RaspberryPi Docker Swarm Stacks

A collection of Docker Stacks that I run on my home Raspberry Pi Docker Swarm cluster.

Prometheus - Full metrics and monitoring pipeline. Includes Docker, container, and node based metric collection, alerting, and visualization w/ Grafana
pihole - Network wide adblocker implementing DNS over HTTPS (DoH) via cloudflared proxy.
portainer - Docker Swarm cluster management UI.
GitLab - GitLab Omnibus deployment with GitLab CI/CD Runner.
Elastic (ELK) Stack - Logging aggregation, analysis, search, and visualization stack. Comprised of Elasticsearch, Kibana, and Filebeat.
Unifi Controller - Wireless network management software solution from Ubiquiti Networks for administration of Unifi network gear.

Setup and Install

Clone the repo, cd into each directory and run:

sudo docker stack deploy --compose-file=$FILE_NAME $STACK_NAME

Note - Read thru README in each dir for setup and configuration details of each stack.

Multiarch Docker Images

Many of the open source products used here do not have vendor supported ARM compatible Docker images or are published under different Docker Hub repositories / tags. Some vendor supported images do have ARM support, but are not fully compatible with Docker Swarm clustering. To overcome these limitations, the following projects were created and use Docker buildx to publish native multi-architecture images (tutorial here). Check out these repositories for further information:

Special shout out to these open source ARM compatible projects used:

[Question] How to pihole+dhcp+DoH over docker swarm

Hello,

I'm a novice to docker/swarm and portainer. I've managed to run portainer in a standalone mode an have been successful at installing pihole + cloudflared DoH in standalone docker-compose. So, I began to delve into the world of swarms and am looking to see if I can move the above setup into a swarm - something that is herculean to me. After wandering the web looking for a solution for a week, I stumbled upon your version of installing pi + cloudflared over a docker swarm.

Existing setup for pihole-dhcp-dns-doh:

version: "2"
services:
    pihole:
        container_name: pihole
        image: pihole/pihole:latest
        restart: unless-stopped
        ports:
            - "53:53/tcp"
            - "53:53/udp"
            - "67:67/udp"
            - "80:80/tcp"
            - "443:443/tcp"
        environment:
            - ServerIP=192.168.0.100
            - TZ='Asia/Kolkata'
            - DNS1='10.0.0.2#5054'
            - DNS2=''
            - IPv6=false
            - DNSMASQ_LISTENING=all
            - WEBPASSWORD=some_password   #................................ set a secure password here or it will be random
        # Volumes store your data between container upgrades
        volumes:
        - '/usr/local/etc/pihole/pihole-data/:/etc/pihole/'
        - '/usr/local/etc/pihole/pihole-data/dnsmasq.d/:/etc/dnsmasq.d/'
        dns:
            - 127.0.0.1
            - 1.1.1.1
        # Recommended but not required (DHCP needs NET_ADMIN)
        #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
        cap_add:
            - NET_ADMIN
        network_mode: host

    cloudflared:
        container_name: cloudflared
        # image: fardog/secureoperator:latest # google dns
        image: visibilityspots/cloudflared:latest # cloudflare dns
        restart: unless-stopped
        dns:
            - 1.1.1.1
            - 1.0.0.1
        networks:
            pihole_net:
                ipv4_address: 10.0.0.2
networks:
    pihole_net:
        driver: bridge
        ipam:
            config:
                - subnet: 10.0.0.0/29   #..................................... /29 can accomodate 6 hosts

I brought down the above setup, set up portainer as a swarm as per the original documentation and then tried to add the below (based off your implementation - albeit using a different cloudflared image (visibilityspots/cloudflared).

Swarm config:

version: "3.7"
services:
  pihole:
    image: pihole/pihole:latest
    hostname: "pihole"    
    deploy:
      replicas: 1
      placement: 
          constraints: [node.role == manager]
      update_config:
        delay: 30s
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:		# <<<<<< as per the above comments, if I remove the ports, I'm unable to access pihole web interface
      - target: 53
        published: 53
        protocol: tcp
      - target: 53
        published: 53
        protocol: udp
      - target: 67
        published: 67
        protocol: udp
      - target: 80
        published: 80
        protocol: tcp
      - target: 443
        published: 443
        protocol: tcp  
    network_mode: "host" # <<<<<< as per the above comments, I've enabled 'host' network_mode.
    environment:
      TZ: "Asia/Kolkata"
      WEBPASSWORD: "some_password"
      DNS1: "172.23.0.1#5053" # <<<<<< This is my docker_gwbridge gateway IP
      # DNS2: "172.18.0.1#5053"
      DNS_FQDN_REQUIRED: "true"
      DNS_BOGUS_PRIV: "true"
      DNSSEC: "false"
      # CONDITIONAL_FORWARDING: "true"	# <<<<<< not sure if this and the below are reqd as I've disabled DHCP my the router
      # CONDITIONAL_FORWARDING_IP: "192.168.0.1"
      # CONDITIONAL_FORWARDING_DOMAIN: "home.local"
      # CONDITIONAL_FORWARDING_REVERSE: "0.168.192.in-addr.arpa"
    # Volumes store your data between container upgrades
    volumes:
      - /usr/local/etc/pihole/pihole-data:/etc/pihole/
      - /usr/local/etc/pihole/pihole-data/dnsmasq.d:/etc/dnsmasq.d/
    dns:
      - "127.0.0.1"
      #- "1.1.1.1" # fallback

  cloudflared:
    # Pinned to arm/v7 digest for crazymax/cloudflared:2020.2.0
    image: visibilityspots/cloudflared:latest # <<<<<< using this image instead of the one you've suggested
    deploy:
      replicas: 1
      placement: 
          constraints: [node.role == manager]
      update_config:
        delay: 30s    
    ports:
      - target: 5053
        published: 5053
        protocol: udp
      - target: 49312	# <<<<<< what is this for?
        published: 49312
        protocol: tcp
    environment:
      - "TZ=Asia/Kolkata"
      - "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"

I"ve mentioned some comments in the above swarm-config as per my level of understanding / edits.
I was able to start the above via portainer, however, I ran into the multiple issues.

DHCP server was not doing it's job as I lost internet access
Pi was still able to access the internet, however, resolution was not happening via 1.1.1.1/DoH as per https://1.1.1.1/help

Do you happen to see any faulty configurations?

I was inspired to set up something similar to this blog wherein he talks about DNS server redundancy.

Thanks

jmb12686 / raspi-docker-stacks Goto Github PK

raspi-docker-stacks's Introduction

RaspberryPi Docker Swarm Stacks

Setup and Install

Multiarch Docker Images

raspi-docker-stacks's People

Contributors

Stargazers

Watchers

Forkers

raspi-docker-stacks's Issues

Fix alertmanager healthcheck.io intervals

Prometheus: Network "caddy_internal_net" is declared as external, but could not be found.

[Question] How to pihole+dhcp+DoH over docker swarm

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent