111Adguardhome - amagerard/PowerDNS GitHub Wiki
RedHat10/Powerdns
| 1- Network | 2- Pdns | 3- Mariadb | 4- PowerAdmin | 5- PdnsRecursor | 6- Selinux |
|---|---|---|---|---|---|
| 7- GnomeShell | 8-Synoptic | 09-ManageDns | 10-Troubleshoots | 11-Adguardhome |
11. Adguardhome.
Install Adguard Home if you don't like ads or prohibited websites.
Create an AdGuard user.
groupadd adguard
useradd -g adguard -d /opt/AdGuardHome adguard
Log in to adguard.
su - adguard
Download the latest version of AdGuardHome.
wget -c https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.71/AdGuardHome_linux_amd64.tar.gz
Decompress AdGuardHome.
tar xvzf AdGuardHome_linux_amd64.tar.gz -C /opt
Add and edit a personal script.
This is to prevent AdGuardHome from launching as root.
vi run.sh
#!/bin/sh
/usr/sbin/setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /opt/AdGuardHome/AdGuardHome
#su - adguard
/opt/AdGuardHome/AdGuardHome "-s" "run"
chmod +x run.sh
Exit the AdGuard user.
exit
Add and edit the script to launch AdGuardHome.
vi /etc/systemd/system/AdGuardHome.service
[Unit]
Description=AdGuard Home: Network-level blocker
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
After=syslog.target network-online.target
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/opt/AdGuardHome/run.sh
WorkingDirectory=/opt/AdGuardHome
User=adguard
Group=adguard
StandardOutput=journal
StandardError=journal
Restart=always
RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome
[Install]
WantedBy=multi-user.target
Do not start the AdGuardHome service.
The first installation of AdGuardHome is in root mode.
But first you need to open the firewall.
ufw allow in proto tcp from any to any port 3000:3001
And also redirect DNS queries to AdGuardHome.
That's the role of pdns-redirector.
vi /etc/pdns-recursor/recursor.conf
# forward-zones-recurse Zones .
# By default, anything not listed above is returned as another DNS server.
forward_zones_recurse:
- zone: .
recurse: true
forwarders:
- 127.0.0.1:5345
systemctl restart pdns-recursor
Run these two command lines as root.
/usr/sbin/setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /opt/AdGuardHome/AdGuardHome
/opt/AdGuardHome/AdGuardHome "-s" "run"
Leave the adguadhome process and find another computer for the setup.
In this example, AdGuardHome is located on the server 192.168.90.41.
From another computer.
http://192.168.90.41:3000
You must change :
- internet for another port as : 3001
- DNS listen port as : 5345
- give a username and password
Return to the server for stop AdGuardHome.
CTRL + c for exit.
chown -R adguard:adguard /opt/AdGuardHome
Start the AdGuardHome service.
systemctl enable --now AdGuardHome.service
Open AdGuardHome.
http://192.168.90.41:3001
Open AdguardHome to https.
Port 443 is already in use by poweradmin.
This will be port 448 for HTTPS.
You must have:
- CA authority.
- srv certificates.
Go to 6.2.1.1 Generate RSA CA Authority .
Go to 6.3.1 Generate RSA srv1 certificates .
Give permission to adguard.
setfacl -m u:adguard:rx /etc/pki/tls/certs/CA.crt
setfacl -m u:adguard:rx /etc/pki/tls/certs/srv1.crt
setfacl -m u:adguard:rx /etc/pki/tls/private/CA.key
setfacl -m u:adguard:rx /etc/pki/tls/private/srv1.key
Log in to adguard.
su - adguard
vi AdGuardHome.yaml
tls:
enabled: true
server_name: ""
force_https: false
port_https: 448
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: /etc/pki/tls/certs/srv1.crt
private_key_path: /etc/pki/tls/private/srv1.key
strict_sni_check: false
Exit the AdGuard user.
exit
Open port 448 in the firewall.
ufw allow in from any to any port 448
systemctl restart AdGuardHome
Open AdguardHome to https:
https:192.168.90.41:448