Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

PiHole docker with Keepalived ?

Featured Replies

Anyone know if there is a pihole docker image with keepalived in there ?

 

I am looking to make my pihole setup more redundant. Orbitalsync (if you add the appropriate variable to sync static ip addresses) works fine for keeping the configuration inline, but I need to find a way to "failover" to the secondary system in case of unavailability of the primary one. 

 

Seems like I can do this on my VM running pihole (primary) but my secondary is a docker...

  • Community Expert

I'd recommend installing and using the lxc plugging and make a Debian os host install pihole and keepalived:

as seen here:
https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived
and
https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived

there are some inherit issues with gravity sync and pihole to coexist within the same docker environment due to how pihole is running and release in a docker.
I was unable to find a github/docker image/ nor group that docker image packages both keepalived and pihole together...

I'm a fan of zapyzaps docker verion:
https://hub.docker.com/r/devzwf/pihole-dot-doh

phile, doh/dot, unbound intergration... etc... I ahve moved to adguard for me dns features and tools...

However You can make your own docker installing both...:

 

mkdir /mnt/user/appdata/piholekeepalive
cd /mnt/user/appdata/piholekeepalive
touch dockerfile
nano dockerfile


Docker file:
 

FROM devzwf/pihole-dot-doh:latest

# Install keepalived
RUN apt-get update && \
    apt-get install -y keepalived && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Copy Keepalived configuration files (optional example path)
COPY keepalived.conf /etc/keepalived/keepalived.conf

# Expose necessary ports (default Pi-hole and DNS ports)
EXPOSE 53/tcp 53/udp 80/tcp 443/tcp 67/udp

# Health check
HEALTHCHECK CMD dig @127.0.0.1 pi-hole.net || exit 1

CMD ["/start.sh"]


docker run example:
 

#!/bin/bash

docker run -d \
  --name pihole-keepalive \
  --restart=unless-stopped \
  --hostname pihole \
  --net=host \
  -v /mnt/user/appdata/piholekeepalive/etc-pihole:/etc/pihole \
  -v /mnt/user/appdata/piholekeepalive/etc-dnsmasq.d:/etc/dnsmasq.d \
  -v /mnt/user/appdata/piholekeepalive/keepalived.conf:/etc/keepalived/keepalived.conf \
  -e TZ="America/New_York" \  # Set your timezone
  -e WEBPASSWORD="your_password_here" \  # Set Pi-hole admin password
  -e DNSMASQ_LISTENING="all" \
  -e PIHOLE_DNS_1="127.0.0.1#5335" \
  -e PIHOLE_DNS_2="1.1.1.1" \
  --cap-add=NET_ADMIN \
  --cap-add=NET_RAW \
  pihole-keepalive:latest


example eepalived.conf:
 

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass securepassword
    }

    virtual_ipaddress {
        192.168.1.100/24
    }

    track_script {
        chk_pihole
    }
}

vrrp_script chk_pihole {
    script "pgrep pihole-FTL"
    interval 2
    weight 2
}


I have no interest in building and maintainingg this... You can if you want...

I second the idea of using LXC. That is what i use myself for pihole with keepalived. I also recommend looking into Orbital Sync rather than gravity sync.

  • Author

I tried this in another way (did not read your reply yet).

 

i installed two vm’s and set them up for keepalived…

 

it seems however that it will not work since unraid does not have “promiscues mode” enabled on the bridge…

 

does that sound logical ?

  • Author
Just now, primeval_god said:

I second the idea of using LXC. That is what i use myself for pihole with keepalived. I also recommend looking into Orbital Sync rather than gravity sync.

Am already using orbitalsync, with the extra variable it keeps the configs perfectly in sync.

Just now, Helmonder said:

Am already using orbitalsync, with the extra variable it keeps the configs perfectly in sync.

Yeah i see that now. I saw gravity sync mentioned in the reply I my mind just went "Must mention the alternative" lol

.

  • Author
1 hour ago, bmartino1 said:

I'd recommend installing and using the lxc plugging and make a Debian os host install pihole and keepalived:

as seen here:
https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived
and
https://dchan.tech/books/pi-hole/page/high-availability-pi-hole-setup-using-keepalived

there are some inherit issues with gravity sync and pihole to coexist within the same docker environment due to how pihole is running and release in a docker.
I was unable to find a github/docker image/ nor group that docker image packages both keepalived and pihole together...

I'm a fan of zapyzaps docker verion:
https://hub.docker.com/r/devzwf/pihole-dot-doh

phile, doh/dot, unbound intergration... etc... I ahve moved to adguard for me dns features and tools...

However You can make your own docker installing both...:

 

mkdir /mnt/user/appdata/piholekeepalive
cd /mnt/user/appdata/piholekeepalive
touch dockerfile
nano dockerfile


Docker file:
 

FROM devzwf/pihole-dot-doh:latest

# Install keepalived
RUN apt-get update && \
    apt-get install -y keepalived && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Copy Keepalived configuration files (optional example path)
COPY keepalived.conf /etc/keepalived/keepalived.conf

# Expose necessary ports (default Pi-hole and DNS ports)
EXPOSE 53/tcp 53/udp 80/tcp 443/tcp 67/udp

# Health check
HEALTHCHECK CMD dig @127.0.0.1 pi-hole.net || exit 1

CMD ["/start.sh"]


docker run example:
 

#!/bin/bash

docker run -d \
  --name pihole-keepalive \
  --restart=unless-stopped \
  --hostname pihole \
  --net=host \
  -v /mnt/user/appdata/piholekeepalive/etc-pihole:/etc/pihole \
  -v /mnt/user/appdata/piholekeepalive/etc-dnsmasq.d:/etc/dnsmasq.d \
  -v /mnt/user/appdata/piholekeepalive/keepalived.conf:/etc/keepalived/keepalived.conf \
  -e TZ="America/New_York" \  # Set your timezone
  -e WEBPASSWORD="your_password_here" \  # Set Pi-hole admin password
  -e DNSMASQ_LISTENING="all" \
  -e PIHOLE_DNS_1="127.0.0.1#5335" \
  -e PIHOLE_DNS_2="1.1.1.1" \
  --cap-add=NET_ADMIN \
  --cap-add=NET_RAW \
  pihole-keepalive:latest


example eepalived.conf:
 

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass securepassword
    }

    virtual_ipaddress {
        192.168.1.100/24
    }

    track_script {
        chk_pihole
    }
}

vrrp_script chk_pihole {
    script "pgrep pihole-FTL"
    interval 2
    weight 2
}


I have no interest in building and maintainingg this... You can if you want...

 

I actually did it a bit differently (did not see your reply yet) and installed two fresh piholes in ubuntu vm's and installed keepalive on them.. The install is succesfull but it seems the virtual address cannot be reached and this might be related to "promiscues mode" not beiing enabled on the unraid bridge...

 

Does that sound like something to anyone ?

  • Author
33 minutes ago, Helmonder said:

 

I actually did it a bit differently (did not see your reply yet) and installed two fresh piholes in ubuntu vm's and installed keepalive on them.. The install is succesfull but it seems the virtual address cannot be reached and this might be related to "promiscues mode" not beiing enabled on the unraid bridge...

 

Does that sound like something to anyone ?

Solved my own issue.... Apparently everything was correct but the ARP was confused... I flushed the network tables and that solved the issue !

 

  • Author

Dang.... I think I just realised that all of this was completely useless....

 

The whole thing works... But before this I just had a primary and a secondary DNS server so it never was an issue...

 

I use Pihole as my dhcp server... And the idea was to make sure that I would always have a dhcp server running at the virtual address..

 

However.. That means I have to have both pihole serves with active DHCP... and DHCP requests will just be answered by both piholes...

 

Useless... Damn.. stupid me ...

  • Community Expert

?
unraid is packaged with dhcpd.

?
vm forbidden router run openwrt/pfsense/ipfire in a vm

Would need more info to assist. as you can invite trouble by running 2 dhcp server with the same subnet.

  • 2 weeks later...

I run a 2 pihole system, the dhcp issues can be worked around by having the static dhcp leases the same for both piholes (using whatever method you prefer), but dynamic ranges should not clash. Therefore anything with a static lease gets the same IP from either pihole and anything that is truly dynamic will get a lease from the unique range for the first to answer pihole.
pihole1  = 192.168.0.41 - 192.168.0.140
pihole2 = 192.168.0.141 - 192.168.0.240

This appears simpler and safer than stopping/starting DHCP on keepalived failover.
Admittedly I run 95% static but have not had issues with static dhcp leases or dynamic in 5+ years.

  • 4 weeks later...

This works for me:
 

sudo apt update && sudo apt install keepalived -y
sudo nano /etc/keepalived/keepalived.conf

vrrp_instance FAILOVER {
    state BACKUP
    interface eth0  # Change if using Wi-Fi (wlan0)
    virtual_router_id 51
    priority 90  # Lower than Master (Unraid)
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 12345
    }
    virtual_ipaddress {
        IP.TO.TAKE.OVER/24 dev eth0
    }
    track_script {
        check_unraid
    }
}

vrrp_script check_unraid {
    script "/bin/ping -c 3 -W 2 IP.TO.TAKE.OVER || exit 1"
    interval 5
    weight 5
}

 

When IP.TO.TAKE.OVER no longer responds to ping, my physical pihole assumes the IP.TO.TAKE.OVER.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.