Table of Contents
Introduction to Pi-hole with Cloudflared DNS Over HTTPS on Proxmox
In today’s internet landscape, privacy and security are paramount. One effective way to enhance both is by using Pi-hole as a network-wide ad blocker combined with Cloudflared to route DNS queries through DNS over HTTPS (DoH). This guide walks through setting up Pi-hole with Cloudflared on a Proxmox LXC container, providing secure, encrypted DNS for your entire network.
Why Use Pi-hole with Cloudflared DNS Over HTTPS?
Pi-hole is a DNS-based ad blocker that filters ads and trackers at the network level, blocking them before they reach your devices. Adding Cloudflared enables DNS over HTTPS, ensuring that your DNS queries are encrypted and more secure from potential interception by third parties. This setup improves privacy and prevents common ads, tracking, and malware sites from loading on any device connected to your network.
Requirements for Setting Up Pi-hole with Cloudflared on Proxmox
- A server running Proxmox (or another virtualized environment)
- An LXC container with Debian 12 (Bookworm) installed
- Basic knowledge of command-line operations
Step 1: Set Up the Proxmox LXC Container with Debian 12 for Pi-hole
To get started, create an LXC container on Proxmox running Debian 12. Allocate a minimum of 512MB RAM and 2GB storage. Assign a static IP for ease of access. Once the container is set up, log in to the container’s console and proceed with the installation steps below.
Step 2: Install Pi-hole on Proxmox
To install Pi-hole, start by updating your system:
apt update && apt upgrade -y
Next, download and run the Pi-hole installation script:
curl -sSL https://install.pi-hole.net | bash
During the setup, Pi-hole will prompt you to select an upstream DNS provider. For now, choose any provider (e.g., Google, Cloudflare), as we’ll later configure Pi-hole to route DNS through Cloudflared.
Step 3: Install Cloudflared for DNS Over HTTPS
Cloudflared will handle DNS over HTTPS for Pi-hole, encrypting your DNS queries. Follow these steps to install and configure it:
- Download and add the Cloudflared repository key:
curl -sSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
- Add the Cloudflared repository:
echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bookworm main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
- Install Cloudflared:
sudo apt update && sudo apt install cloudflared -y
Step 4: Configure Cloudflared for DNS Over HTTPS
With Cloudflared installed, configure it to route DNS queries over HTTPS:
- Create a configuration file for Cloudflared:
sudo mkdir -p /etc/cloudflared
sudo nano /etc/cloudflared/config.yml
- Add the following configuration to
config.yml
:
- Add the following configuration to
proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
- Save and exit the file.
Step 5: Create a Systemd Service for Cloudflared on Proxmox
To ensure Cloudflared starts automatically on boot, create a systemd service file:
sudo nano /etc/systemd/system/cloudflared.service
Add the following content to the service file:
[Unit]
Description=Cloudflare DNS over HTTPS Proxy
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/cloudflared --config /etc/cloudflared/config.yml
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
After saving the file, reload systemd and start the Cloudflared service:
sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
Step 6: Configure Pi-hole to Use Cloudflared DNS on Proxmox
Now that Cloudflared is set up, configure Pi-hole to use it as the DNS provider:
- Access the Pi-hole admin interface by visiting
http://[your-pi-hole-ip]/admin
in a browser. - Navigate to Settings > DNS.
- In the “Upstream DNS Servers” section, add
127.0.0.1#5053
as a custom DNS server. Deselect any other DNS providers if you want Pi-hole to exclusively use Cloudflared.
Step 7: Verify Pi-hole and Cloudflared DNS Over HTTPS on Proxmox
To ensure everything is working correctly, you can use the dig
command:
dig google.com @127.0.0.1 -p 5053
You should see a response indicating successful resolution through Cloudflared. Additionally, you can monitor Pi-hole’s query logs to confirm that queries are routed through 127.0.0.1#5053.
Optional: Additional Configurations for Enhanced Privacy
For added privacy, consider enabling DNSSEC in the Pi-hole settings under Advanced DNS settings. DNSSEC adds an extra layer of security by verifying the authenticity of DNS responses, though Cloudflared’s DoH also provides substantial privacy benefits.
Conclusion
Setting up Pi-hole with Cloudflared DNS over HTTPS in a Proxmox LXC container is a powerful way to block ads, enhance privacy, and ensure secure DNS queries across your network. This guide provides a comprehensive setup for anyone looking to achieve better control over their network’s security and privacy without sacrificing usability. Happy browsing!
Recommended Products
1. USB 2.5G Ethernet Adapter
2. USB-C 2.5G Ethernet Adapter
3. PCIe 10G Network Card
4. Network Switch with 10G Uplinks
5. High-Speed Ethernet Cable (Cat 6a)
6. Network Performance Monitoring Tool
Why Support Matters
Creating valuable free content is a significant part of our mission, but it requires resources to maintain and grow. While we are dedicated to providing these resources without charging, they do incur costs. Your support is crucial in helping us continue offering this content. Here’s how you can help:
- Use Affiliate Links: As an Amazon Associate, I earn from qualifying purchases. By using our affiliate links for your purchases, you help us earn small commissions that contribute to covering our operational costs, at no extra cost to you.
- Engage and Share: Engage with our content by liking, commenting, and sharing it with others. This increases our reach and attracts more visitors who might support us financially, allowing us to continue providing valuable content.
- Provide Direct Support: Consider donating or subscribing to support the content you value. Even small contributions can make a significant difference and help us sustain our efforts.
Disclaimer
As an Amazon Associate, I earn from qualifying purchases. This means I may earn a commission from qualifying purchases made through affiliate links, at no extra cost to you.
Stay Connected with Us
For exclusive updates, training tips, fitness advice, and more, follow us across all our platforms through one easy link.
👉 Stay Connected for Exclusive Martial Arts & Fitness Tips
Join our community and never miss an update!
Return to the home section.