Hello,
I have a multicontainer project in which many of the containers use different web interfaces to interact with the user, so I’ve been using nginx-proxy to automatically configure reverse proxies for the containers that need them.
However, while adding a Pi-Hole container I was not able to use the normal balena-pihole repo because while it did manage to sidestep the issue with port 53 already being used by balena-supervisor, it did that by setting pihole to only bind the port in the interface it will use, and then running the container with network_mode: host, that way it prevents conflicts. This will not work for my setup, since nginx-proxy needs port 80 to do it’s thing, and running Pi-Hole in host mode occupies that port.
So my question is: Is there a way to make docker binding the container’s port to the host device only on a certain interface the same way pihole does from inside the container when you use the bind-interfaces option? That way I can have pihole working in bridge mode and have it’s web interface pass through nginx-proxy like the rest of the other containers.
Setup Info
Type: Raspberry Pi 4 (using 64bit OS)
Host OS version: balenaOS 2.80.5+rev1
Supervisor version: 12.8.7
Thank you for any help.
Edit: I improved the phrasing to make my question clearer
Hey @kenajcrap, there are a few ways you could try to solve this, starting with your main question.
So my question is: Is there a way to make docker binding the container’s port to the host device only on a certain interface the same way pihole does from inside the container when you use the bind-interfaces option?
Yes, in your docker-compose file you can specify the port range with ipv4address:externalport:internalport to only bind to the interface with the specified IP. So for Pi-hole it might look something like this where 192.168.1.123 is your device’s eth0 IP.
services:
# https://hub.docker.com/r/pihole/pihole
pihole:
build: ./pihole
privileged: true
volumes:
- "pihole_config:/etc/pihole"
- "dnsmasq_config:/etc/dnsmasq.d"
dns:
- "127.0.0.1"
- "1.1.1.1"
ports:
# bind to this interface only
- "192.168.1.123:53:53"
- "8080:80"
labels:
io.balena.features.supervisor-api: 1
io.balena.features.dbus: "1"
An alternate solution may be to change the port of the Pi-hole web interface with the WEB_PORT environment variable to avoid conflicts. This would be more difficult to make available via your proxy, but it would be available on the specified port on the LAN if desired.
Both of my suggestions above will break the ‘webpage blocked’ functionality of Pi-hole according to the documentation, but I’m not sure what that means and I haven’t tried it. I believe ads will still be blocked though.
Let us know how it goes!