Merge pull request #304 from pi-hole/fix_setting_loss_on_restart

Fix setting loss on restart (4.0)

.travis.yml

@@ -6,9 +6,9 @@ env:
     global:
         - QEMU_VER=v2.9.1
     matrix:
-        - OS=debian ARCH=amd64
-        - OS=debian ARCH=armhf
-        - OS=debian ARCH=aarch64
+        - ARCH=amd64
+        - ARCH=armhf
+        - ARCH=aarch64
 python:
   - "2.7"
 install:
@@ -17,7 +17,8 @@ script:
   # prepare qemu
   - docker run --rm --privileged multiarch/qemu-user-static:register --reset
   # generate and build dockerfile
-  - ./Dockerfile.py --os=${OS} --arch=${ARCH} -v
+  - ./Dockerfile.py --arch=${ARCH} -v
   - docker images
   # run docker build & tests
-  - py.test -vv -n auto -k "${OS}-${ARCH}" ./test/
+  # 2 parallel max b/c race condition with docker fixture (I think?)
+  - py.test -vv -n 2 -k "${ARCH}" ./test/

Dockerfile.py

@@ -3,14 +3,14 @@
 """ Dockerfile.py - generates and build dockerfiles
 
 Usage:
-  Dockerfile.py [--os=<os> ...] [--arch=<arch> ...] [-v] [--no-build | --no-generate] [--no-cache]
+  Dockerfile.py [--arch=<arch> ...] [--skip=<arch> ...] [-v] [--no-build | --no-generate] [--no-cache]
 
 Options:
     --no-build      Skip building the docker images
     --no-cache      Build without using any cache data
     --no-generate   Skip generating Dockerfiles from template
-    --os=<os>       What OS(s) to build             [default: debian]
-    --arch=<arch>   What Architecture(s) to build   [default: amd64 armhf aarch64]
+    --arch=<arch>   What Architecture(s) to build   [default: amd64 armel armhf aarch64]
+    --skip=<arch>   What Architectures(s) to skip   [default: None]
     -v              Print docker's command output   [default: False]
 
 Examples:
@@ -25,24 +25,26 @@ import testinfra
 THIS_DIR = os.path.dirname(os.path.abspath(__file__))
 
 base_vars = {
-    'name': 'diginc/pi-hole',
+    'name': 'pihole/pihole',
     'maintainer' : 'adam@diginc.us',
-    's6_version' : 'v1.21.2.2',
+    's6_version' : 'v1.21.4.0',
 }
 
 os_base_vars = {
-    'debian': {
-        'php_env_config': '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf',
-        'php_error_log': '/var/log/lighttpd/error.log'
-    },
+    'php_env_config': '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf',
+    'php_error_log': '/var/log/lighttpd/error.log'
 }
 
 images = {
-    'debian': [
+    'v4.0': [
         {
             'base': 'debian:stretch',
             'arch': 'amd64'
         },
+        {
+            'base': 'multiarch/debian-debootstrap:armel-stretch-slim',
+            'arch': 'armel'
+        },
         {
             'base': 'multiarch/debian-debootstrap:armhf-stretch-slim',
             'arch': 'armhf'
@@ -59,21 +61,25 @@ def generate_dockerfiles(args):
         print " ::: Skipping Dockerfile generation"
         return
 
-    for os, archs in images.iteritems():
+    for version, archs in images.iteritems():
         for image in archs:
-            if os not in args['--os'] and image['arch'] not in args['--arch']:
-                return
+            if image['arch'] not in args['--arch'] or image['arch'] in args['--skip']:
+                    return
+            s6arch = image['arch']
+            if image['arch'] == 'armel':
+                s6arch = 'arm'
             merged_data = dict(
-                { 'os': os }.items() +
+                { 'version': version }.items() +
                 base_vars.items() +
-                os_base_vars[os].items() +
-                image.items()
+                os_base_vars.items() +
+                image.items() +
+                { 's6arch': s6arch }.items()
             )
             j2_env = Environment(loader=FileSystemLoader(THIS_DIR),
                                  trim_blocks=True)
             template = j2_env.get_template('Dockerfile.template')
 
-            dockerfile = 'Dockerfile_{}_{}'.format(os, image['arch'])
+            dockerfile = 'Dockerfile_{}'.format(image['arch'])
             with open(dockerfile, 'w') as f:
                 f.write(template.render(pihole=merged_data))
 
@@ -83,23 +89,19 @@ def build_dockerfiles(args):
         print " ::: Skipping Dockerfile building"
         return
 
-    for os in args['--os']:
-        for arch in args['--arch']:
-            docker_repo = 'pi-hole-multiarch'
-            if arch == 'amd64':
-                docker_repo = 'pi-hole'
-
-            build(docker_repo, os, arch, args)
+    for arch in args['--arch']:
+        # TODO: include from external .py that can be shared with Dockerfile.py / Tests / deploy scripts '''
+        build('pihole', 'v4.0', arch, args)
 
 
-def build(docker_repo, os, arch, args):
+def build(docker_repo, version, arch, args):
     run_local = testinfra.get_backend(
         "local://"
     ).get_module("Command").run
 
-    dockerfile = 'Dockerfile_{}_{}'.format(os, arch)
-    repo_tag = '{}:{}_{}'.format(docker_repo, os, arch)
-    cached_image = '{}/{}'.format('diginc', repo_tag)
+    dockerfile = 'Dockerfile_{}'.format(arch)
+    repo_tag = '{}:{}_{}'.format(docker_repo, version, arch)
+    cached_image = '{}/{}'.format('pihole', repo_tag)
     no_cache = ''
     if args['--no-cache']:
         no_cache = '--no-cache'
@@ -111,6 +113,7 @@ def build(docker_repo, os, arch, args):
     build_result = run_local(build_command) 
     if args['-v']:
         print build_result.stdout
+        print build_result.stderr
     if build_result.rc != 0:
         print "     ::: Building {} encountered an error".format(dockerfile)
         print build_result.stderr
@@ -118,7 +121,7 @@ def build(docker_repo, os, arch, args):
 
 
 if __name__ == '__main__':
-    args = docopt(__doc__, version='Dockerfile 0.1')
+    args = docopt(__doc__, version='Dockerfile 1.0')
     # print args
 
     generate_dockerfiles(args)

Dockerfile.template

@@ -1,29 +1,20 @@
 FROM {{ pihole.base }}
 
-LABEL image="{{ pihole.name }}:{{ pihole.os }}_{{ pihole.arch }}"
-LABEL maintainer="{{ pihole.maintainer }}"
-LABEL url="https://www.github.com/diginc/docker-pi-hole"
-
-ENV TAG {{ pihole.os }}
-ENV ARCH {{ pihole.arch }}
-ENV PATH /opt/pihole:${PATH}
-
 COPY install.sh /usr/local/bin/docker-install.sh
-ENV setupVars /etc/pihole/setupVars.conf
-ENV PIHOLE_INSTALL /tmp/ph_install.sh
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/{{ pihole.s6_version }}/s6-overlay-{{ pihole.arch }}.tar.gz
+ENV PIHOLE_INSTALL /root/ph_install.sh
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/{{ pihole.s6_version }}/s6-overlay-{{ pihole.s6arch }}.tar.gz
 
 RUN apt-get update && \
-    apt-get install -y wget curl net-tools cron procps && \
-    curl -L -s $S6OVERLAY_RELEASE \
-        | tar xvzf - -C / && \
-    docker-install.sh && \
+    apt-get install -y curl procps && \
+    curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/* && \
     mv /init /s6-init
 
+RUN apt-get update && bash -ex docker-install.sh 2>&1
+
 ENTRYPOINT [ "/s6-init" ]
 
-ADD s6/{{ pihole.os }}-root /
+ADD s6/debian-root /
 COPY s6/service /usr/local/bin/service
 
 # php config start passes special ENVs into
@@ -36,13 +27,23 @@ COPY ./bash_functions.sh /
 ENV IPv6 True
 
 EXPOSE 53 53/udp
+EXPOSE 67/udp
 EXPOSE 80
+EXPOSE 443
 
 ENV S6_LOGGING 0
 ENV S6_KEEP_ENV 1
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
 ENV FTL_CMD no-daemon
 
+ENV VERSION {{ pihole.version }}
+ENV ARCH {{ pihole.arch }}
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="{{ pihole.name }}:{{ pihole.version }}_{{ pihole.arch }}"
+LABEL maintainer="{{ pihole.maintainer }}"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
 HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_aarch64

@@ -1,26 +1,17 @@
 FROM multiarch/debian-debootstrap:arm64-stretch-slim
 
-LABEL image="diginc/pi-hole:debian_aarch64"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/diginc/docker-pi-hole"
-
-ENV TAG debian
-ENV ARCH aarch64
-ENV PATH /opt/pihole:${PATH}
-
 COPY install.sh /usr/local/bin/docker-install.sh
-ENV setupVars /etc/pihole/setupVars.conf
-ENV PIHOLE_INSTALL /tmp/ph_install.sh
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.2.2/s6-overlay-aarch64.tar.gz
+ENV PIHOLE_INSTALL /root/ph_install.sh
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-aarch64.tar.gz
 
 RUN apt-get update && \
-    apt-get install -y wget curl net-tools cron procps && \
-    curl -L -s $S6OVERLAY_RELEASE \
-        | tar xvzf - -C / && \
-    docker-install.sh && \
+    apt-get install -y curl procps && \
+    curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/* && \
     mv /init /s6-init
 
+RUN apt-get update && bash -ex docker-install.sh 2>&1
+
 ENTRYPOINT [ "/s6-init" ]
 
 ADD s6/debian-root /
@@ -36,13 +27,23 @@ COPY ./bash_functions.sh /
 ENV IPv6 True
 
 EXPOSE 53 53/udp
+EXPOSE 67/udp
 EXPOSE 80
+EXPOSE 443
 
 ENV S6_LOGGING 0
 ENV S6_KEEP_ENV 1
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
 ENV FTL_CMD no-daemon
 
+ENV VERSION v4.0
+ENV ARCH aarch64
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.0_aarch64"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
 HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_amd64

@@ -1,26 +1,17 @@
 FROM debian:stretch
 
-LABEL image="diginc/pi-hole:debian_amd64"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/diginc/docker-pi-hole"
-
-ENV TAG debian
-ENV ARCH amd64
-ENV PATH /opt/pihole:${PATH}
-
 COPY install.sh /usr/local/bin/docker-install.sh
-ENV setupVars /etc/pihole/setupVars.conf
-ENV PIHOLE_INSTALL /tmp/ph_install.sh
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.2.2/s6-overlay-amd64.tar.gz
+ENV PIHOLE_INSTALL /root/ph_install.sh
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-amd64.tar.gz
 
 RUN apt-get update && \
-    apt-get install -y wget curl net-tools cron procps && \
-    curl -L -s $S6OVERLAY_RELEASE \
-        | tar xvzf - -C / && \
-    docker-install.sh && \
+    apt-get install -y curl procps && \
+    curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/* && \
     mv /init /s6-init
 
+RUN apt-get update && bash -ex docker-install.sh 2>&1
+
 ENTRYPOINT [ "/s6-init" ]
 
 ADD s6/debian-root /
@@ -36,13 +27,23 @@ COPY ./bash_functions.sh /
 ENV IPv6 True
 
 EXPOSE 53 53/udp
+EXPOSE 67/udp
 EXPOSE 80
+EXPOSE 443
 
 ENV S6_LOGGING 0
 ENV S6_KEEP_ENV 1
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
 ENV FTL_CMD no-daemon
 
+ENV VERSION v4.0
+ENV ARCH amd64
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.0_amd64"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
 HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_armel

@@ -0,0 +1,49 @@
+FROM multiarch/debian-debootstrap:armel-stretch-slim
+
+COPY install.sh /usr/local/bin/docker-install.sh
+ENV PIHOLE_INSTALL /root/ph_install.sh
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-arm.tar.gz
+
+RUN apt-get update && \
+    apt-get install -y curl procps && \
+    curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/* && \
+    mv /init /s6-init
+
+RUN apt-get update && bash -ex docker-install.sh 2>&1
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
+ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+ENV FTL_CMD no-daemon
+
+ENV VERSION v4.0
+ENV ARCH armel
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.0_armel"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_armhf

@@ -1,26 +1,17 @@
 FROM multiarch/debian-debootstrap:armhf-stretch-slim
 
-LABEL image="diginc/pi-hole:debian_armhf"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/diginc/docker-pi-hole"
-
-ENV TAG debian
-ENV ARCH armhf
-ENV PATH /opt/pihole:${PATH}
-
 COPY install.sh /usr/local/bin/docker-install.sh
-ENV setupVars /etc/pihole/setupVars.conf
-ENV PIHOLE_INSTALL /tmp/ph_install.sh
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.2.2/s6-overlay-armhf.tar.gz
+ENV PIHOLE_INSTALL /root/ph_install.sh
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-armhf.tar.gz
 
 RUN apt-get update && \
-    apt-get install -y wget curl net-tools cron procps && \
-    curl -L -s $S6OVERLAY_RELEASE \
-        | tar xvzf - -C / && \
-    docker-install.sh && \
+    apt-get install -y curl procps && \
+    curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C / && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/* && \
     mv /init /s6-init
 
+RUN apt-get update && bash -ex docker-install.sh 2>&1
+
 ENTRYPOINT [ "/s6-init" ]
 
 ADD s6/debian-root /
@@ -36,13 +27,23 @@ COPY ./bash_functions.sh /
 ENV IPv6 True
 
 EXPOSE 53 53/udp
+EXPOSE 67/udp
 EXPOSE 80
+EXPOSE 443
 
 ENV S6_LOGGING 0
 ENV S6_KEEP_ENV 1
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
 ENV FTL_CMD no-daemon
 
+ENV VERSION v4.0
+ENV ARCH armhf
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.0_armhf"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
 HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

README.md

@@ -1,44 +1,57 @@
-## Important Note to alpine / arm tag users: 
-
-**Debian is now the only supported base OS for `diginc/pi-hole`** to improve consistency and updates.  Alpine OS was dropped and ARM has moved to a new image/tag name.  The ARM Debian tag was removed from `diginc/pi-hole` but is still supported at its new image repository home,  [diginc/pi-hole-multiarch](https://hub.docker.com/r/diginc/pi-hole-multiarch/tags/) where it has both an `:debian_armhf` and `:debian_aarch64` version
+<p align="center">
+<a href="https://pi-hole.net"><img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png" width="150" height="255" alt="Pi-hole"></a><br/>
+</p>
+<!-- Delete above HTML and insert markdown for dockerhub : ![Pi-hole](https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png) -->
 
 ## Overview
 
-A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 ~~and ARM~~ container with [pi-hole](https://pi-hole.net) functionality.
+#### Renamed from `diginc/pi-hole` to `pihole/pihole`
 
-1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv6l/ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links.
-2) Use the appropriate tag (x86 can use default tag, ARM users need to use images from `diginc/pi-hole-multiarch:debian_armhf`) in the below `docker run` command
+A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality.
+
+1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links.
+2) Use the appropriate tag (x86 can use default tag, ARM users need to use images from [pihole/pihole:v4.0_armhf](https://store.docker.com/community/images/pihole/pihole/tags)) in the below `docker run` command
 3) Enjoy!
 
-[![Build Status](https://api.travis-ci.org/diginc/docker-pi-hole.svg?branch=master)](https://travis-ci.org/diginc/docker-pi-hole) [![Docker Stars](https://img.shields.io/docker/stars/diginc/pi-hole.svg?maxAge=604800)](https://store.docker.com/community/images/diginc/pi-hole) [![Docker Pulls](https://img.shields.io/docker/pulls/diginc/pi-hole.svg?maxAge=604800)](https://store.docker.com/community/images/diginc/pi-hole)
+[![Build Status](https://api.travis-ci.org/pi-hole/docker-pi-hole.svg?branch=master)](https://travis-ci.org/pi-hole/docker-pi-hole) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)
 
-[![Join the chat at https://gitter.im/diginc/docker-pi-hole](https://badges.gitter.im/diginc/docker-pi-hole.svg)](https://gitter.im/diginc/docker-pi-hole?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Join the chat at https://gitter.im/pihole/docker-pi-hole](https://badges.gitter.im/pihole/docker-pi-hole.svg)](https://gitter.im/pihole/docker-pi-hole?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-## Running Pi-Hole Docker
+## Running Pi-hole Docker
 
-[DockerCloud](https://store.docker.com/community/images/diginc/pi-hole) automatically builds the latest docker-pi-hole changes into images which can easily be pulled and ran with a simple `docker run` command.  Changes and updates under development or testing can be found in the [dev tags](#development) section.
+[DockerCloud](https://store.docker.com/community/images/pihole/pihole) automatically builds the latest docker-pi-hole changes into images which can easily be pulled and ran with a simple `docker run` command.  Changes and updates under development or testing can be found in the [dev tags](#development) section.
 
-One crucial thing to know before starting is this container needs port 53 and port 80, two very popular ports that may conflict with existing applications.  If you have no other services or dockers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/diginc/docker-pi-hole/blob/master/docker_run.sh) or summarized here:
+One crucial thing to know before starting is this container needs port 53 and port 80, two very popular ports that may conflict with existing applications.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh) or summarized here:
 
 ```
 IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"  # May not work for VPN / tun0
-IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{ print $10; exit }')"  # May not work for VPN / tun0
+IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"  # May not work for VPN / tun0
 IP="${IP:-$IP_LOOKUP}"  # use $IP, if set, otherwise IP_LOOKUP
 IPv6="${IPv6:-$IPv6_LOOKUP}"  # use $IPv6, if set, otherwise IP_LOOKUP
 DOCKER_CONFIGS="$(pwd)"  # Default of directory you run this from, update to where ever.
 
+echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"
 docker run -d \
     --name pihole \
-    -p 53:53/tcp -p 53:53/udp -p 80:80 \
+    -p 53:53/tcp -p 53:53/udp \
+    -p 67:67/udp \
+    -p 80:80 \
+    -p 443:443 \
     -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
     -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
     -e ServerIP="${IP}" \
     -e ServerIPv6="${IPv6}" \
     --restart=unless-stopped \
-    diginc/pi-hole:latest
+    --cap-add=NET_ADMIN \
+    pihole/pihole:latest
+
+echo -n "Your password for https://${IP}/admin/ is "
+docker logs pihole 2> /dev/null | grep 'password:'
 ```
 
-**This is just an example and might need changing.**  Volumes are stored in the directory `$DOCKER_CONFIGS` and aren't required but are recommended for persisting data across docker re-creations for updating images.  As mentioned on line 2, the auto `IP_LOOKUP` variable may not work for VPN tunnel interfaces.
+**This is just an example and might need changing.**  Volumes are stored in the directory `$DOCKER_CONFIGS` and are recommended for persisting data across docker re-creations for updating images.  As mentioned on line 2, the auto `IP_LOOKUP` variable may not work for VPN tunnel interfaces.
+
+Two recently added ports to the `docker run` and `docker-compose` examples are port 67 and 443.  Port 67 is for users who wish to have Pi-hole run a DHCP server.  Port 443 is to provide a sinkhole for ads that use SSL.  If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times.  Rejecting 443 on your firewall can also serve this same purpose.  Ubuntu firewall example: `sudo ufw reject https`
 
 **Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs.  **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.
 
@@ -53,82 +66,82 @@ There are other environment variables if you want to customize various things in
 | `-e TZ=<Timezone>`<br/> **Recommended** *Default: UTC* | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
 | `-e WEBPASSWORD=<Admin password>`<br/> **Recommended** *Default: random* | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
 | `-e DNS1=<IP>`<br/> *Optional* *Default: 8.8.8.8* | Primary upstream DNS provider, default is google DNS
-| `-e DNS2=<IP>`<br/> *Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS
+| `-e DNS2=<IP>`<br/> *Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used
 | `-e VIRTUAL_HOST=<Custom Hostname>`<br/> *Optional* *Default: $ServerIP*   | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
 | `-e IPv6=<True\|False>`<br/> *Optional* *Default: True* | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
 | `-e INTERFACE=<NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
 | `-e DNSMASQ_LISTENING=<local\|all\|NIC>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local.
-| `-e WEB_PORT=<PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternagtive Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
+| `-e WEB_PORT=<PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternagtive Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
 
 Here is a rundown of the other arguments passed into the example `docker run`:
 
 | Docker Arguments | Description |
 | ---------------- | ----------- |
-| `-p 80:80`<br/>`-p 53:53/tcp -p 53:53/udp`<br/> **Recommended** | Ports to expose, the bare minimum ports required for pi-holes HTTP and DNS services
-| `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your pihole on boot or in the event of a crash
-| `-v /dir/for/pihole:/etc/pihole`<br/> **Recommended** | Volumes for your pihole configs help persist changes across docker image updates
+| `-p 80:80`<br/>`-p 53:53/tcp -p 53:53/udp`<br/> **Recommended** | Ports to expose, the bare minimum ports required for Pi-holes HTTP and DNS services
+| `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash
+| `-v /dir/for/pihole:/etc/pihole`<br/> **Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates
 | `-v /dir/for/dnsmasq.d:/etc/dnsmasq.d`<br/> **Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates
 | `--net=host`<br/> *Optional* | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application
-| `--cap-add=NET_ADMIN`<br/> *Optional* | If you want to attempt DHCP (not fully tested or supported) I'd suggest this with --net=host
+| `--cap-add=NET_ADMIN`<br/> *Optional* | If you're forwarding port 67 you will also needs this for DHCP to work. (DHCP Reportedly works, I have not used however)
 
-If you're a fan of [docker-compose](https://docs.docker.com/compose/install/) I have [example docker-compose.yml files](https://github.com/diginc/docker-pi-hole/blob/master/doco-example.yml) in github which I think are a nicer way to represent such long run commands.
+If you're a fan of [docker-compose](https://docs.docker.com/compose/install/) I have [example docker-compose.yml files](https://github.com/pi-hole/docker-pi-hole/blob/master/doco-example.yml) in github which I think are a nicer way to represent such long run commands.
 
 ## Tips and Tricks
 
 * A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/)
 * [How do I set or reset the Web interface Password?](https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328)
-  * `docker exec pihole_container_name pihole -a -p supersecurepassword`
+  * `docker exec -it pihole_container_name pihole -a -p` - then enter your password into the prompt
 * Port conflicts?  Stop your server's existing DNS / Web services.
   * Ubuntu users especially may need to shut off dns on your docker server so it can run in the container on port 53
     * 17.04 and later should disable dnsmasq.
     * 17.10 should disable systemd-resolved service.  See this page: [How to disable systemd-resolved in Ubuntu](https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu)
   * Don't forget to stop your services from auto-starting again after you reboot
-* Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly.  To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already.  Pi-Hole must be the default web app on the proxy e.g. if you go to your host by IP instead of domain then pi-hole is served out instead of any other sites hosted by the proxy. This is the '[default_server](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)' in nginx or ['_default_' virtual host](https://httpd.apache.org/docs/2.4/vhosts/examples.html#default) in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads.
-  * You can still map other ports to pi-hole port 80 using docker's port forwarding like this `-p 8080:80`, but again the ads won't render properly.  Changing the inner port 80 shouldn't be required unless you run docker host networking mode.
-  * [Here is an example of running with jwilder/proxy](https://github.com/diginc/docker-pi-hole/blob/master/jwilder-proxy-example-doco.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with pihole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the pihole's container.  Please read jwilder/proxy readme for more info if you have trouble.  I tested this basic example which is based off what I run.
+* Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly.  To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already.  Pi-hole must be the default web app on the proxy e.g. if you go to your host by IP instead of domain then Pi-hole is served out instead of any other sites hosted by the proxy. This is the '[default_server](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)' in nginx or ['_default_' virtual host](https://httpd.apache.org/docs/2.4/vhosts/examples.html#default) in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads.
+  * You can still map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80`, but again the ads won't render properly.  Changing the inner port 80 shouldn't be required unless you run docker host networking mode.
+  * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/jwilder-proxy-example-doco.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.  I tested this basic example which is based off what I run.
 
 ## Docker tags and versioning
 
-The primary docker tags / versions are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/diginc/pi-hole/tags), I also try to tag with the specific version of Pi-Hole Core for version pinning purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/diginc/docker-pi-hole/releases).
+The primary docker tags / versions are explained in the following table.  [Click here to see the full list of x86 tags](https://store.docker.com/community/images/pihole/pihole/tags) ([arm tags are here](https://store.docker.com/community/images/pihole/pihole/tags)), I also try to tag with the specific version of Pi-hole Core for version archival purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases).
 
 | tag                 | architecture | description                                                             | Dockerfile |
 | ---                 | ------------ | -----------                                                             | ---------- |
-| `debian` / `latest` | x86          | Debian x86 image, container running lighttpd and dnsmasq                | [Dockerfile](https://github.com/diginc/docker-pi-hole/blob/master/debian.docker) |
+| `latest` / `v4.0`   | x86          | Debian x86 image, container running lighttpd and dnsmasq                | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile_amd64) |
 
-### `diginc/pi-hole:debian` [![](https://images.microbadger.com/badges/image/diginc/pi-hole:debian.svg)](https://microbadger.com/images/diginc/pi-hole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/diginc/pi-hole:debian.svg)](https://microbadger.com/images/diginc/pi-hole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/diginc/pi-hole:latest.svg)](https://microbadger.com/images/diginc/pi-hole "Get your own version badge on microbadger.com")
+### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
 
-This version of the docker aims to be as close to a standard pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from pi-hole.
+This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from Pi-hole.
 
-### `diginc/pi-hole-multiarch:debian_armhf` [![](https://images.microbadger.com/badges/image/diginc/pi-hole-multiarch:debian_armhf.svg)](https://microbadger.com/images/diginc/pi-hole-multiarch "Get your own image badge on microbadger.com")
-Latest version of ARM-compatible pihole image
+### `pihole/pihole:v4.0_armhf` [![](https://images.microbadger.com/badges/image/pihole/pihole:v4.0_armhf.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com")
+Latest version of ARMv7-compatible pihole image
 
-https://hub.docker.com/r/diginc/pi-hole-multiarch/tags/
+https://hub.docker.com/r/pihole/pihole/tags/
 
-### `diginc/pi-hole-multiarch:debian_aarch64` [![](https://images.microbadger.com/badges/image/diginc/pi-hole-multiarch:debian_aarch64.svg)](https://microbadger.com/images/diginc/pi-hole-multiarch "Get your own image badge on microbadger.com")
+### `pihole/pihole:v4.0_aarch64` [![](https://images.microbadger.com/badges/image/pihole/pihole:v4.0_aarch64.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com")
 Latest version of ARM64-compatible pihole image
 
-https://hub.docker.com/r/diginc/pi-hole-multiarch/tags/
+https://hub.docker.com/r/pihole/pihole/tags/
 
 ## Upgrading, Persistence, and Customizations
 
-The standard pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration in case you have removed the pi-hole container which is a typical docker upgrade pattern.
+The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.
 
 ### Upgrading
 
-`pihole -up` is disabled.  Upgrade the docker way instead, please.  Long-living docker containers are not the docker way.
+`pihole -up` is disabled.  Upgrade the docker way instead, please.  Long-living docker containers are not the docker way since they aim to be portable and reproducible, why not re-create them often!  Just to prove you can.
 
-1. Download the latest version of the image: `docker pull diginc/pi-hole`
+1. Download the latest version of the image: `docker pull pihole/pihole`
 2. Throw away your container: `docker rm -f pihole`
   * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS inturruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
   * If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
-3. Start your container with the newer base image: `docker run <args> diginc/pi-hole` (`<args>` being your preferred run volumes and env vars)
+3. Start your container with the newer base image: `docker run <args> pihole/pihole` (`<args>` being your preferred run volumes and env vars)
 
 Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to know it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reducing complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix servers](https://www.google.com/?q=phoenix+servers) principles for your containers.
 
 
-### Pihole features
+### Pi-hole features
 
-Here are some relevant wiki pages from [pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  The web interface or command line tools can be used to implement changes to pihole.
+Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  The web interface or command line tools can be used to implement changes to pihole.
 
 We install all pihole utilities so the the built in [pihole commands](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) will work via `docker exec <container> <command>` like so:
 
@@ -138,24 +151,20 @@ We install all pihole utilities so the the built in [pihole commands](https://di
 
 ### Customizations
 
-The webserver and DNS service inside the container can be customized if necessary.  Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`.  The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log.
+The webserver and DNS service inside the container can be customized if necessary.  Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the Pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`.  The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log.
 
-Similarly for the webserver you can customize configs in /etc/lighttpd (*:debian* tag).
+Similarly for the webserver you can customize configs in /etc/lighttpd
 
 ### Systemd init script
 
-As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/diginc/docker-pi-hole/master/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
+As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
 
 NOTE:  After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container.
 
 ## Development
 
-[![Build Status](https://api.travis-ci.org/diginc/docker-pi-hole.svg?branch=dev)](https://travis-ci.org/diginc/docker-pi-hole) If you plan on making a contribution please pull request to the dev branch.  I also build tags of the dev branch for bug fix testing after merges have been made:
-
-| tag                 | architecture | description                                                             | Dockerfile |
-| ---                 | ------------ | -----------                                                             | ---------- |
-| `debian_dev`        | x86          | Debian x86 image, container running lighttpd and dnsmasq                | [Dockerfile](https://github.com/diginc/docker-pi-hole/blob/dev/debian.docker) |
+Development image tags coming soon
 
 # User Feedback
 
-Please report issues on the [GitHub project](https://github.com/diginc/docker-pi-hole) when you suspect something docker related.  Pi-Hole questions are best answered on their [user forums](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  Ping me (@diginc) on there if it's a docker and you're not sure if it's docker related.
+Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole questions are best answered on our [user forums](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  Ping me (@diginc) on the forums if it's a docker container and you're not sure if it's docker related.

TESTING.md

@@ -12,7 +12,7 @@ To run the Dockerfile templating, image build, and tests all in one command just
 
 # Local image names
 
-Docker images built by `tox` or `python Dockerfile.py` are named the same but stripped of the `diginc/` docker repository namespace.
+Docker images built by `tox` or `python Dockerfile.py` are named the same but stripped of the `pihole/` docker repository namespace.
 
 e.g. `pi-hole:debian_amd64` or `pi-hole-multiarch:debian_aarch64`
 

bash_functions.sh

@@ -1,12 +1,51 @@
 #!/bin/bash
-. /opt/pihole/webpage.sh
-setupVars="$setupVars"
-ServerIP="$ServerIP"
-ServerIPv6="$ServerIPv6"
-IPv6="$IPv6"
 
-prepare_setup_vars() {
+prepare_configs() {
+    # Done in /start.sh, don't do twice
+    PH_TEST=true . $PIHOLE_INSTALL
+    distro_check
+    installConfigs
     touch "$setupVars"
+    set +e
+    mkdir -p /var/run/pihole /var/log/pihole
+    # Re-apply perms from basic-install over any volume mounts that may be present (or not)
+    chown pihole:root /etc/lighttpd
+    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole" "${regexFile}"
+    chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" 
+    # not sure why pihole:pihole user/group write perms are not enough for web to write...dirty fix:
+    chmod 777 "${regexFile}"
+    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    chown pihole:pihole /var/run/pihole /var/log/pihole
+    test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
+    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
+    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    set -e
+    # Update version numbers
+    pihole updatechecker
+    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
+    
+    # If the setup variable file exists,
+    if [[ -e "${setupVars}" ]]; then
+        # update the variables in the file
+        local USERWEBPASSWORD="${WEBPASSWORD}"
+        . "${setupVars}"
+        # Stash and pop the user password to avoid setting the password to the hashed setupVar variable
+        WEBPASSWORD="${USERWEBPASSWORD}"
+        # Clean up old before re-writing the required setupVars
+        sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;' "${setupVars}"
+    fi
+    # echo the information to the user
+    {
+    echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
+    echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
+    echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
+    echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
+    echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
+    echo "QUERY_LOGGING=${QUERY_LOGGING}"
+    echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
+    echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
+    echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
+    }>> "${setupVars}"
 }
 
 validate_env() {
@@ -63,18 +102,22 @@ setup_dnsmasq_dns() {
         change_setting "PIHOLE_DNS_1" "${DNS1}"
     fi
     if [[ -n "$DNS2" && -z "$setupDNS2" ]] ; then
-        change_setting "PIHOLE_DNS_2" "${DNS2}"
+        if [ "$DNS2" = "no" ] ; then
+            delete_setting "PIHOLE_DNS_2"
+        else
+            change_setting "PIHOLE_DNS_2" "${DNS2}"
+        fi
     fi
 }
 
 setup_dnsmasq_interface() {
-    local INTERFACE="${1:-eth0}"
+    local interface="${1:-eth0}"
     local interfaceType='default'
-    if [ "$INTERFACE" != 'eth0' ] ; then
+    if [ "$interface" != 'eth0' ] ; then
       interfaceType='custom'
     fi;
-    echo "DNSMasq binding to $interfaceType interface: $INTERFACE"
-    [ -n "$INTERFACE" ] && change_setting "PIHOLE_INTERFACE" "${INTERFACE}"
+    echo "DNSMasq binding to $interfaceType interface: $interface"
+    [ -n "$interface" ] && change_setting "PIHOLE_INTERFACE" "${interface}"
 }
 
 setup_dnsmasq_config_if_missing() {
@@ -85,12 +128,14 @@ setup_dnsmasq_config_if_missing() {
 }
 
 setup_dnsmasq() {
+    local dns1="$1"
+    local dns2="$2"
+    local interface="$3"
     # Coordinates 
     setup_dnsmasq_config_if_missing
-    setup_dnsmasq_dns "$DNS1" "$DNS2" 
-    setup_dnsmasq_interface "$INTERFACE"
+    setup_dnsmasq_dns "$dns1" "$dns2" 
+    setup_dnsmasq_interface "$interface"
     ProcessDNSSettings
-    # dnsmasq -7 /etc/dnsmasq.d --interface="${INTERFACE:-eth0}"
 }
 
 setup_dnsmasq_hostnames() {
@@ -131,23 +176,16 @@ setup_dnsmasq_hostnames() {
 }
 
 setup_lighttpd_bind() {
-    if [[ "$TAG" == 'debian' ]] ; then
+    local serverip="$1"
     # if using '--net=host' only bind lighttpd on $ServerIP and localhost
-        if grep -q "docker" /proc/net/dev ; then #docker (docker0 by default) should only be present on the host system
-            if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
-                sed -i -E "s/server\.port\s+\=\s+80/server.bind\t\t = \"${ServerIP}\"\nserver.port\t\t = 80\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:80\" \{\}/" /etc/lighttpd/lighttpd.conf
-            fi
+    if grep -q "docker" /proc/net/dev ; then #docker (docker0 by default) should only be present on the host system
+        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
+            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
         fi
     fi
 }
 
 setup_php_env() {
-    case $TAG in
-        "debian") setup_php_env_debian ;;
-    esac
-}
-
-setup_php_env_debian() {
     if [ -z "$VIRTUAL_HOST" ] ; then
       VIRTUAL_HOST="$ServerIP"
     fi;
@@ -194,53 +232,86 @@ setup_web_port() {
 }
 
 setup_web_password() {
-    if [ -z "${WEBPASSWORD+x}" ] ; then 
+    if [ -z "${WEBPASSWORD+x}" ] ; then
         # Not set at all, give the user a random pass
         WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
         echo "Assigning random password: $WEBPASSWORD"
     fi;
+    # Turn bash debug on while setting up password (to print it)
     set -x
     if [[ "$WEBPASSWORD" == "" ]] ; then
         echo "" | pihole -a -p
     else
         pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
     fi
-    { set +x; } 2>/dev/null
+    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+        # Turn bash debug back off after print password setup
+        # (subshell to null hides printing output)
+        { set +x; } 2>/dev/null
+    fi
 }
 
 setup_ipv4_ipv6() {
     local ip_versions="IPv4 and IPv6"
     if [ "$IPv6" != "True" ] ; then
         ip_versions="IPv4"
-        case $TAG in
-            "debian") sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf ;;
-        esac
+        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
     fi;
     echo "Using $ip_versions"
 }
 
 test_configs() {
-    case $TAG in
-        "debian") test_configs_debian ;;
-    esac
-}
-
-test_configs_debian() {
     set -e
-    echo -n '::: Testing DNSmasq config: '
-    dnsmasq --test -7 /etc/dnsmasq.d || exit 1
+    echo -n '::: Testing pihole-FTL DNS: '
+    pihole-FTL test || exit 1
     echo -n '::: Testing lighttpd config: '
     lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
     set +e
-    echo "::: All config checks passed, starting ..."
+    echo "::: All config checks passed, cleared for startup ..."
 }
 
-test_framework_stubbing() {
-    if [ -n "$PYTEST" ] ; then 
-        echo ":::::: Tests are being ran - stub out ad list fetching and add a fake ad block"
-        sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" 
-        echo '123.123.123.123 testblock.pi-hole.local' > /var/www/html/fake.list
-        echo 'file:///var/www/html/fake.list' > /etc/pihole/adlists.list
-        echo 'http://localhost/fake.list' >> /etc/pihole/adlists.list
+
+setup_blocklists() {
+    local blocklists="$1"   
+    # Exit/return early without setting up adlists with defaults for any of the following conditions:
+    # 1. NO_SETUP env is set
+    exit_string="(exiting ${FUNCNAME[0]} early)"
+
+    if [ -n "${NO_SETUP}" ]; then
+        echo "::: NO_SETUP requested ($exit_string)"
+        return
     fi
+
+    # 2. The adlist file exists already (restarted container or volume mounted list)
+    if [ -f "${adlistFile}" ]; then
+        echo "::: Preexisting ad list ${adlistFile} detected ($exit_string)"
+        cat "${adlistFile}"
+        return
+    fi
+
+    # 3. If we're running tests, use a small list of fake tests to speed everything up
+    if [ -n "$PYTEST" ]; then 
+        echo ":::::: Tests are being ran - stub out ad list fetching and add a fake ad block ${exit_string}"
+        sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" 
+        echo '123.123.123.123 testblock.pi-hole.local' > "/var/www/html/fake.list"
+        echo 'file:///var/www/html/fake.list' > "${adlistFile}"
+        echo 'http://localhost/fake.list' >> "${adlistFile}"
+        return
+    fi
+
+    echo "::: ${FUNCNAME[0]} now setting default blocklists up: "
+    echo "::: TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
+    > "${adlistFile}"
+    # Just copied outa the choices for now
+    # https://github.com/pi-hole/pi-hole/blob/FTLDNS/automated%20install/basic-install.sh#L1014
+    echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}"
+    echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}"
+    echo "http://sysctl.org/cameleon/hosts" >> "${adlistFile}"
+    echo "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist" >> "${adlistFile}"
+    echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}"
+    echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}"
+    echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}"
+
+    echo "::: Blocklists (${adlistFile}) now set to:"
+    cat "${adlistFile}"
 }

deploy_arm.sh

@@ -1,25 +0,0 @@
-#!/bin/bash
-# Script for manually pushing the docker arm images for diginc only 
-# (no one else has docker repo permissions)
-if [ ! -f ~/.docker/config.json ] ; then
-    echo "Error: You should setup your docker push authorization first"
-    exit 1
-fi
-
-if [[ "$1" == 'prod' ]] ; then
-    export version='3.3'
-    for tag in debian_armhf debian_aarch64; do 
-        # Verison specific tags for ongoing history
-        docker tag pi-hole-multiarch:$tag diginc/pi-hole-multiarch:v${version}_${tag} 
-        docker push diginc/pi-hole-multiarch:v${version}_${tag} 
-        # Floating latest tags 
-        docker tag pi-hole-multiarch:$tag diginc/pi-hole-multiarch:${tag} 
-        docker push diginc/pi-hole-multiarch:${tag} 
-    done
-elif [[ "$1" == 'dev' ]] ; then
-    for tag in debian_armhf debian_aarch64; do 
-        # Floating dev tag
-        docker tag pi-hole-multiarch:$tag diginc/pi-hole-multiarch:${tag}_dev 
-        docker push diginc/pi-hole-multiarch:${tag}_dev 
-    done
-fi

deploy_docker.sh

@@ -0,0 +1,57 @@
+#!/bin/bash -ex
+# Script for manually pushing the docker arm images for diginc only 
+# (no one else has docker repo permissions)
+if [ ! -f ~/.docker/config.json ] ; then
+    echo "Error: You should setup your docker push authorization first"
+    exit 1
+fi
+
+parse_git_branch() {
+  git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/\1/'
+}
+
+namespace='pihole'
+localimg='pihole'
+remoteimg="$namespace/$localimg"
+branch="$(parse_git_branch)"
+version="${version:-unset}"
+dry="${dry}"
+latest="${latest:-false}" # true as shell env var to deploy latest
+
+if [[ -n "$dry" ]]; then dry='echo '; fi
+
+if [[ "$version" == 'unset' ]]; then
+    if [[ "$branch" == "master" ]]; then
+        echo "Version number var is unset and master branch needs a version...pass in \$version variable!"
+        exit 1
+    elif [[ "$branch" = "release/"* ]]; then
+        version="$(echo $branch | grep -Po 'v[\d\.-]*')"
+        echo "Version number is being taken from this release branch $version"
+    else
+        version="$branch"
+        remoteimg="${namespace}/${localimg}-dev"
+        echo "Using the branch ($branch) for deployed image version since not passed in"
+    fi
+fi
+
+echo "# DEPLOYING:"
+echo "version: $version"
+echo "branch: $branch"
+[[ -n "$dry" ]] && echo "DRY RUN: $dry"
+echo "Example tagging: docker tag $localimg:$tag $remoteimg:${version}_amd64"
+
+$dry ./Dockerfile.py --arch=amd64 --arch=armhf --arch=aarch64
+
+# ARMv6/armel doesn't have a FTL binary for v4.0 pi-hole 
+# for tag in debian_armhf debian_aarch64 debian_armel; do 
+for tag in amd64 armhf aarch64; do 
+    # Verison specific tags for ongoing history
+    $dry docker tag $localimg:v4.0_$tag $remoteimg:${version}_${tag} 
+    $dry docker push pihole/pihole:${version}_${tag} 
+    # Floating latest tags (Conditionalize these to master?)
+    if [[ "$tag" == 'amd64' ]] && [[ "$branch" == 'master' || "$latest" == 'true' ]] ; then
+        # Latest tag should become a manifest for multiple architectures, not just amd64!
+        $dry docker tag pihole:v4.0_amd64 pihole/pihole:latest
+        $dry docker push pihole/pihole:latest
+    fi;
+done

docker-compose.yml

@@ -1 +1 @@
-doco-alpine.yml
+doco-example.yml

docker_run.sh

@@ -1,21 +1,30 @@
 #!/bin/bash
-IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"  # May not work for VPN / tun0
-IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{ print $10; exit }')"  # May not work for VPN / tun0
+# Lookups may not work for VPN / tun0
+IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"  
+IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"  
+
+# Just hard code these to your docker server's LAN IP if lookups aren't working
 IP="${IP:-$IP_LOOKUP}"  # use $IP, if set, otherwise IP_LOOKUP
 IPv6="${IPv6:-$IPv6_LOOKUP}"  # use $IPv6, if set, otherwise IP_LOOKUP
-DOCKER_CONFIGS="$(pwd)"  # Default of directory you run this from, update to where ever.
 
-echo "IP: ${IP} - IPv6: ${IPv6}"
+# Default of directory you run this from, update to where ever.
+DOCKER_CONFIGS="$(pwd)"  
+
+echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"
 
 # Default ports + daemonized docker container
 docker run -d \
     --name pihole \
-    -p 53:53/tcp -p 53:53/udp -p 80:80 \
+    -p 53:53/tcp -p 53:53/udp \
+    -p 67:67/udp \
+    -p 80:80 \
+    -p 443:443 \
     -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
     -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
-    -e ServerIP="${IP:-$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')}" \
-    -e ServerIPv6="${IPv6:-$(ip -6 route get 2001:4860:4860::8888 | awk '{ print $10; exit }')}" \
-    --restart=always \
-    diginc/pi-hole:latest
+    -e ServerIP="${IP}" \
+    -e ServerIPv6="${IPv6}" \
+    --restart=unless-stopped \
+    pihole/pihole:latest
 
+echo -n "Your password for https://${IP}/admin/ is "
 docker logs pihole 2> /dev/null | grep 'password:'

doco-example.yml

@@ -1,11 +1,13 @@
 version: "3"
 services:
   pihole:
-    image: diginc/pi-hole:latest
+    image: pihole/pihole:latest
     ports:
       - "53:53/tcp"
       - "53:53/udp"
+      - "67:67/udp"
       - "80:80/tcp"
+      - "443:443/tcp"
     environment:
       # enter your docker host IP here
       ServerIP:

install.sh

@@ -1,13 +1,13 @@
 #!/bin/bash -ex
 mkdir -p /etc/pihole/
 mkdir -p /var/run/pihole
-export CORE_TAG='v3.3.1'
-export WEB_TAG='v3.3'
-export FTL_TAG='v3.0'
-export USE_DEVELOPMENT_BRANCHES=false
+# Production tags with valid web footers
+export CORE_TAG='v4.0'
+export WEB_TAG='v4.0'
+# Only use for pre-production / testing
+export USE_CUSTOM_BRANCHES=false
 
-if [[ $USE_DEVELOPMENT_BRANCHES == true ]] ; then
-    # install from custom hash or branch
+if [[ $USE_CUSTOM_BRANCHES == true ]] ; then
     CORE_TAG='development'
 fi
 
@@ -19,20 +19,36 @@ which systemctl && mv "$(which systemctl)" /bin/no_systemctl
 which debconf-apt-progress && mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
 
 # Get the install functions
-wget -O "$PIHOLE_INSTALL" https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_TAG}/automated%20install/basic-install.sh
+curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_TAG}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL" 
 PH_TEST=true . "${PIHOLE_INSTALL}"
 
-# Run only what we need from installer
+# Preseed variables to assist with using --unattended install
+{
+  echo "PIHOLE_INTERFACE=eth0"
+  echo "IPV4_ADDRESS=0.0.0.0"
+  echo "IPV6_ADDRESS=0:0:0:0:0:0"
+  echo "PIHOLE_DNS_1=8.8.8.8"
+  echo "PIHOLE_DNS_2=8.8.4.4"
+  echo "QUERY_LOGGING=true"
+  echo "INSTALL_WEB_SERVER=true"
+  echo "INSTALL_WEB_INTERFACE=true"
+  echo "LIGHTTPD_ENABLED=true"
+}>> "${setupVars}"
+source $setupVars
+
 export USER=pihole
-if [[ "$TAG" == 'debian' ]] ; then
-    distro_check
-    install_dependent_packages INSTALLER_DEPS[@]
-    install_dependent_packages PIHOLE_DEPS[@]
-    install_dependent_packages PIHOLE_WEB_DEPS[@]
-    sed -i "/sleep 2/ d" /etc/init.d/dnsmasq # SLOW
-	# IPv6 support for nc openbsd better than traditional
-	apt-get install -y --force-yes netcat-openbsd
-fi
+distro_check
+
+# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
+apt-get -y install debconf-utils && echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
+
+# Tried this - unattended causes starting services during a build, should probably PR a flag to shut that off and switch to that 
+#bash -ex "./${PIHOLE_INSTALL}" --unattended
+install_dependent_packages INSTALLER_DEPS[@]
+install_dependent_packages PIHOLE_DEPS[@]
+install_dependent_packages PIHOLE_WEB_DEPS[@]
+# IPv6 support for nc openbsd better than traditional
+apt-get install -y --force-yes netcat-openbsd
 
 piholeGitUrl="${piholeGitUrl}"
 webInterfaceGitUrl="${webInterfaceGitUrl}"
@@ -40,23 +56,16 @@ webInterfaceDir="${webInterfaceDir}"
 git clone "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}"
 git clone "${webInterfaceGitUrl}" "${webInterfaceDir}"
 
-export PIHOLE_INTERFACE=eth0
-export IPV4_ADDRESS=0.0.0.0
-export IPV6_ADDRESS=0:0:0:0:0:0
-export PIHOLE_DNS_1=8.8.8.8
-export PIHOLE_DNS_2=8.8.4.4
-export QUERY_LOGGING=true
-
 tmpLog="/tmp/pihole-install.log"
 installLogLoc="${installLogLoc}"
-installPihole | tee "${tmpLog}"
+installPihole 2>&1 | tee "${tmpLog}"
 mv "${tmpLog}" /
 
-if [[ $USE_DEVELOPMENT_BRANCHES == true ]] ; then
+if [[ $USE_CUSTOM_BRANCHES == true ]] ; then
     ln -s /bin/true /usr/local/bin/service
-    echo y | bash -x pihole checkout core development
-    echo y | bash -x pihole checkout web devel
-    echo y | bash -x pihole checkout ftl development
+    echo "$CORE_TAG" | tee /etc/pihole/ftlbranch
+    echo y | bash -x pihole checkout core $CORE_TAG
+    echo y | bash -x pihole checkout web $CORE_TAG
     unlink /usr/local/bin/service
 else
     # Reset to our tags so version numbers get detected correctly

jwilder-proxy-example-doco.yml

@@ -9,11 +9,13 @@ applist:
   restart: always
 
 pihole:
-  image: diginc/pi-hole:latest
+  image: pihole/pihole:latest
   ports:
     - '53:53/tcp'
     - '53:53/udp'
+    - "67:67/udp"
     - '8053:80/tcp'
+    - "443:443/tcp"
   volumes:
     - '/var/log/pihole.log:/var/log/pihole.log'
   #net: host

s6/debian-root/etc/cont-init.d/20-start.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/with-contenv bash
-set
+set -e
 
 bashCmd='bash -e'
 if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then 
@@ -7,11 +7,10 @@ if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
     bashCmd='bash -e -x'
 fi
 
-# Start dnsmasq for validate_env and gravity.sh
-dnsmasq -7 /etc/dnsmasq.d
+# used to start dnsmasq here for gravity to use...now that conflicts port 53
 
 $bashCmd /start.sh
 gravity.sh
 
 # Kill dnsmasq because s6 won't like it if it's running when s6 services start
-kill -9 $(pgrep dnsmasq) || true
+kill -9 $(pgrep pihole-FTL) || true

s6/debian-root/etc/services.d/cron/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping cron"
+killall -9 cron

s6/debian-root/etc/services.d/dnsmasq/finish

@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-kill -9 $(pgrep dnsmasq)

s6/debian-root/etc/services.d/dnsmasq/run

@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Starting dnsmasq"
-
-s6-setuidgid root dnsmasq -7 /etc/dnsmasq.d --no-daemon

s6/debian-root/etc/services.d/lighttpd/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping lighttpd"
+killall -9 lighttpd

s6/debian-root/etc/services.d/lighttpd/run

@@ -1,5 +1,4 @@
 #!/usr/bin/with-contenv bash
 
 s6-echo "Starting lighttpd"
-
 lighttpd -D -f /etc/lighttpd/lighttpd.conf

s6/debian-root/etc/services.d/pihole-FTL/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping pihole-FTL"
+kill -9 $(pgrep pihole-FTL)

s6/debian-root/etc/services.d/pihole-FTL/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
 
 s6-echo "Starting pihole-FTL ($FTL_CMD)"
-pihole-FTL ${FTL_CMD}
+s6-setuidgid root pihole-FTL $FTL_CMD
+

start.sh

@@ -12,26 +12,44 @@ export DNS1
 export DNS2
 export INTERFACE
 export IPv6
-export WEBPASSWORD
 export WEB_PORT
+export PLAINWEBPASSWORD="$WEBPASSWORD"
 
+export adlistFile='/etc/pihole/adlists.list'
+
+# The below functions are all contained in bash_functions.sh
 . /bash_functions.sh
 
-echo " ::: Starting docker specific setup for docker diginc/pi-hole"
+# Some of the bash_functions use variables these core pi-hole/web scripts
+. /opt/pihole/webpage.sh
+# PH_TEST prevents the install from actually running (someone should rename that)
+PH_TEST=true . $PIHOLE_INSTALL
+
+echo " ::: Starting docker specific setup for docker pihole/pihole"
 validate_env || exit 1
-prepare_setup_vars
+prepare_configs
 change_setting "IPV4_ADDRESS" "$ServerIP"
 change_setting "IPV6_ADDRESS" "$ServerIPv6"
 setup_web_port "$WEB_PORT"
-setup_web_password "$WEBPASSWORD"
-setup_dnsmasq "$DNS1" "$DNS2"
+setup_web_password "$PLAINWEBPASSWORD"
+setup_dnsmasq "$DNS1" "$DNS2" "$INTERFACE"
 setup_php_env
 setup_dnsmasq_hostnames "$ServerIP" "$ServerIPv6" "$HOSTNAME"
 setup_ipv4_ipv6
-setup_lighttpd_bind "$ServerIP" "$TAG"
+setup_lighttpd_bind "$ServerIP"
+setup_blocklists
 test_configs
-test_framework_stubbing
 
 [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
 
-echo "::: Docker start setup complete"
+echo " ::: Docker start setup complete"
+
+echo """
+:: ::: ::: ::: ::: ::: ::: ::: ::: :::
+:: Image moved / deprecation notice
+::    OLD IMAGE : diginc/pi-hole
+::    NEW IMAGE : pihole/pihole
+:: In order to get the latest updates 
+:: please update your image references
+:: ::: ::: ::: ::: ::: ::: ::: ::: :::
+"""

test/conftest.py

@@ -5,11 +5,11 @@ check_output = testinfra.get_backend(
     "local://"
 ).get_module("Command").check_output
 
-def DockerGeneric(request, args, image, cmd):
+def DockerGeneric(request, args, image, cmd, entrypoint=''):
     assert 'docker' in check_output('id'), "Are you in the docker group?"
-    if 'pi-hole' in image:
+    if 'pihole' in image:
        args += " --dns 127.0.0.1 -v /dev/null:/etc/pihole/adlists.default -e PYTEST=\"True\""
-    docker_run = "docker run -d {} {} {}".format(args, image, cmd)
+    docker_run = "docker run -d {args} {entry} {image} {cmd}".format(args=args, entry=entrypoint, image=image, cmd=cmd)
     print docker_run
     docker_id = check_output(docker_run)
 
@@ -37,47 +37,50 @@ def DockerGeneric(request, args, image, cmd):
     docker_container.run = funcType(run_bash, docker_container, testinfra.backend.docker.DockerBackend)
     return docker_container
 
+
 @pytest.fixture
-def Docker(request, args, image, cmd):
+def Docker(request, args, image, cmd, entrypoint):
     ''' One-off Docker container run '''
-    return DockerGeneric(request, args, image, cmd)
+    return DockerGeneric(request, args, image, cmd, entrypoint)
 
 @pytest.fixture(scope='module')
 def DockerPersist(request, persist_args, persist_image, persist_cmd, Dig):
-    ''' Persistent Docker container for multiple tests '''
+    ''' Persistent Docker container for multiple tests, instead of stopping container after one test '''
+    ''' Uses DUP'd module scoped fixtures because smaller scoped fixtures won't mix with module scope '''
     persistent_container = DockerGeneric(request, persist_args, persist_image, persist_cmd)
     ''' attach a dig conatiner for lookups '''
     persistent_container.dig = Dig(persistent_container.id)
     return persistent_container
 
+@pytest.fixture
+def entrypoint():
+    return ''
+
 @pytest.fixture()
 def args(request):
     return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"'
 
-@pytest.fixture(params=['amd64', 'armhf', 'aarch64'])
+@pytest.fixture(params=['amd64', 'armel', 'armhf', 'aarch64'])
 def arch(request):
     return request.param
 
-@pytest.fixture(params=['debian'])
-def os(request):
-    return request.param
+@pytest.fixture()
+def version(request):
+    ''' TODO: include from external .py that can be shared with Dockerfile.py / Tests / deploy scripts '''
+    return 'v4.0'
 
 @pytest.fixture()
-def tag(request, os, arch):
-    return '{}_{}'.format(os, arch)
+def tag(request, version, arch):
+    return '{}_{}'.format(version, arch)
 
 @pytest.fixture
 def webserver(request, tag):
-    webserver = 'nginx'
-    if 'debian' in tag:
-        webserver = 'lighttpd'
-    return webserver
+    ''' TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests? '''
+    return 'lighttpd'
 
 @pytest.fixture()
 def image(request, tag):
-    image = 'pi-hole-multiarch'
-    if 'amd64' in tag:
-        image = 'pi-hole'
+    image = 'pihole'
     return '{}:{}'.format(image, tag)
 
 @pytest.fixture()
@@ -86,33 +89,30 @@ def cmd(request):
 
 @pytest.fixture(scope='module', params=['amd64'])
 def persist_arch(request):
-    '''amd64 only, dnsmasq will not start under qemu-user-static :('''
+    '''amd64 only, dnsmasq/pihole-FTL(?untested?) will not start under qemu-user-static :('''
     return request.param
 
-@pytest.fixture(scope='module', params=['debian'])
-def persist_os(request):
-    return request.param
+@pytest.fixture(scope='module')
+def persist_version(request):
+    ''' TODO: include from external .py that can be shared with Dockerfile.py / Tests / deploy scripts '''
+    return 'v4.0'
 
 @pytest.fixture(scope='module')
 def persist_args(request):
     return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"'
 
 @pytest.fixture(scope='module')
-def persist_tag(request, persist_os, persist_arch):
-    return '{}_{}'.format(persist_os, persist_arch)
+def persist_tag(request, persist_version, persist_arch):
+    return '{}_{}'.format(persist_version, persist_arch)
 
 @pytest.fixture(scope='module')
 def persist_webserver(request, persist_tag):
-    webserver = 'nginx'
-    if 'debian' in persist_tag:
-        webserver = 'lighttpd'
-    return webserver
+    ''' TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests? '''
+    return 'lighttpd'
 
 @pytest.fixture(scope='module')
 def persist_image(request, persist_tag):
-    image = 'pi-hole-multiarch'
-    if 'amd64' in persist_tag:
-        image = 'pi-hole'
+    image = 'pihole'
     return '{}:{}'.format(image, persist_tag)
 
 @pytest.fixture(scope='module')
@@ -157,6 +157,6 @@ Persistent Docker container for testing service post start.sh
 @pytest.fixture
 def RunningPiHole(DockerPersist, Slow, persist_webserver):
     ''' Persist a fully started docker-pi-hole to help speed up subsequent tests '''
-    Slow(lambda: DockerPersist.run('pgrep dnsmasq').rc == 0)
-    Slow(lambda: DockerPersist.run('pgrep {}'.format(persist_webserver) ).rc == 0)
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
+    Slow(lambda: DockerPersist.run('pgrep lighttpd').rc == 0)
     return DockerPersist

test/test_bash_functions.py

@@ -9,28 +9,27 @@ DEFAULTARGS = '-e ServerIP="127.0.0.1" '
     (DEFAULTARGS + '-e "IPv6=False"', False, 'IPv4'),
     (DEFAULTARGS + '-e "IPv6=foobar"', False, 'IPv4'),
 ])
-def test_IPv6_not_True_removes_ipv6(Docker, os, args, expected_ipv6, expected_stdout):
+def test_IPv6_not_True_removes_ipv6(Docker, args, expected_ipv6, expected_stdout):
     ''' When a user overrides IPv6=True they only get IPv4 listening webservers '''
-    IPV6_LINE = { 'debian': 'use-ipv6.pl' }
-    WEB_CONFIG = { 'debian': '/etc/lighttpd/lighttpd.conf' }
+    IPV6_LINE = 'use-ipv6.pl'
+    WEB_CONFIG = '/etc/lighttpd/lighttpd.conf'
 
     function = Docker.run('. /bash_functions.sh ; setup_ipv4_ipv6')
     assert "Using {}".format(expected_stdout) in function.stdout
-    config = Docker.run('cat {}'.format( WEB_CONFIG[os])).stdout
-    assert (IPV6_LINE[os] in config) == expected_ipv6
+    config = Docker.run('cat {}'.format(WEB_CONFIG)).stdout
+    assert (IPV6_LINE in config) == expected_ipv6
 
 @pytest.mark.parametrize('args', [DEFAULTARGS + '-e "WEB_PORT=999"'])
-def test_overrides_default_WEB_PORT(Docker, os, args):
+def test_overrides_default_WEB_PORT(Docker, args):
     ''' When a --net=host user sets WEB_PORT to avoid synology's 80 default IPv4 and or IPv6 ports are updated'''
-    CONFIG_LINES = { 'debian': ['server.port\s*=\s*999'] }
-    WEB_CONFIG = { 'debian': '/etc/lighttpd/lighttpd.conf' }
+    CONFIG_LINE = 'server.port\s*=\s*999'
+    WEB_CONFIG = '/etc/lighttpd/lighttpd.conf'
 
     function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_port /start.sh`')
     assert "Custom WEB_PORT set to 999" in function.stdout
     assert "INFO: Without proper router DNAT forwarding to 127.0.0.1:999, you may not get any blocked websites on ads" in function.stdout
-    config = Docker.run('cat {}'.format( WEB_CONFIG[os])).stdout
-    for expected_line in CONFIG_LINES[os]:
-        assert re.search(expected_line, config) != None
+    config = Docker.run('cat {}'.format(WEB_CONFIG)).stdout
+    assert re.search(CONFIG_LINE, config) != None
     # grep fails to find any of the old address w/o port
     assert Docker.run('grep -rq "://127.0.0.1/" /var/www/html/').rc == 1
     assert Docker.run('grep -rq "://pi.hole/" /var/www/html/').rc == 1
@@ -55,6 +54,8 @@ def test_bad_input_to_WEB_PORT(Docker, args, expected_error):
     ('-e ServerIP="1.2.3.4" -e DNS1="1.2.3.4"',                   'custom DNS',  '1.2.3.4', '8.8.4.4' ),
     ('-e ServerIP="1.2.3.4" -e DNS2="1.2.3.4"',                   'custom DNS',  '8.8.8.8', '1.2.3.4' ),
     ('-e ServerIP="1.2.3.4" -e DNS1="1.2.3.4" -e DNS2="2.2.3.4"', 'custom DNS',  '1.2.3.4', '2.2.3.4' ),
+    ('-e ServerIP="1.2.3.4" -e DNS1="1.2.3.4" -e DNS2="no"', 'custom DNS',  '1.2.3.4', None ),
+    ('-e ServerIP="1.2.3.4" -e DNS2="no"', 'custom DNS',  '8.8.8.8', None ),
 ])
 def test_override_default_servers_with_DNS_EnvVars(Docker, args, expected_stdout, dns1, dns2):
     ''' on first boot when DNS vars are NOT set explain default google DNS settings are used
@@ -64,7 +65,7 @@ def test_override_default_servers_with_DNS_EnvVars(Docker, args, expected_stdout
     assert expected_stdout in function.stdout
 
     docker_dns_servers = Docker.run('grep "^server=" /etc/dnsmasq.d/01-pihole.conf').stdout
-    expected_servers = 'server={}\nserver={}\n'.format(dns1, dns2)
+    expected_servers = 'server={}\n'.format(dns1) if dns2 == None else 'server={}\nserver={}\n'.format(dns1, dns2)
     assert expected_servers == docker_dns_servers
 
 @pytest.mark.parametrize('args, dns1, dns2, expected_stdout', [
@@ -119,11 +120,11 @@ expected_debian_lines = [
     '"ServerIP" => "127.0.0.1"',
     '"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log"'
 ]
-@pytest.mark.parametrize('os,expected_lines,repeat_function', [
-    ('debian', expected_debian_lines, 1),
-    ('debian', expected_debian_lines, 2)
+@pytest.mark.parametrize('expected_lines,repeat_function', [
+    (expected_debian_lines, 1),
+    (expected_debian_lines, 2)
 ])
-def test_debian_setup_php_env(Docker, os, expected_lines, repeat_function):
+def test_debian_setup_php_env(Docker, expected_lines, repeat_function):
     ''' confirm all expected output is there and nothing else '''
     stdout = ''
     for i in range(repeat_function):
@@ -131,7 +132,9 @@ def test_debian_setup_php_env(Docker, os, expected_lines, repeat_function):
     for expected_line in expected_lines:
         search_config_cmd = "grep -c '{}' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf".format(expected_line)
         search_config_count = Docker.run(search_config_cmd)
-        assert search_config_count.stdout.rstrip('\n') == '1'
+        found_lines = int(search_config_count.stdout.rstrip('\n'))
+        if found_lines > 1:
+            assert False, "Found line {} times (more than once): {}".format(expected_line)
 
 @pytest.mark.parametrize('args,secure,setupVarsHash', [
     ('-e ServerIP=1.2.3.4 -e WEBPASSWORD=login', True, 'WEBPASSWORD=6060d59351e8c2f48140f01b2c3f3b61652f396c53a5300ae239ebfbe7d5ff08'),

test/test_pihole_scripts.py

@@ -8,18 +8,18 @@ def start_cmd():
 @pytest.fixture
 def RunningPiHole(DockerPersist, Slow, persist_webserver, persist_tag, start_cmd):
     ''' Override the RunningPiHole to run and check for success of a
-        dnsmasq start based `pihole` script command '''
+        pihole-FTL start based `pihole` script command '''
     #print DockerPersist.run('ps -ef').stdout
     assert DockerPersist.dig.run('ping -c 1 test_pihole').rc == 0
-    Slow(lambda: DockerPersist.run('pgrep dnsmasq').rc == 0)
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
     Slow(lambda: DockerPersist.run('pgrep {}'.format(persist_webserver)).rc == 0)
-    oldpid = DockerPersist.run('pidof dnsmasq')
+    oldpid = DockerPersist.run('pidof pihole-FTL')
     cmd = DockerPersist.run('pihole {}'.format(start_cmd))
-    Slow(lambda: DockerPersist.run('pgrep dnsmasq').rc == 0)
-    newpid = DockerPersist.run('pidof dnsmasq')
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
+    newpid = DockerPersist.run('pidof pihole-FTL')
     for pid in [oldpid, newpid]:
         assert pid != ''
-    # ensure a new pid for dnsmasq appeared due to service restart
+    # ensure a new pid for pihole-FTL appeared due to service restart
     assert oldpid != newpid
     assert cmd.rc == 0
     # Save out cmd result to check different stdout of start/enable/disable

test/test_start.py

@@ -4,15 +4,8 @@ import time
 ''' Note, testinfra builtins don't seem fully compatible with
         docker containers (esp. musl based OSs) stripped down nature '''
 
-def test_pihole_default_run_command(Docker, tag):
-    expected_proc = '/sbin/tini -- /start.sh'
-    pgrep = 'pgrep -f "{}" | wc -l || echo 0'.format(expected_proc)
-    find_proc = Docker.run(pgrep).stdout
-    if int(find_proc) < 1:
-        print Docker.run('ps -ef')
-        print "{} : {}".format(pgrep, find_proc)
-        assert False, '{}: Couldn\'t find proc {}'.format(tag, expected_proc)
-
+# If the test runs /start.sh, do not let s6 run it too!  Kill entrypoint to avoid race condition/duplicated execution
+@pytest.mark.parametrize('entrypoint,cmd', [('--entrypoint=tail','-f /dev/null')])
 @pytest.mark.parametrize('args', [ '' ])
 def test_ServerIP_missing_triggers_start_error(Docker):
     ''' When args to docker are empty start.sh exits saying ServerIP is required '''
@@ -21,6 +14,8 @@ def test_ServerIP_missing_triggers_start_error(Docker):
     assert start.rc == 1
     assert error_msg in start.stdout
 
+# If the test runs /start.sh, do not let s6 run it too!  Kill entrypoint to avoid race condition/duplicated execution
+@pytest.mark.parametrize('entrypoint,cmd', [('--entrypoint=tail','-f /dev/null')])
 @pytest.mark.parametrize('args,error_msg,expect_rc', [ 
     ('-e ServerIP="1.2.3.z"', "ServerIP Environment variable (1.2.3.z) doesn't appear to be a valid IPv4 address",1), 
     ('-e ServerIP="1.2.3.4" -e ServerIPv6="1234:1234:1234:ZZZZ"', "Environment variable (1234:1234:1234:ZZZZ) doesn't appear to be a valid IPv6 address",1),

tox.ini

@@ -4,6 +4,10 @@ envlist = py27
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
+# 2 parallel max b/c race condition with docker fixture (I think?)
 commands = docker run --rm --privileged multiarch/qemu-user-static:register --reset
-           ./Dockerfile.py -v
-           pytest {posargs:-vv -n auto} ./test/
+           ./Dockerfile.py -v --arch amd64
+           pytest -vv -n 2 -k amd64 ./test/
+           ./Dockerfile.py -v --arch armhf --arch aarch64
+           pytest -vv -n 2 -k armhf ./test/
+           pytest -vv -n 2 -k aarch64 ./test/

traefik-docker-compose-example.md

@@ -1,9 +1,9 @@
 Please note the following about this [traefik](https://traefik.io/) example for pihole.
 
-- Still requires standard pi-hole setup steps, make sure you've gone through the [README](https://github.com/diginc/docker-pi-hole/blob/master/README.md) and understand how to setup pihole without traefik first
+- Still requires standard pi-hole setup steps, make sure you've gone through the [README](https://github.com/pihole/docker-pi-hole/blob/master/README.md) and understand how to setup pihole without traefik first
 - Update these things before using:
     - set instances of `homedomain.lan` below to your home domain (typically set in your router)
-    - set your pihole ENV WEBPASSWORD
+    - set your pihole ENV WEBPASSWORD if you don't want a random admin pass
 - This works for me, Your mileage may vary!
 - For support, do your best to figure out traefik issues on your own:
     - by looking at logs and traefik web interface on port 8080
@@ -27,6 +27,7 @@ services:
     command: "--web --docker --docker.domain=homedomain.lan --docker.exposedbydefault=false --logLevel=DEBUG"
     ports:
       - "80:80"
+      - "443:443"
       - "8080:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
@@ -42,10 +43,11 @@ services:
     container_name: pihole
     domainname: homedomain.lan
     
-    image: diginc/pi-hole:debian
+    image: pihole/pihole:latest
     ports:
       - '0.0.0.0:53:53/tcp'
       - '0.0.0.0:53:53/udp'
+      - '0.0.0.0:67:67/udp'
       - '0.0.0.0:8053:80/tcp'
     volumes:
     # run `touch ./pihole.log` first unless you like errors
@@ -57,8 +59,8 @@ services:
       PROXY_LOCATION: pihole
       VIRTUAL_HOST: pihole.homedomain.lan
       VIRTUAL_PORT: 80
-      WEBPASSWORD: yoursecurepass
       TZ: 'America/Chicago'
+      # WEBPASSWORD:
     restart: unless-stopped
     labels:
        # required when using --docker.exposedbydefault=false
@@ -80,8 +82,8 @@ networks:
 After running `docker-compose up -d` you should see this if you look at logs on traefik `docker-compose logs -f traefik`
 
 ```
-traefik    | time="2018-03-07T18:57:41Z" level=debug msg="Provider event received {Status:health_status: healthy ID:33567e94e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 From:diginc/pi-hole:debian Type:container Action:health_status: healthy Actor:{ID:33567e94
-e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 Attributes:map[com.docker.compose.project:traefik image:diginc/pi-hole:debian traefik.frontend.priority:1 com.docker.compose.container-number:1 com.docker.compose.service:pihole com.docker.compose.version:1.19.0 name:pihole traefik.enable:true url:https://www.github.com/diginc/docker-pi-hole com.docker.compose.oneoff:False maintainer:adam@diginc.us traefik.backend:pihole traefik.frontend.rule:HostRegexp:pihole.homedomain.lan,{catchall:.*} traefik.port:80 com.docker.compose.config-
+traefik    | time="2018-03-07T18:57:41Z" level=debug msg="Provider event received {Status:health_status: healthy ID:33567e94e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 From:pihole/pihole:latest Type:container Action:health_status: healthy Actor:{ID:33567e94
+e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 Attributes:map[com.docker.compose.project:traefik image:pihole/pihole:latest traefik.frontend.priority:1 com.docker.compose.container-number:1 com.docker.compose.service:pihole com.docker.compose.version:1.19.0 name:pihole traefik.enable:true url:https://www.github.com/pihole/docker-pi-hole com.docker.compose.oneoff:False maintainer:adam@diginc.us traefik.backend:pihole traefik.frontend.rule:HostRegexp:pihole.homedomain.lan,{catchall:.*} traefik.port:80 com.docker.compose.config-
 hash:7551c3f4bd11766292c7dad81473ef21da91cae8666d1b04a42d1daab53fba0f]} Scope:local Time:1520449061 TimeNano:1520449061934970670}"
 traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Filtering disabled container /traefik"
 traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.whitelistSourceRange labels"