Skip to content

Instantly share code, notes, and snippets.

@diyfr

diyfr/readme.md

Created September 29, 2023 14:39
Show Gist options
  • Save diyfr/e115a82027fe45a9abf0ff4d578b111f to your computer and use it in GitHub Desktop.
Save diyfr/e115a82027fe45a9abf0ff4d578b111f to your computer and use it in GitHub Desktop.
Download ZIP
AdGuard Home + Traefik
Raw
readme.md

edit traefik.yml

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  dot: # <- ADD THIS
    address: ":853"  # <- ADD THIS

dot entrypoint it's only for adguarhome. Check traefik dashboard

Add port to traefik container (compose file)

    ports:
      - "80:80"
      - "443:443"
      - "853:853"

adguard home compose file

services:
  # see @url:https://ae3.ch/adguard-home-docker-with-dns-over-https-and-traefik/
  adguard:
    image: adguard/adguardhome:latest
    container_name: adguard
    restart: unless-stopped
    environment:
      - TZ=Europe/Paris
    expose:
      - "80"
      - "53"
      - "853"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    networks:
      - traefik
    volumes:
      - /home/docker/vol/adguard/work:/opt/adguardhome/work
      - /home/docker/config/adguard/conf:/opt/adguardhome/conf
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.adguard.entrypoints=web"
      - "traefik.http.routers.adguard.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.http.routers.adguard.middlewares=https-redirect@file"
      - "traefik.http.routers.adguard-secure.entrypoints=websecure"
      - "traefik.http.routers.adguard-secure.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.http.routers.adguard-secure.tls=true"
      - "traefik.http.routers.adguard-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.adguard-secure.service=adguard-secure"
      - "traefik.http.services.adguard-secure.loadbalancer.server.port=80" # 3000 Change to 80 after first reboot and settings admin account
      - "traefik.docker.network=traefik"

      - "traefik.tcp.routers.adguard-tls.rule=HostSNI(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.tcp.routers.adguard-tls.tls=true"
      - "traefik.tcp.routers.adguard-tls.entrypoints=dot"
      - "traefik.tcp.routers.adguard-tls.tls.certresolver=letsencrypt"
      - "traefik.tcp.routers.adguard-tls.service=adguard-tls"
      - "traefik.tcp.services.adguard-tls.loadbalancer.server.port=53"

After first boot, edit /home/docker/config/adguard/conf/AdGuardHome.yml
In tls section :

tls:
  enabled: true # <- Enable this
  server_name: dns.domain.tld # <- Update this
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: true #<- Set true 
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false

Restart adguard container

Dns works : Standard port : 53 tls: 853 dns over https : 443

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment