search

kquinsland / skyhole

a DNS over TLS wrapper around PiHole - the internet's best adblocker
66 stars 6 forks source link

With Traefik 2.0 you should be able to skip coreDNS all together... #4

Closed PromoFaux closed 4 years ago

PromoFaux commented 4 years ago

Hi there,

Just came across this repo (after I finally got something similar working myself...)

But just a little hint, if you set up a file provider in Traefik, you should be able to use the following configuration:

[tcp]
  [tcp.routers]
    [tcp.routers.rou_dot]
      entryPoints = ["dot"]
      rule = "HostSNI(`[yourdomain.name.whatever]`)"
      service = "svc_dot"
      [tcp.routers.rou_dot.tls]
        certResolver = "le"

  [tcp.services]
    [tcp.services.svc_dot.loadBalancer]
    terminationDelay = 100
      [[tcp.services.svc_dot.loadBalancer.servers]]
        address = "[pi-hole-IP]:53"

Don't forget to include an entrypoint in the main traefik.toml file!

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.web-secure]
    address = ":443"
  [entryPoints.dot]
    address = ":853"
kquinsland commented 4 years ago

(after I finally got something similar working myself...)

Isn't that always how it happens? You solve a problem and then check to see if anybody else has solved it ;P.

Either way, Thanks for the contribution!

I've been meaning to re-write the bulk of project to use rootless containers via podman for a while now, but still havent had the occasion to finish the work. Part of the work is re-evaluating the software used... and if i don't drop traefik for something with useful documentation, and i'll certainly use this config as a seed for v2 :).

Closing as not issue, but keeping it pinned so other folks may reference as needed :).

PromoFaux commented 4 years ago

That said, I am experiencing crashed of pihole-FTL when using DoT to lookup domains (currently working with the team to work out what is happening there...)

I don't suppose you've seen any odd behaviour with pihole-FTL crashing intermittently with DoT requests? If you do notice anything, please feel free to open up an issue over at pi-hole/FTL so we can look further into it.

Hopefully it's just something I've configured wrong, and not something we have coded wrong in FTL 😄

and if i don't drop traefik for something with useful documentation,

Tell me about it, spent the bulk of yesterday migrating my stack from a Traefik V1 based setup, to V2. I may have gone greyer than I was... Another project I used for reference https://github.com/Cielquan/DoTH-DNS/

kquinsland commented 4 years ago

I am experiencing crashed of pihole-FTL when using DoT to lookup domains (currently working with the team to work out what is happening there...)

I am not having DoT issues with pihole but i am having them w/ CoreDNS. Perhaps this issue will sound familiar:

https://github.com/coredns/coredns/issues/3521

One of the original reasons for using traefik was the stand alone nature + built in LE support; this meant one binary would mean that i didn't need to also include certbot container, but i think that i've spent more time agonizing over traefik config than i would have spent just using a small nginx container and a small certbot container.

Edit I should point out that it's been several days since i had any issues with CoreDNS... very frustrating that i haven't been able to move 3521 forward :(