docker image based on Alpine?

[r10513]

This is a: Feature Request

Details

While having pi-hole based on Debian is quite good, the docker image is over 300MB in size. Would you please create a different pi-hole docker image based on Alpine?

Advantages over Debian:

1. Size
2. Fewer running services --> smaller surface attack for trying to exploit pi-hole
3. (potentially) speed --> as fewer services are running, in theory CPU would waste less time in running not-needed code

[PromoFaux]

Any contributions towards this are welcome. It's something I've thought about doing in the past but there's a lot of work involved and only so much free time.

[r10513]

I'd love to help. But I never built any docker image, so I would be rather of little help.

Anyway, I will try to learn how to modify a base Alpine image first (but it will take months before reaching any concrete result).

[murphy83]

When it comes to doing a rewrite I would be glad to join - from my experience and what I learned about docker containers, the construct of having s6 inside a docker-container as a supervisor works but is not the recommended way. I therefore already took a look into the required services where each one should reside in a separate docker container. The recommended way to start pi-hole is docker-compose anyway so adding more services there should be possible.

[PromoFaux]

Possible, yes, but keep in mind that one of the core goals of the Pi-hole project is based around lowering the barrier to entry.

Really the only services needed are pihole-FTL, a web server (supported is lighttpd by default), and cron to manage weekly blocklist updates. With version 6.0, pihole-FTL itself will also have an embedded webserver - which will remove the need for both lighttpd, and with a little work, will also remove the dependency on php.

One container per service may be "the docker way", but it barely seems worth it for what is actually needed - and only goes on to complicate things for those with less experience.

[dschaper]

I'll take a look at Alpine.

And to echo Promo, a mono-image may not be canonical Docker but it's what we have to deal with for now. Requiring a composure of images and containers would be vastly more complex than most of what our users are comfortable with.

[dschaper]

@lightswitch05 Any thoughts/concerns/objections?

[lightswitch05]

Can the upstream pihole project be compiled against musl vs glibc? Alpine is not binary-compatible with Debian.

My two cents is that it's a massive endeavor to save 200mb. Also, perhaps I'm wrong.

[dschaper]

Yeah, pihole-FTL has a musl binary.

[r10513]

Maybe this could help : https://www.reddit.com/r/linux/comments/ovuzcm/pihole_for_alpine_linux_x86_and_x86_64/

[mjeveritt]

It looks like this is getting close to achieving an alpine-based docker container - https://gitlab.com/yvelon/pi-hole/-/issues/12

[r10513]

I set up my docker image based on alpine (with also unbound).. I know, there might be a lot of things that can be improved.. but it is a baseline. I welcome any help

https://github.com/r10513/pihole_alpine

[PromoFaux]

With version 6.0, pihole-FTL itself will also have an embedded webserver -

Starting to play with this over on:

v6-alpine-play

PR's welcomed on that branch.

[PromoFaux]

Starting to play with this over on:

v6-alpine-play

actually in progress on development-v6

[haydonryan]

I was looking for lighter images for services I run- and found that vaultwarden had two options - debian and alpine.

Might be useful to base build scripts on their work: https://github.com/dani-garcia/vaultwarden/tree/main/docker

[PromoFaux]

I think it's probably wholly unnessacery to offer both an alpine and a debian image. I've not yet found any issues with the v6 image

[gene1wood]

The move from Debian to Alpine was completed in #1626 but hasn't been released yet

[rdwebdesign]

The move from Debian to Alpine was completed

Not exactly.

The PR you linked is just one more step of v6 development, but it doesn't mean the development is completed.

Also, Pi-hole v5 images still use Debian as base.

[PromoFaux]

It is, however, available on the development tag