Possible Assistance Guide OMV5 PiHole LanCache-RPI?

[ryu777mtg]

Hi there I would have rather asked this somewhere else but have no idea where you are taking the time to answer questions.

Also thank you for your time in converting this software over to ARM to be used.

Here goes I've set up OMV5 on a Raspberry Pi 4 8GB model along side a Quad Sata Hat from Radxa Using the RaspiOS 64bit from here. Though the newest version can be found in the official repository here. After setting up OMV5 and going to the OMV-Extras tab on the Web Interface which is your Pi's Hostname or IP on default port 80 setup Docker through there and change the port to 81 as LanCache needs port 80. You can then pull Docker Images to have them installed using Portainer.

I still ssh into the Pi to pull your setup scripts to install Lancache-RPI and configure the .env variables before issuing the sudo docker-compose up -d command. As for Pi-Hole I pull it via Portainer of course there are issues with ports conflicting.

My main question here is it possible to set up PiHole and Lancache-RPI on the same machine? If so how to configure ports to have the DNS work correctly? I also know using all the software listed you have to configure the /etc/systemd/resolved.conf by uncommenting the lines for Cache and DNSStubListener and setting them equal to no.

If it's possible to run all software together OMV5 PiHole and your version of LanCache I wish there could be a little more guidance on how to set it up.

On another side note if it's not to much to ask do you think it would be possible to set up and use something like Apache or Nginx for a web server alongside as I know port 80 is a necessity for LanCache and OMV5 but OMV5 is able to have it's port changed to allow for LanCache.

Any help guidance for trying to get this mash up to work together I would greatly appreciate it.

Thank you for your time

[jrcichra]

I haven't verified this works, but if you use PiHole in a container (https://hub.docker.com/r/pihole/pihole), we could set the lancache upstream DNS to the container IP address of PiHole in Docker. You wouldn't expose pihole's port 53 to the host (keep it in container) and you could map pihole's port 80 to port 81. You can add PiHole to the docker-compose in this repo or connect to the lancache default network after the fact. Docker abstracts away the IP addresses of containers with hostnames, but there might be a way to set a static ip for a container in a docker network (so PiHole DNS can be a dedicated private IP that lancache can reliably upstream to)

There's things we can do to get both pihole and lancache (and other services) on the same port (80) but it would require a reverse proxy on top (probably using an arm port of jwilder/nginx-proxy would be the easiest). I believe I build an arm32 port of said container. Check this repo's Github actions if you're interested in trying it.

What's fun about that setup, is resolving DNS for "pihole" or "pi-apache" would have to be entries in PiHole DNS, which hops through your lancache to resolve the DNS, that then tells your client "Go back to the same IP address, but this time, it uses an HTTP header of "pi-apache", which would go through the reverse proxy and route you to a different web service on the same box.

[ryu777mtg]

I can attempt to try this but when it comes to the internal networking shenanigans I'm not to well versed. I'll try my best to follow what you said but I might need a little more clarification on some of the steps. Will the container IP address be something found via the Console within the actual container? Or could I use the IP that can be seen on the assigned Network? As for exposing PiHole port 53 does that mean just do not define a rule period for the container
eg: ports:

• "53:53/tcp"
• "53:53/udp" To clarify do not include the above rules in the docker-compose so when the container is created there won't be an assigned port for TCP/UDP 53? As for port 80 assignment being defined in the docker-compose it would be -"81:80/tcp"? Correct or is it the other way around.

Also is possible to change LanCache's port 80?

Thank you for the feedback and hope I'll make some progress with this to provide an update.

I'll definitely look into the NGINX Proxy and see where things go. (That is if I'm able to set it up)

Also it seems port 443 is used by both LanCache and Pihole is it safe to allow the Pihole container to use port 443 just from within the container like port 53?

Here is a link to current Docker-Compose.yml via Pastebin

After docker does it magic I then go back and edit the .env for LanCache adding the IP of the pihole (hopefully container ip) which was assigned to the lancache-rpi_default as 127.x.x.5 to the DNS Upstream removing the 8.8.8.8 default. Then restart the containers and Flush the DNS via CMD ipconfig /flushdns. This seems like it's working but can't tell if anything is getting blocked as in the PiHole dashboard everything is going through a client labeled lancache-rpi_dns_1.lancache-rpi_default.

This arises another question would it be able to reverse the DNS upstream? Use Pihole DNS Custom Upstream and pass LanCache through it by doing the above steps in reverse let LanCache DNS run internally and the sniproxy internally in the respective containers and map the LanCache port 80?

Thanks again

[jrcichra]

Also it seems port 443 is used by both LanCache and Pihole is it safe to allow the Pihole container to use port 443 just from within the container like port 53? Yes, if you don't need PiHole on port 443 exposed.

This seems like it's working but can't tell if anything is getting blocked as in the PiHole dashboard everything is going through a client labeled lancache-rpi_dns_1.lancache-rpi_default. Yes, I don't believe the DNS protocol keeps state upstream of who requested the domain name. All DNS traffic will appear to have come from the lancache internal docker IP address. I'm not immediately sure of a workaround if you plan to block based on the source IP. (see last response)

After docker does it magic I then go back and edit the .env for LanCache adding the IP of the pihole (hopefully container ip) which was assigned to the lancache-rpi_default as 127.x.x.5 to the DNS Upstream removing the 8.8.8.8 default. Then restart the containers and Flush the DNS via CMD ipconfig /flushdns. You 'may' be able to specify the hostname of the pihole container instead of the ip address, in .env. I've never tried that and that feature depends on support of lancache-net/nginx. That may make things easier. You can also determine it from docker inspect against a container to be absolutely sure and use your method:

docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id

...if lancache forces you to specify an IP, you could create your own container network using the yaml mentioned in this stack overflow post: https://stackoverflow.com/a/39498534/5404881. Then specify a static IP for just PiHole, or all of them.

As for port 80 assignment being defined in the docker-compose it would be -"81:80/tcp"? Correct or is it the other way around. I believe host is on the left and container is on the right, so you're correct.

This arises another question would it be able to reverse the DNS upstream? Use Pihole DNS Custom Upstream and pass LanCache through it by doing the above steps in reverse let LanCache DNS run internally and the sniproxy internally in the respective containers and map the LanCache port 80?

Yes, you should be able to flip it so PiHole is in front of lancache, if you plan on having Lancache as the sole upstream DNS provider. That actually makes more sense, since PiHole will see LAN IPs requesting different domains, and lancache would only see PiHole requesting steam/blizzard packets, which, it shouldn't care who requests it. It will cache regardless (as long as lancache returns the Pi's true LAN IP address, which I believe it should [from the config file])

[rubensamuelJesus]

hey @jrcichra @ryu777mtg
@ryu777mtg you got it both working? just found this github and already have pihloe working, and I also wanted the lancache working

[ryu777mtg]

@rubensamuelJesus I have been able to get all three services working and functioning however I never got around to the nginx proxy though I still plan on trying to work that in eventually.

I'll try to keep steps to bare minimal and as easy to follow:

• First of course install RaspiOS I chose the 64bit Lite version you can get from their backend downloads here
• Issue sudo apt update && sudo apt upgrade -y (self explanatory)
• If your like me and have the Quad SATA Hat then follow directions here to install it's drivers
• Since OMV doesn't allow for the creation of RAID with USB drives you have to log in to your pi via ssh and create your RAID manually here are some commands you might find helpful for working with RAID with RPI as sometimes if you install mdadm as RaspiOS Lite does not include it, it will try to initialize /dev/md127 in the background and for you to make a RAID you must stop this device and unmount it before proceeding to make your own. These command are in no particular order as you may have to stop the drive process before unmounting or visa versa.

lsblk will show devices and mountpoints Make sure there is no current md array is mounted sudo umount /dev/md# will unmount them where # is number shown from lsblk sudo mdadm --stop /dev/md# sudo mdadm --remove /dev/md# sudo mdadm --zero-superblock /dev/sd# needs to be ran per device that was used in the md arrary that was stopped # is letter shown from lsblk you can simply command with sudo mdadm --zero-superblock /dev/sd[b-e] that is if your drives that were in the RAID were SDB, SDC, SDD, and SDE

• After that you must verify all SD mounts that you want to use for RAID are unmounted as well then you can create your RAID

sudo mdadm -C -v -n4 -l5 -Nmatrix /dev/md0 /dev/sd[b-e]

• The above command works for me and you can choose to use the -f or not if you want to have it include the 4th disk during creation however it will take longer IMO it's best to let the parity be made with 3 disk then it will auto add 4th disk to RAID after completion and is much faster. -N is to name the RAID Of course this is for RAID 5 setup

• Next partition the RAID with a filesystem

sudo mkfs.ext4 -F -Lrpi /dev/md0

The -L is to label the partition

• Next you can log into OMV and mount the RAID drive also while there change the port under general settings from 80 to something else as Lancache needs 80
• Back at the terminal you need to issue this command to have your RAID autopopulate and mounted during any reboots

sudo omv-salt deploy run mdadm

To verify RAID settings you can use these commands:

sudo nano /etc/fstab sudo nano /etc/mdadm/mdadm.conf sudo mdadm -D /dev/md0 (or whatever you labeled it during creation)

The fstab and mdadm.conf should have some UUID info at bottom related to your RAID

• Next go to OMV Extras to install Docker but before you do change the storage path to that of the absolute path of a share you create so that it uses space on the RAID or wherever you decide to place your Docker containers
• Install Portainer
• Back at the SSH terminal you need to modify the resolved.conf file and uncomment the DNSStubListener and Cache lines and set them equal to no this is to disable OMV port 53 so PiHoles 53 can be used

sudo nano /etc/systemd/resolved.conf

Change

Cache=yes

DNSStubListener=yes

To Cache=no DNSStubListener=no

sudo rm /etc/resolv.conf sudo ln -s /var/run/systemd/resolve/resolv.conf /etc/resolv.conf

Then restart the service with

sudo systemctl restart systemd-resolved.service

After doing these steps this will allow you to change the .env value of DNS_BIND_IP= to 0.0.0.0 however it's still recommended to use the actual DNS IP which is typically the same as LANCACHE_IP. Just doing these steps give you an option in case you do not know the actual DNS IP

Next you can follow the steps here to install the Lancache for RPI but before you use sudo docker-compose up -d you can use this compose file to have all the ports configured Of course you might have to install git if you chose the Lite OS

DO NOT FORGET to edit the .env file you can set the DNS Upstream to Google DNS, Cloudflare or your personal of course the IP Bind and DNS IP need to be changed as well I like to use OMV Networking tab and go to the interface and assign a Static IP so that I know this will never change and then use that Static as the DNS on my router for serving the cache.

Contents of docker-compose.yml file should be this:

version: '3'
services:
  dns:
    image: jrcichra/lancachenet-lancache-dns:latest  ## Pulling DNS server for arm
    env_file: .env
# Commented out as it will Passthrough Piholes DNS
#    ports:
#      - ${DNS_BIND_IP}:53:53/udp
#      - ${DNS_BIND_IP}:53:53/tcp
    networks:
      static-network:
        ipv4_address: 172.20.128.3
    restart: always
##  sniproxy:
##    image: jrcichra/lancachenet-sniproxy:latest  ## Pulling Sniproxy for arm
##    env_file: .env
##    ports:
##      - 443:443/tcp
##    restart: always
  monolithic:
    image: jrcichra/lancachenet-monolithic:latest ## Pulling monolithic for arm
    env_file: .env
    ports:
      - 80:80/tcp
      - 443:443/tcp
    networks:
      static-network:
        ipv4_address: 172.20.128.4
    restart: always
    volumes:
      - ${CACHE_ROOT}/cache:/data/cache
      - ${CACHE_ROOT}/logs:/data/logs
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
    # Port 80 is forwarded to 81 as Lancache needs 80 and OMV was set to 82
      - "81:80/tcp"
    networks:
      static-network:
        ipv4_address: 172.20.128.2
    environment:
      TZ: 'America/New_York'
    # WEBPASSWORD: 'raspberry'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: always
networks:
  static-network:
    ipam:
      config:
        - subnet: 172.20.0.0/16
          #docker-compose v3+ do not use ip_range
          #ip_range: 172.28.5.0/24

Of course you can change some settings but use discretion very strongly suggest uncommenting the WEBPASSWORD and setting one for PiHole unless you want to jump into the container and retrieve randomly generated password

I have also changed it so these containers are assigned a STATIC IP as I can't stress enough how important this step is and how frustrated I was until I figured this out. In case of power loss or reboots this will allow you to not have to change the DNS Upstreams any time a container would be assigned a new IP. You can change the STATIC in the config above if so desired

After in portainer you can go to network and make sure that the pihole, lancache dns, and lancache monolith are connected to same network should more than likely be lancache-rpi_static-network take note the IPv4 of the lancache dns for me it was 172.20.128.3 (which is what I set for the static) this is the IP you need to put into Pi Hole DNS Custom Upstream and also untick any other DNS which by default is more than likely Google DNS's 2 check boxes.

At this point you should be able to assign your Router DNS the IP of the RPI for wide access dns or just assign the IP to individual devices

Sorry I know this is late posting reply but late is better than never