.

    - **PASSWORD**: Replace with a secure password.

    - **TZ**: Timezone for the Pi-hole container. Use the "Area/Location" format (e.g., `America/New_York`, `Europe/London`, `Asia/Tokyo`, `Australia/Sydney`, `Africa/Johannesburg`, or `UTC`).

    - **WEBPASSWORD**: Password for accessing the Pi-hole web interface.

4. **Deploy the Services**

    ```bash

    docker-compose up -d

    ```

### Configuration

- Access the Pi-hole web panel at `http://:80`.

- Access the WG-Easy web panel at `http://:51821`.

#### Pi-hole and Unbound

Both are bundled in a single container. Configuration files for Pi-hole are located in the Docker volume `etc_pihole-unbound`. Pi-hole's web interface can be accessed via port 80 or 443, and it listens for DNS queries on port 53.

#### WG-Easy

Configuration files for WG-Easy can be found under `~/.wg-easy`.