Block stupid Ads and manage DNS // AdguardHome Tutorial

Table of Contents

In this video, I’ll show you how to install AdGuard Home, a powerful open-source alternative to Pi-hole, using Docker. We will deploy it with a simple command and configure DNS-over-HTTPS (DoH) to encrypt your DNS queries, making your network more private and secure.

References
#

AdGuard Home GitHub Repository: https://github.com/AdguardTeam/AdguardHome
Boilerplates CLI: https://github.com/CICDToolbox/boilerplates

Instructions
#

Installation with Boilerplates CLI
#

First, install the Boilerplates CLI tool and update the repository.

# Update the repository
boilerplates repo update

# (Optional) List available compose files
boilerplates compose list

Generate the Docker Compose file for AdGuard Home. This example enables integration with a Traefik reverse proxy.

boilerplates compose generate adguardhome \
 -n \
 -o /tmp/bp-testing/adguardhome-1 \
 -v traefik_enabled=true

Alternatively, if you prefer to use macvlan to give AdGuard Home its own IP address on your LAN (note: this setup does not support Traefik integration out of the box):

bp compose generate adguardhome \
 -n \
 -o /tmp/bp-testing/adguardhome-2 \
 -v network_mode=macvlan \
 -v network_macvlan_ipv4_address=10.20.1.99 \
 -v network_macvlan_subnet=10.20.0.0/16 \
 -v network_macvlan_gateway=10.20.0.1

Enabling Local DNS-over-HTTPS (DoH)
#

To enable encryption between your clients and AdGuard Home (especially when using a reverse proxy), you need to edit its configuration file. We can use the netshoot container to easily access the volume where the configuration is stored.

# Replace 'adguardhome-1-adguardhome-1' with your container name
docker run -it --rm \
  --volumes-from adguardhome-1-adguardhome-1 \
  nicolaka/netshoot bash

Once inside the container, edit the configuration file located at /opt/adguardhome/conf/AdGuardHome.yaml. The trusted_proxies setting is crucial so AdGuard Home can see the original client IP address.

vim /opt/adguardhome/conf/AdGuardHome.yaml

Add or modify these values in the YAML file:

tls:
  enabled: true
  allow_unencrypted_doh: true
dns:
  trusted_proxies:
    - 172.16.0.0/12 # Your Docker network for the reverse proxy

After saving the file, exit the netshoot container and recreate your AdGuard Home container to apply the changes.

docker compose up -d --force-recreate

Testing the DoH Setup
#

Use a DNS client like doggo to test your new DNS-over-HTTPS endpoint. Replace the URL with your own.

doggo example.com @https://adguardhome.srv-test-1.home.clcreative.de/dns-query

Author

Christian Lempa

IT & Tech Nerd | DevOps and Automation FanBoy

References#

Instructions#

Installation with Boilerplates CLI#

Enabling Local DNS-over-HTTPS (DoH)#

Testing the DoH Setup#

References
#

Instructions
#

Installation with Boilerplates CLI
#

Enabling Local DNS-over-HTTPS (DoH)
#

Testing the DoH Setup
#