edit traefik.yml
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
dot: # <- ADD THIS
address: ":853" # <- ADD THIS
dot entrypoint it's only for adguarhome. Check traefik dashboard
Add port to traefik container (compose file)
ports:
- "80:80"
- "443:443"
- "853:853"
adguard home compose file
services:
# see @url:https://ae3.ch/adguard-home-docker-with-dns-over-https-and-traefik/
adguard:
image: adguard/adguardhome:latest
container_name: adguard
restart: unless-stopped
environment:
- TZ=Europe/Paris
expose:
- "80"
- "53"
- "853"
ports:
- "53:53/tcp"
- "53:53/udp"
networks:
- traefik
volumes:
- /home/docker/vol/adguard/work:/opt/adguardhome/work
- /home/docker/config/adguard/conf:/opt/adguardhome/conf
labels:
- "traefik.enable=true"
- "traefik.http.routers.adguard.entrypoints=web"
- "traefik.http.routers.adguard.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
- "traefik.http.routers.adguard.middlewares=https-redirect@file"
- "traefik.http.routers.adguard-secure.entrypoints=websecure"
- "traefik.http.routers.adguard-secure.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
- "traefik.http.routers.adguard-secure.tls=true"
- "traefik.http.routers.adguard-secure.tls.certresolver=letsencrypt"
- "traefik.http.routers.adguard-secure.service=adguard-secure"
- "traefik.http.services.adguard-secure.loadbalancer.server.port=80" # 3000 Change to 80 after first reboot and settings admin account
- "traefik.docker.network=traefik"
- "traefik.tcp.routers.adguard-tls.rule=HostSNI(`dns.domain.tld`)" # change with your own domain/sub domain
- "traefik.tcp.routers.adguard-tls.tls=true"
- "traefik.tcp.routers.adguard-tls.entrypoints=dot"
- "traefik.tcp.routers.adguard-tls.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.adguard-tls.service=adguard-tls"
- "traefik.tcp.services.adguard-tls.loadbalancer.server.port=53"
After first boot, edit /home/docker/config/adguard/conf/AdGuardHome.yml
In tls section :
tls:
enabled: true # <- Enable this
server_name: dns.domain.tld # <- Update this
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: true #<- Set true
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
Restart adguard container
Dns works : Standard port : 53 tls: 853 dns over https : 443