also run remote update check on container startup

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Update documentation per comments on #1155
2022-09-02 21:37:10 +01:00 · 2022-09-02 18:14:10 +01:00 · 2022-09-02 18:09:56 +01:00 · 2022-08-29 17:16:32 +01:00 · 2022-08-29 17:12:58 +01:00 · 2022-08-29 16:52:00 +01:00
114 changed files with 1856 additions and 2065 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,65 +0,0 @@
-version: 2
-
-.job_template: &job_template
-  machine:
-    enabled: true
-  steps:
-    - checkout
-    - run:
-        command: ./circle-test.sh
-    - persist_to_workspace:
-        root: .
-        paths: [ 'ci-workspace' ]
-
-jobs:
-  amd64:
-    <<: *job_template
-  arm64:
-    <<: *job_template
-  armhf:
-    <<: *job_template
-  armel:
-    <<: *job_template
-  deploy:
-    docker:
-      - image: circleci/python:latest
-    steps:
-      - setup_remote_docker:
-          version: 18.06.0-ce
-      - checkout
-      - attach_workspace:
-          at: .
-      - run:
-          command: ./circle-deploy.sh
-
-
-
-workflows:
-  version: 2
-  build:
-    jobs:
-      - amd64:
-          filters:
-            tags:
-              only: /^v.*/
-      - arm64:
-          filters:
-            tags:
-              only: /^v.*/
-      - armhf:
-          filters:
-            tags:
-              only: /^v.*/
-      - armel:
-          filters:
-            tags:
-              only: /^v.*/
-      - deploy:
-          requires:
-            - amd64
-            - arm64
-            - armhf
-            - armel
-          filters:
-            tags:
-              only: /^v.*/
--- a/.codespellignore
+++ b/.codespellignore
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,52 +0,0 @@
-<!-- Provide a general summary of the issue in the Title above -->
-<!-- Note: these are comments that don't show up in the actual issue, no need to delete them as you fill out the template -->
-
-This is a... <!-- To choose ONE, put an [x] in the box that applies -->
-
- [ ] Request for a new or modified feature
- [ ] Issue trying to run the docker image
- [ ] Issue trying to build / test / develop the docker image
-
-## Description
-<!-- Provide a more detailed introduction to the issue or feature -->
-
-## Expected Behavior
-<!-- Tell us what should happen -->
-
-## Actual Behavior
-<!-- Tell us what happens instead -->
-
-## Possible Fix
-<!-- Not obligatory, but suggest a fix or reason for the bug -->
-
-## Steps to Reproduce and debugging done
-<!-- Reproduce this bug. Include code to reproduce, if relevant -->
-e.g. your docker run command, pages to visit, CLI commands you ran
-1.
-2. 
-3. 
-4. 
-
-## Debug steps I have tried
-<!-- Please attempt these debug steps to see if it helps you resolve or understand your own issue -->
-
- [ ] I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
- [ ] I have tried running the nearly stock `docker run` example in the readme (removing any customizations I added)
- [ ] I have tried running without my volume data mounts to eliminate volumes as the cause
- [ ] I have searched this repository for existing issues and pull requests that look similar <!-- Add links below! -->
-
-<!-- Note: If volumes are your issue, I strongly recommend just starting with fresh volume data -->
-
-<!-- Add any other debugging steps you've taken that maybe relevant information -->
-
-## Context and extra information
-<!-- How has this bug affected you? What were you trying to accomplish? -->
-<!-- Got any other relevant links to similar issues? -->
-
-## Your Environment 
-<!--- Include as many relevant details about the environment you experienced the bug in -->
-* Docker Host Operating System and OS Version:
-* Docker Version:
-* Hardware architecture: <!-- ARMv7, x86 -->
-
-
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,57 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!-- Provide a general summary of the issue in the Title above -->
+<!-- Note: these are comments that don't show up in the actual issue, no need to delete them as you fill out the template -->
+
+<!-- IMPORTANT Complete the entire template please, the info gathered here is usually needed to debug issues anyway so it saves time in the long run. Incomplete/stock template issues may be closed -->
+
+<!-- pick ONE: Bug, 
+               Feature Request, 
+               Run Issue (running Pi-hole container failing), 
+               Build Issue (Building image failing) 
+Enter in line below: -->
+This is a: **FILL ME IN**  
+
+
+## Details
+<!-- Provide a more detailed introduction to the issue or feature, try not to duplicate info from lower sections by reviewing the entire template first -->
+
+## Related Issues
+- [ ] I have searched this repository/Pi-hole forums for existing issues and pull requests that look similar 
+<!-- Add links below! -->
+
+<!------- FEATURE REQUESTS CAN STOP FILLING IN TEMPLATE HERE -------->
+<!------- ISSUES SHOULD FILL OUT REMAINDER OF TEMPLATE -------->
+
+## How to reproduce the issue 
+
+1. Environment data
+  * Operating System: **ENTER HERE** <!-- Debian, Ubuntu, Rasbian, etc -->
+  * Hardware: <!-- PC, RasPi B/2B/3B/4B, Mac, Synology, QNAP, etc -->
+  * Kernel Architecture: <!-- x86/amd64, ArmV7, ArmV8 32bit, ArmV8 64bit, etc -->
+  * Docker Install Info and version: 
+    - Software source: <!-- official docker-ce, OS provided package, Hypriot -->
+    - Supplimentary Software: <!-- synology, portainer, etc -->
+  * Hardware architecture: <!-- ARMv7, x86 -->
+
+2. docker-compose.yml contents, docker run shell command, or paste a screenshot of any UI based configuration of containers here
+3. any additional info to help reproduce
+
+
+## These common fixes didn't work for my issue
+<!-- IMPORTANT! Help me help you! Ordered with most common fixes first. -->
+- [ ] I have tried removing/destroying my container, and re-creating a new container
+- [ ] I have tried fresh volume data by backing up and moving/removing the old volume data
+- [ ] I have tried running the stock `docker run` example(s) in the readme (removing any customizations I added)
+- [ ] I have tried a newer or older version of Docker Pi-hole (depending what version the issue started in for me)
+- [ ] I have tried running without my volume data mounts to eliminate volumes as the cause
+
+If the above debugging / fixes revealed any new information note it here.
+Add any other debugging steps you've taken or theories on root cause that may help.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,12 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions and Configurations
+    url: https://discourse.pi-hole.net
+    about: Ask a question or get help with configurations.
+  - name: Feature Requests
+    url: https://discourse.pi-hole.net/c/feature-requests/8
+    about: See existing Feature Requests and suggest new ones.
+  - name: Documentation
+    url: https://docs.pi-hole.net
+    about: Documentation and guides.
+    
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,3 +1,5 @@
+`{Please select 'base: dev' as target branch above! (you can delete this line)}`
+
 <!--- Provide a general summary of your changes in the Title above -->

 ## Description
--- a/.github/dco.yml
+++ b/.github/dco.yml
@@ -0,0 +1,2 @@
+require:
+  members: false
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: saturday
+      time: "10:00"
+    target-branch: dev
+    reviewers:
+      - "pi-hole/docker-maintainers"
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -0,0 +1,7 @@
+changelog:
+  exclude:
+    labels:
+      - internal
+    authors:
+      - dependabot
+      - github-actions
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,18 @@
+name: Codespell
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  spell-check:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+    -
+      name: Checkout repository
+      uses: actions/checkout@v3
+    -
+      name: Spell-Checking
+      uses: codespell-project/actions-codespell@master
+      with:
+        ignore_words_file: .codespellignore
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,26 @@
+name: Mark stale issues
+
+on:
+  schedule:
+  - cron: '0 8 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        days-before-stale: 30
+        days-before-close: 5
+        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+        stale-issue-label: 'stale'
+        exempt-issue-labels: 'pinned, Fixed in next release, bug, never-stale, documentation, investigating'
+        exempt-all-issue-assignees: true
+        operations-per-run: 300
+        close-issue-reason: 'not_planned'
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -0,0 +1,27 @@
+name: Sync Back to Development
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  sync-branches:
+    runs-on: ubuntu-latest
+    name: Syncing branches
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Opening pull request
+        id: pull
+        uses: tretuna/sync-branches@1.4.0
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FROM_BRANCH: 'master'
+          TO_BRANCH: 'dev'
+      - name: Label the pull request to ignore for release note generation
+        uses: actions-ecosystem/action-add-labels@v1
+        with:
+          labels: internal
+          repo: ${{ github.repository }}
+          number: ${{ steps.pull.outputs.PULL_REQUEST_NUMBER }}
--- a/.github/workflows/test-and-build.yaml
+++ b/.github/workflows/test-and-build.yaml
@@ -0,0 +1,83 @@
+name: Test & Build
+on:
+  schedule:
+    - cron: '0 2 * * *'
+  push:
+    branches:
+      - dev
+  pull_request:
+  release:
+    types: [published]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Run Tests
+        run: |
+          echo "Building image to test"
+          ./build-and-test.sh
+
+  build-and-publish:
+    if: github.event_name != 'pull_request'
+    # If only readme has been touched, for example, then the `test` job will have been skipped. This job will therefore be skipped, too.
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        if: github.event_name != 'schedule'
+        uses: actions/checkout@v3
+      -
+        name: Checkout dev branch if we are building nightly
+        if: github.event_name == 'schedule'
+        uses: actions/checkout@v3
+        with:
+          ref: dev
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole
+            ghcr.io/${{ github.repository_owner }}/pihole
+          flavor: |
+            latest=${{ startsWith(github.ref, 'refs/tags/') }}
+          tags: |
+            type=schedule
+            type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
+            type=ref,event=tag
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: ./src/
+          platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6
+          build-args: |
+            PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,11 @@ __pycache__
 UNKNOWN.egg-info
 .env
 ci-workspace
+.gh-workspace
+docker-compose.yml
+etc-dnsmasq.d/
+etc-pihole/
+var-log/

 # WIP/test stuff
 doco.yml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,4 +2,4 @@

 Notes about releases will be documented on [docker-pi-hole's github releases page](https://github.com/pi-hole/docker-pi-hole/releases).  Breaking changes will be copied to the top of the docker repo's README file to assist with common upgrade issues.

-See the [Pi-hole releases](https://github.com/pi-hole/pi-hole/releases) for details on updates unreleated to docker image releases
+See the [Pi-hole releases](https://github.com/pi-hole/pi-hole/releases) for details on updates unrelated to docker image releases
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,5 +6,5 @@ Please review the following before opening a pull request (PR) to help your PR g
  * To ensure proper testing and quality control, target any code change pull requests against `dev` branch.

 * Make sure the tests pass
-  * Take a look at [TESTING.md](TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have travis-ci run it.  
+  * Take a look at [TESTING.md](TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have GitHub Actions run it.
  * Your tests will probably run faster locally and you get a faster feedback loop.
--- a/Dockerfile.py
+++ b/Dockerfile.py
@@ -1,149 +0,0 @@
-#!/usr/bin/env python3
-""" Dockerfile.py - generates and build dockerfiles
-
-Usage:
-  Dockerfile.py [--hub_tag=<tag>] [--arch=<arch> ...] [-v] [-t] [--no-build | --no-generate] [--no-cache]
-
-Options:
-    --no-build      Skip building the docker images
-    --no-cache      Build without using any cache data
-    --no-generate   Skip generating Dockerfiles from template
-    --hub_tag=<tag> What the Docker Hub Image should be tagged as [default: None]
-    --arch=<arch>   What Architecture(s) to build   [default: amd64 armel armhf arm64]
-    -v              Print docker's command output   [default: False]
-    -t              Print docker's build time       [default: False]
-
-Examples:
-"""
-
-
-from jinja2 import Environment, FileSystemLoader
-from docopt import docopt
-import os
-import subprocess
-import sys
-
-THIS_DIR = os.path.dirname(os.path.abspath(__file__))
-
-base_vars = {
-    'name': 'pihole/pihole',
-    'maintainer' : 'adam@diginc.us',
-    's6_version' : 'v1.22.1.0',
-}
-
-os_base_vars = {
-    'php_env_config': '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf',
-    'php_error_log': '/var/log/lighttpd/error.log'
-}
-
-__version__ = None
-dot = os.path.abspath('.')
-with open('{}/VERSION'.format(dot), 'r') as v:
-    raw_version = v.read().strip()
-    __version__ = raw_version.replace('release/', 'release-')
-
-images = {
-    __version__: [
-        {
-            'base': 'pihole/debian-base:latest',
-            'arch': 'amd64',
-            's6arch': 'amd64',
-        },
-        {
-            'base': 'multiarch/debian-debootstrap:armel-stretch-slim',
-            'arch': 'armel',
-            's6arch': 'arm',
-        },
-        {
-            'base': 'multiarch/debian-debootstrap:armhf-stretch-slim',
-            'arch': 'arm',
-            's6arch' : 'arm',
-        },
-        {
-            'base': 'multiarch/debian-debootstrap:arm64-stretch-slim',
-            'arch': 'arm64',
-            's6arch' : 'aarch64',
-        }
-    ]
-}
-
-def generate_dockerfiles(args):
-    if args['--no-generate']:
-        print(" ::: Skipping Dockerfile generation")
-        return
-
-    for version, archs in images.items():
-        for image in archs:
-            if image['arch'] not in args['--arch']:
-                continue
-            s6arch = image['s6arch'] if image['s6arch'] else image['arch']
-            merged_data = dict(
-                list({ 'version': version }.items()) +
-                list(base_vars.items()) +
-                list(os_base_vars.items()) +
-                list(image.items()) +
-                list({ 's6arch': s6arch }.items())
-            )
-            j2_env = Environment(loader=FileSystemLoader(THIS_DIR),
-                                 trim_blocks=True)
-            template = j2_env.get_template('Dockerfile.template')
-
-            dockerfile = 'Dockerfile_{}'.format(image['arch'])
-            with open(dockerfile, 'w') as f:
-                f.write(template.render(pihole=merged_data))
-
-
-def build_dockerfiles(args):
-    if args['--no-build']:
-        print(" ::: Skipping Dockerfile building")
-        return
-
-    for arch in args['--arch']:
-        build('pihole', arch, args)
-
-
-def run_and_stream_command_output(command, args):
-    print("Running", command)
-    build_result = subprocess.Popen(command.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
-                                    bufsize=1, universal_newlines=True)
-    if args['-v']:
-        while build_result.poll() is None:
-            for line in build_result.stdout:
-                print(line, end='')
-    build_result.wait()
-    if build_result.returncode != 0:
-        print("     ::: Error running".format(command))
-        print(build_result.stderr)
-
-
-def build(docker_repo, arch, args):
-    dockerfile = 'Dockerfile_{}'.format(arch)
-    repo_tag = '{}:{}_{}'.format(docker_repo, __version__, arch)
-    cached_image = '{}/{}'.format('pihole', repo_tag)
-    print(" ::: Building {}".format(repo_tag))
-    time=''
-    if args['-t']:
-        time='time '
-    no_cache = ''
-    if args['--no-cache']:
-        no_cache = '--no-cache'
-    build_command = '{time}docker build {no_cache} --pull --cache-from="{cache},{create_tag}" -f {dockerfile} -t {create_tag} .'\
-        .format(time=time, no_cache=no_cache, cache=cached_image, dockerfile=dockerfile, create_tag=repo_tag)
-    print(" ::: Building {} into {}".format(dockerfile, repo_tag))
-    run_and_stream_command_output(build_command, args)
-    if args['-v']:
-        print(build_command, '\n')
-    if args['--hub_tag']:
-        hub_tag_command = "{time}docker tag {create_tag} {hub_tag}"\
-            .format(time=time, create_tag=repo_tag, hub_tag=args['--hub_tag'])
-        print(" ::: Tagging {} into {}".format(repo_tag, args['--hub_tag']))
-        run_and_stream_command_output(hub_tag_command, args)
-
-
-if __name__ == '__main__':
-    args = docopt(__doc__, version='Dockerfile 1.1')
-    if args['-v']:
-        print(args)
-
-    generate_dockerfiles(args)
-    build_dockerfiles(args)
--- a/Dockerfile.sh
+++ b/Dockerfile.sh
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-# alpine sh only
-
-set -eux
-./Dockerfile.py -v --arch="${ARCH}" --hub_tag="${ARCH_IMAGE}"
-# TODO: Add junitxml output and have circleci consume it
-# 2 parallel max b/c race condition with docker fixture (I think?)
-py.test -vv -n 2 -k "${ARCH}" ./test/
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -1,49 +0,0 @@
-FROM {{ pihole.base }}
-
-ENV ARCH {{ pihole.arch }}
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/{{ pihole.s6_version }}/s6-overlay-{{ pihole.s6arch }}.tar.gz
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ENV PHP_ENV_CONFIG '{{ pihole.php_env_config }}'
-ENV PHP_ERROR_LOG '{{ pihole.php_error_log }}'
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ENV VERSION {{ pihole.version }}
-ENV PATH /opt/pihole:${PATH}
-
-LABEL image="{{ pihole.name }}:{{ pihole.version }}_{{ pihole.arch }}"
-LABEL maintainer="{{ pihole.maintainer }}"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]
--- a/49
+++ b/49
@@ -1,49 +0,0 @@
-FROM pihole/debian-base:latest
-
-ENV ARCH amd64
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
-ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ENV VERSION v4.4
-ENV PATH /opt/pihole:${PATH}
-
-LABEL image="pihole/pihole:v4.4_amd64"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]
--- a/49
+++ b/49
@@ -1,49 +0,0 @@
-FROM multiarch/debian-debootstrap:arm64-stretch-slim
-
-ENV ARCH arm64
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-aarch64.tar.gz
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
-ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ENV VERSION v4.4
-ENV PATH /opt/pihole:${PATH}
-
-LABEL image="pihole/pihole:v4.4_arm64"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]
--- a/49
+++ b/49
@@ -1,49 +0,0 @@
-FROM multiarch/debian-debootstrap:armel-stretch-slim
-
-ENV ARCH armel
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-arm.tar.gz
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
-ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ENV VERSION v4.4
-ENV PATH /opt/pihole:${PATH}
-
-LABEL image="pihole/pihole:v4.4_armel"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]
--- a/49
+++ b/49
@@ -1,49 +0,0 @@
-FROM multiarch/debian-debootstrap:armhf-stretch-slim
-
-ENV ARCH armhf
-ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.7.0/s6-overlay-armhf.tar.gz
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
-ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ENV VERSION v4.4
-ENV PATH /opt/pihole:${PATH}
-
-LABEL image="pihole/pihole:v4.4_armhf"
-LABEL maintainer="adam@diginc.us"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]
--- a/23
+++ b/23
@@ -1,23 +0,0 @@
-FROM docker:latest
-
-# Based on https://github.com/Ilhicas/alpine-pipenv
-ARG packages
-RUN apk --update add python3 python3-dev curl gcc make \
-        musl-dev libffi-dev openssl-dev ${packages} \
-    && rm -rf /var/cache/apk/* \
-    && pip3 install -U pip pipenv
-
-
-# -v "$(pwd):/$(pwd)" -w "$(pwd)" to prevent nested docker path confusion
-COPY ./Dockerfile.sh /usr/local/bin/
-COPY Pipfile* /root/
-WORKDIR /root
-
-RUN pipenv install --system \
-    && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.8/site-packages/testinfra/backend/docker.py
-
-
-RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-ENTRYPOINT entrypoint.sh
-CMD Dockerfile.sh
--- a/README.md
+++ b/README.md
@@ -5,8 +5,26 @@
 </p>
 <!-- Delete above HTML and insert markdown for dockerhub : ![Pi-hole](https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png) -->

+## Upgrade Notes
+
+- **Using Watchtower? See the [Note on Watchtower](#note-on-watchtower) at the bottom of this readme**
+
+- Due to [a known issue with Docker and libseccomp <2.5](https://github.com/moby/moby/issues/40734), you may run into issues running `2022.04` and later on host systems with an older version of `libseccomp2` ([Such as Debian/Raspbian buster or Ubuntu 20.04](https://pkgs.org/download/libseccomp2), and maybe [CentOS 7](https://pkgs.org/download/libseccomp)).
+
+  The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of `libseccomp`.
+
+  _If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_  (Note, you may also find that you need the latest `docker.io` (more details [here](https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/))
+
+- Some users [have reported issues](https://github.com/pi-hole/docker-pi-hole/issues/963#issuecomment-1095602502) with using the `--privileged` flag on `2022.04` and above. TL;DR, don't use that that mode, and be [explicit with the permitted caps](https://github.com/pi-hole/docker-pi-hole#note-on-capabilities) (if needed) instead
+
+- As of `2022.04.01`, setting `CAP_NET_ADMIN` is only required if you are using Pi-hole as your DHCP server. The container will only try to set caps that are explicitly granted (or natively available)
+
+- In `2022.01` and later, the default `DNSMASQ_USER` has been changed to `pihole`, however this may cause issues on some systems such as Synology, see Issue [#963](https://github.com/pi-hole/docker-pi-hole/issues/963) for more information.
+ If the container won't start due to issues setting capabilities, set `DNSMASQ_USER` to `root` in your environment.
+
 ## Quick Start

+1. Copy docker-compose.yml.example to docker-compose.yml and update as needed. See example below:
 [Docker-compose](https://docs.docker.com/compose/install/) example:

 ```yaml
@@ -17,74 +35,53 @@ services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
-      - "67:67/udp"
+      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
-      - "443:443/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
-    # Recommended but not required (DHCP needs NET_ADMIN)
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
-      - NET_ADMIN
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped
 ```
+2. Run `docker-compose up -d` to build and start pi-hole
+3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting. (This can also be achieved by setting the environment variable `DNSMASQ_LISTENING` to `all`)

-[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
-
-## Upgrade Notices:
-
-### Docker Pi-Hole v4.2.2
-
- ServerIP no longer a required enviroment variable **unless you run network 'host' mode**!  Feel free to remove it unless you need it to customize lighttpd
- --cap-add NET_ADMIN no longer required unless using DHCP, leaving in examples for consistency
-
-### Docker Pi-Hole v4.1.1+
-
-Starting with the v4.1.1 release your Pi-hole container may encounter issues starting the DNS service unless ran with the following setting:
-
- `--dns=127.0.0.1 --dns=1.1.1.1` The second server can be any DNS IP of your choosing, but the **first dns must be 127.0.0.1**
-    - A WARNING stating "Misconfigured DNS in /etc/resolv.conf" may show in docker logs without this.
- 4.1 required --cap-add NET_ADMIN until 4.2.1-1
-
-These are the raw [docker run cli](https://docs.docker.com/engine/reference/commandline/cli/) versions of the commands.  We provide no official support for docker GUIs but the community forums may be able to help if you do not see a place for these settings.  Remember, always consult your manual too!
+[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh).

 ## Overview

-#### Renamed from `diginc/pi-hole` to `pihole/pihole`
-
 A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality.

 1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended.
 2) Use the above quick start example, customize if desired.
 3) Enjoy!

-[![Build Status](https://api.travis-ci.org/pi-hole/docker-pi-hole.svg?branch=master)](https://travis-ci.org/pi-hole/docker-pi-hole) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)
+[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)

 ## Running Pi-hole Docker

-This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh)
+This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh)

 If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so:

 ```
-    -v "$(pwd)/etc-pihole/:/etc/pihole/:z" \
-    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/:z" \
+    -v "$(pwd)/etc-pihole:/etc/pihole:z" \
+    -v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d:z" \
 ```

 Volumes are recommended for persisting data across container re-creations for updating images.  The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary.

-Port 443 is to provide a sinkhole for ads that use SSL.  If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times.  Rejecting 443 on your firewall can also serve this same purpose.  Ubuntu firewall example: `sudo ufw reject https`
+You can customize where to store persistent data by setting the `PIHOLE_BASE` environment variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`).  If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script.

 **Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs.  **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.

@@ -96,27 +93,80 @@ There are multiple different ways to run DHCP from within your Docker Pi-hole co

 There are other environment variables if you want to customize various things inside the docker container:

-| Docker Environment Var. | Description |
-| ----------------------- | ----------- |
-| `TZ: <Timezone>`<br/> **Recommended** *Default: UTC* | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
-| `WEBPASSWORD: <Admin password>`<br/> **Recommended** *Default: random* | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
-| `DNS1: <IP>`<br/> *Optional* *Default: 8.8.8.8* | Primary upstream DNS provider, default is google DNS
-| `DNS2: <IP>`<br/> *Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used
-| `DNSSEC: <True\|False>`<br/> *Optional* *Default: false* | Enable DNSSEC support
-| `DNS_BOGUS_PRIV: <True\|False>`<br/> *Optional* *Default: true* | Enable forwarding of reverse lookups for private ranges
-| `DNS_FQDN_REQUIRED: <True\|False>`<br/> *Optional* *Default: true* | Never forward non-FQDNs
-| `CONDITIONAL_FORWARDING: <True\|False>`<br/> *Optional* *Default: False* | Enable DNS conditional forwarding for device name resolution
-| `CONDITIONAL_FORWARDING_IP: <Router's IP>`<br/> *Optional* | If conditional forwarding is enabled, set the IP of the local network router
-| `CONDITIONAL_FORWARDING_DOMAIN: <Network Domain>`<br/> *Optional* | If conditional forwarding is enabled, set the domain of the local network router
-| `CONDITIONAL_FORWARDING_REVERSE: <Reverse DNS>`<br/> *Optional* | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`)
-| `ServerIP: <Host's IP>`<br/> **Recommended** | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
-| `ServerIPv6: <Host's IPv6>`<br/> *Required if using IPv6* | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully
-| `VIRTUAL_HOST: <Custom Hostname>`<br/> *Optional* *Default: $ServerIP*   | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
-| `IPv6: <True\|False>`<br/> *Optional* *Default: True* | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
-| `INTERFACE: <NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
-| `DNSMASQ_LISTENING: <local\|all\|NIC>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local.
-| `WEB_PORT: <PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
-| `DNSMASQ_USER: <pihole\|root>`<br/> *Experimental Default: root* | Allows running FTLDNS as non-root.
+### Recommended Variables
+
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
+| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
+| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes and lighttpd bind address.
+
+### Optional Variables
+
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `ADMIN_EMAIL` | unset | email address | Set an administrative contact address for the Block Page |
+| `PIHOLE_DNS_` |  `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` <br/> (supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services <br/> Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation |
+| `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support |
+| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges |
+| `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs |
+| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
+| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
+| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
+| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) |
+| `DHCP_ACTIVE` | `false` | `<"true"\|"false">` | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf`
+| `DHCP_START` | unset | `<Start IP>` | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_END` | unset | `<End IP>` | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_ROUTER` | unset | `<Router's IP>` | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_LEASETIME` | 24 | `<hours>` | DHCP lease time in hours.
+| `PIHOLE_DOMAIN` | `lan` | `<domain>` | Domain name sent by the DHCP server.
+| `DHCP_IPv6` | `false` | `<"true"\|"false">` | Enable DHCP server IPv6 support (SLAAC + RA).
+| `DHCP_rapid_commit` | `false` | `<"true"\|"false">` | Enable DHCPv4 rapid commit (fast address assignment).
+| `VIRTUAL_HOST` | `$FTLCONF_LOCAL_IPV4` | `<Custom Hostname>` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
+| `IPv6` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
+| `TEMPERATUREUNIT` | `c` | `<c\|k\|f>` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
+| `WEBUIBOXEDLAYOUT` | `boxed` | `<boxed\|traditional>` | Use boxed layout (helpful when working on large screens)
+| `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not.
+| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use.
+| `WEBPASSWORD_FILE`| unset | `<Docker secret path>` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`.
+
+### Advanced Variables
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `INTERFACE` | unset | `<NIC>` | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
+| `DNSMASQ_LISTENING` | unset | `<local\|all\|single>` | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified.
+| `WEB_PORT` | unset | `<PORT>` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
+| `SKIPGRAVITYONBOOT` | unset | `<unset\|1>` | Use this option to skip updating the Gravity Database when booting up the container.  By default this environment variable is not set so the Gravity Database will be updated when the container starts up.  Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up.
+| `CORS_HOSTS` | unset | `<FQDNs delimited by ,>` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`.
+| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
+| `FTL_CMD` | `no-daemon` | `no-daemon -- <dnsmasq option>` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. |
+| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the [FTLDNS Configuration page](https://docs.pi-hole.net/ftldns/configfile/). For example, to customize LOCAL_IPV4, ensure you have the `FTLCONF_LOCAL_IPV4` environment variable set.
+
+### Experimental Variables
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `DNSMASQ_USER` | unset | `<pihole\|root>` | Allows changing the user that FTLDNS runs as. Default: `pihole`|
+| `PIHOLE_UID` | debian system value | Number | Overrides image's default pihole user id to match a host user id  |
+| `PIHOLE_GID` | debian system value | Number | Overrides image's default pihole group id to match a host group id |
+| `WEB_UID` | debian system value | Number | Overrides image's default www-data user id to match a host user id |
+| `WEB_GID` | debian system value | Number | Overrides image's default www-data group id to match a host group id |
+| `WEBLOGS_STDOUT` | 0 | 0&vert;1 | 0 logs to defined files, 1 redirect access and error logs to stdout |
+
+## Deprecated environment variables:
+While these may still work, they are likely to be removed in a future version. Where applicable, alternative variable names are indicated. Please review the table above for usage of the alternative variables
+
+| Docker Environment Var. | Description | Replaced By |
+| ----------------------- | ----------- | ----------- |
+| `CONDITIONAL_FORWARDING` | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`|
+| `CONDITIONAL_FORWARDING_IP` | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` |
+| `CONDITIONAL_FORWARDING_DOMAIN` | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` |
+| `CONDITIONAL_FORWARDING_REVERSE` | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` |
+| `DNS1` | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` |
+| `DNS2` | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` |
+| `ServerIP` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_REPLY_ADDR4` |
+| `ServerIPv6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_REPLY_ADDR6` |
+| `FTLCONF_REPLY_ADDR4` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_LOCAL_IPV4` |
+| `FTLCONF_REPLY_ADDR6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_LOCAL_IPV6` |

 To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1`

@@ -124,13 +174,13 @@ Here is a rundown of other arguments for your docker-compose / docker run.

 | Docker Arguments | Description |
 | ---------------- | ----------- |
-| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67, 443), the bare minimum ports required for Pi-holes HTTP and DNS services
+| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67), the bare minimum ports required for Pi-holes HTTP and DNS services
 | `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash
 | `-v $(pwd)/etc-pihole:/etc/pihole`<br/> **Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates
 | `-v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d`<br/> **Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates
 | `--net=host`<br/> *Optional* | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings.
 | `--cap-add=NET_ADMIN`<br/> *Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities.
-| `--dns=127.0.0.1`<br/> *Recommended* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, also fixes common resolution errors on container restart.
+| `--dns=127.0.0.1`<br/> *Optional* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart.
 | `--dns=1.1.1.1`<br/> *Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting
 | `--env-file .env` <br/> *Optional* | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience

@@ -142,16 +192,17 @@ Here is a rundown of other arguments for your docker-compose / docker run.
 * Port conflicts?  Stop your server's existing DNS / Web services.
  * Don't forget to stop your services from auto-starting again after you reboot
  * Ubuntu users see below for more detailed information
-* Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly.  To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already.  Pi-hole must be the default web app on the proxy e.g. if you go to your host by IP instead of domain then Pi-hole is served out instead of any other sites hosted by the proxy. This is the '[default_server](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)' in nginx or ['_default_' virtual host](https://httpd.apache.org/docs/2.4/vhosts/examples.html#default) in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads.
-  * You can still map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80`, but again the ads won't render properly.  Changing the inner port 80 shouldn't be required unless you run docker host networking mode.
-  * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.
+* You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
+  * [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read nginxproxy/nginx-proxy readme for more info if you have trouble.
+* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".

-### Installing on Ubuntu
-Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
+### Installing on Ubuntu or Fedora
+Modern releases of Ubuntu (17.10+) and Fedora (33+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
 The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf`

 This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the `/etc/resolv.conf` symlink to point to `/run/systemd/resolve/resolv.conf`, which is automatically updated to follow the system's [`netplan`](https://netplan.io/):
 `sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'`
+After making these changes, you should restart systemd-resolved using `systemctl restart systemd-resolved`

 Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`.
 Example netplan:
@@ -171,26 +222,25 @@ Note that it is also possible to disable `systemd-resolved` entirely. However, t

 Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.

+## Installing on Dokku
+@Rikj000 has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation)
+
 ## Docker tags and versioning

-The primary docker tags / versions are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags) ([arm tags are here](https://store.docker.com/community/images/pihole/pihole/tags)), I also try to tag with the specific version of Pi-hole Core for version archival purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases).
+The primary docker tags are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags). See [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases) to see the specific version of Pi-hole Core, Web, and FTL included in the release.

-| tag                 | architecture | description                                                             | Dockerfile |
-| ---                 | ------------ | -----------                                                             | ---------- |
-| `latest`            | auto detect  | x86, arm, or arm64 container, docker auto detects your architecture.    | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile_amd64) |
-| `v4.0.0-1`          | auto detect  | Versioned tags, if you want to pin against a specific version, use one of these |  |
-| `v4.0.0-1_<arch>`   | based on tag | Specific architectures tags | |
-| `dev`       | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
-
-### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
-
-This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from Pi-hole.
-
-https://hub.docker.com/r/pihole/pihole/tags/
+| tag                 | description
+|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| `latest`            | Always latest release                                                                                                                      |
+| `2022.04`           | Date-based release that can receive bugfix updates                                                                                         |
+| `2022.04.1`         | A specific image that will not receive updates                                                                                             |
+| `dev`               | Similar to `latest`, but for the development branch (pushed occasionally)                                                                  |
+| `*beta`             | Early beta releases of upcoming versions - here be dragons                                                                                 |
+| `nightly`           | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL) |

 ## Upgrading, Persistence, and Customizations

-The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.
+The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  However, mounting these configuration files as read-only should be avoided.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.

 ### Upgrading / Reconfiguring

@@ -201,11 +251,11 @@ Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`).  New imag
    * We will try to put common break/fixes at the top of this readme too
 1. Download the latest version of the image: `docker pull pihole/pihole`
 2. Throw away your container: `docker rm -f pihole`
-    * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS inturruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
+    * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
    * If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
 3. Start your container with the newer base image: `docker run <args> pihole/pihole` (`<args>` being your preferred run volumes and env vars)

-Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to known it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reducing complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers.
+Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to known it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reduces complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers.

 To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands.

@@ -227,7 +277,7 @@ Similarly for the webserver you can customize configs in /etc/lighttpd

 ### Systemd init script

-As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
+As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/examples/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).

 NOTE:  After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container.

@@ -237,11 +287,25 @@ DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities)
 - `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
 - `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
 - `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
+- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low
+- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole`

 This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
 By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
 However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the `NET_RAW` capability to prevent FTLDNS from automatically gaining it.

+
+## Note on Watchtower
+
+We have noticed that a lot of people use Watchtower to keep their Pi-hole containers up to date. For the same reason we don't provide an auto-update feature on a bare metal install, you _should not_ have a system automatically update your Pi-hole container. Especially unattended. As much as we try to ensure nothing will go wrong, sometimes things do go wrong - and you need to set aside time to _manually_ pull and update to the version of the container you wish to run. The upgrade process should be along the lines of:
+
+ - **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image
+ - Pull the new image
+ - Stop and _remove_ the running Pi-hole container
+   - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
+ - Recreate the container using the new image
+
+Pi-hole is an integral part of your network, don't let it fall over because of an unattended update in the middle of the night.
 # User Feedback

-Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole or general docker questions are best answered on our [user forums](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  Ping me (@diginc) on the forums if it's a docker container and you're not sure if it's docker related.
+Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole or general docker questions are best answered on our [user forums](https://discourse.pi-hole.net/c/bugs-problems-issues/docker/30).
--- a/TESTING.md
+++ b/TESTING.md
@@ -1,21 +0,0 @@
-# Prerequisites 
-
-Make sure you have docker, python, and pip.  I won't cover how to install those here, please search the internet for that info if you need it.
-
-# Running tests locally
-
-Travis-ci auto runs tests during pull requests (PR) but it only has 2 cores and if you have more/faster cpus your PC's local tests will be faster and you'll have quicker feedback loops than continually pushing to have your PR run travis-ci
-
-After you have the prereqs, to get the required pip packages run: `pip install -r requirements.txt`
-
-To run the Dockerfile templating, image build, and tests all in one command just run: `tox`
-
-# Local image names
-
-Docker images built by `tox` or `python Dockerfile.py` are named the same but stripped of the `pihole/` docker repository namespace.
-
-e.g. `pi-hole:debian_amd64` or `pi-hole-multiarch:debian_arm64`
-
-You can run the multiarch images on an amd64 development system if you [enable binfmt-support as described in the multiarch image docs](https://hub.docker.com/r/multiarch/multiarch/debian-debootstrap/)
-
-`docker run --rm --privileged multiarch/qemu-user-static:register --reset`
--- a/1
+++ b/1
@@ -1 +0,0 @@
-v4.4
--- a/1
+++ b/1
@@ -1 +0,0 @@
-py.test -f ./test -v $@
--- a/bash_functions.sh
+++ b/bash_functions.sh
@@ -1,382 +0,0 @@
-#!/bin/bash
-# Some of the bash_functions use variables these core pi-hole/web scripts
-. /opt/pihole/webpage.sh
-
-docker_checks() {
-    warn_msg='WARNING Misconfigured DNS in /etc/resolv.conf'
-    ns_count="$(grep -c nameserver /etc/resolv.conf)"
-    ns_primary="$(grep nameserver /etc/resolv.conf | head -1)"
-    ns_primary="${ns_primary/nameserver /}"
-    warned=false
-
-    if [ "$ns_count" -lt 2 ] ; then
-        echo "$warn_msg: Two DNS servers are recommended, 127.0.0.1 and any backup server"
-        warned=true
-    fi
-
-    if [ "$ns_primary" != "127.0.0.1" ] ; then
-        echo "$warn_msg: Primary DNS should be 127.0.0.1 (found ${ns_primary})"
-        warned=true
-    fi
-
-    if ! $warned ; then
-        echo "OK: Checks passed for /etc/resolv.conf DNS servers"
-    fi
-
-    echo
-    cat /etc/resolv.conf
-}
-
-fix_capabilities() {
-    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+ei $(which pihole-FTL) || ret=$?
-
-    if [[ $ret -ne 0 && "${DNSMASQ_USER:-root}" != "root" ]]; then
-        echo "ERROR: Failed to set capabilities for pihole-FTL. Cannot run as non-root."
-        exit 1
-    fi
-}
-
-prepare_configs() {
-    # Done in /start.sh, don't do twice
-    PH_TEST=true . $PIHOLE_INSTALL
-    distro_check
-    installConfigs
-    touch "$setupVars"
-    set +e
-    mkdir -p /var/run/pihole /var/log/pihole
-    # Re-apply perms from basic-install over any volume mounts that may be present (or not)
-    # Also  similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
-    chown pihole:root /etc/lighttpd
-    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole" "${regexFile}"
-    chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" 
-    # not sure why pihole:pihole user/group write perms are not enough for web to write...dirty fix:
-    chmod 777 "${regexFile}"
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    chown pihole:pihole /var/run/pihole /var/log/pihole
-    test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    set -e
-    # Update version numbers
-    pihole updatechecker
-    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
-    
-    # If the setup variable file exists,
-    if [[ -e "${setupVars}" ]]; then
-        # update the variables in the file
-        local USERWEBPASSWORD="${WEBPASSWORD}"
-        . "${setupVars}"
-        # Stash and pop the user password to avoid setting the password to the hashed setupVar variable
-        WEBPASSWORD="${USERWEBPASSWORD}"
-        # Clean up old before re-writing the required setupVars
-        sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;' "${setupVars}"
-    fi
-    # echo the information to the user
-    {
-    echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
-    echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
-    echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
-    echo "QUERY_LOGGING=${QUERY_LOGGING}"
-    echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
-    echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
-    echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
-    }>> "${setupVars}"
-}
-
-validate_env() {
-    # Optional ServerIP is a valid IP
-    # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
-    # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
-    if [[ "$(nc -4 -w1 -z "$ServerIP" 53 2>&1)" != "" ]] || ! ip route get "$ServerIP" > /dev/null ; then
-        echo "ERROR: ServerIP Environment variable ($ServerIP) doesn't appear to be a valid IPv4 address"
-        exit 1
-    fi
-
-    # Optional IPv6 is a valid address
-    if [[ -n "$ServerIPv6" ]] ; then
-        if [[ "$ServerIPv6" == 'kernel' ]] ; then
-            echo "ERROR: You passed in IPv6 with a value of 'kernel', this maybe beacuse you do not have IPv6 enabled on your network"
-            unset ServerIPv6
-            exit 1
-        fi
-        if [[ "$(nc -6 -w1 -z "$ServerIPv6" 53 2>&1)" != "" ]] || ! ip route get "$ServerIPv6" > /dev/null ; then
-            echo "ERROR: ServerIPv6 Environment variable ($ServerIPv6) doesn't appear to be a valid IPv6 address"
-            echo "  TIP: If your server is not IPv6 enabled just remove '-e ServerIPv6' from your docker container"
-            exit 1
-        fi
-    fi;
-}
-
-setup_dnsmasq_dns() {
-    . /opt/pihole/webpage.sh
-    local DNS1="${1:-8.8.8.8}"
-    local DNS2="${2:-8.8.4.4}"
-    local dnsType='default'
-    if [ "$DNS1" != '8.8.8.8' ] || [ "$DNS2" != '8.8.4.4' ] ; then
-        dnsType='custom'
-    fi;
-
-    # TODO With the addition of this to /start.sh this needs a refactor
-    if [ ! -f /.piholeFirstBoot ] ; then
-        local setupDNS1="$(grep 'PIHOLE_DNS_1' ${setupVars})"
-        local setupDNS2="$(grep 'PIHOLE_DNS_2' ${setupVars})"
-        setupDNS1="${setupDNS1/PIHOLE_DNS_1=/}"
-        setupDNS2="${setupDNS2/PIHOLE_DNS_2=/}"
-        if [[ -n "$DNS1" && -n "$setupDNS1"  ]] || \
-           [[ -n "$DNS2" && -n "$setupDNS2"  ]] ; then 
-                echo "Docker DNS variables not used"
-        fi
-        echo "Existing DNS servers used (${setupDNS1:-unset} & ${setupDNS2:-unset})"
-        return
-    fi
-
-    echo "Using $dnsType DNS servers: $DNS1 & $DNS2"
-    if [[ -n "$DNS1" && -z "$setupDNS1" ]] ; then
-        change_setting "PIHOLE_DNS_1" "${DNS1}"
-    fi
-    if [[ -n "$DNS2" && -z "$setupDNS2" ]] ; then
-        if [[ "$DNS2" == "no" ]] ; then
-            delete_setting "PIHOLE_DNS_2"
-            unset PIHOLE_DNS_2
-        else
-            change_setting "PIHOLE_DNS_2" "${DNS2}"
-        fi
-    fi
-}
-
-setup_dnsmasq_interface() {
-    local interface="${1:-eth0}"
-    local interfaceType='default'
-    if [ "$interface" != 'eth0' ] ; then
-      interfaceType='custom'
-    fi;
-    echo "DNSMasq binding to $interfaceType interface: $interface"
-    [ -n "$interface" ] && change_setting "PIHOLE_INTERFACE" "${interface}"
-}
-
-setup_dnsmasq_listening_behaviour() {
-    local dnsmasq_listening_behaviour="${1}"
-
-    if [ -n "$dnsmasq_listening_behaviour" ]; then
-      change_setting "DNSMASQ_LISTENING" "${dnsmasq_listening_behaviour}"
-    fi;
-}
-
-setup_dnsmasq_config_if_missing() {
-    # When fresh empty directory volumes are used we miss this file
-    if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
-        cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
-    fi;
-}
-
-setup_dnsmasq() {
-    local dns1="$1"
-    local dns2="$2"
-    local interface="$3"
-    local dnsmasq_listening_behaviour="$4"
-    # Coordinates 
-    setup_dnsmasq_config_if_missing
-    setup_dnsmasq_dns "$dns1" "$dns2" 
-    setup_dnsmasq_interface "$interface"
-    setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
-    setup_dnsmasq_user "${DNSMASQ_USER}"
-    ProcessDNSSettings
-}
-
-setup_dnsmasq_user() {
-    local DNSMASQ_USER="${1}"
-
-    # Run DNSMASQ as root user to avoid SHM permission issues
-    if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
-        # Change user that had been set previously to root
-        for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
-            sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
-        done
-    else
-      echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
-    fi
-}
-
-setup_dnsmasq_hostnames() {
-    # largely borrowed from automated install/basic-install.sh
-    local IPV4_ADDRESS="${1}"
-    local IPV6_ADDRESS="${2}"
-    local hostname="${3}"
-    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
-
-    if [ -z "$hostname" ]; then
-        if [[ -f /etc/hostname ]]; then
-            hostname=$(</etc/hostname)
-        elif [ -x "$(command -v hostname)" ]; then
-            hostname=$(hostname -f)
-        fi
-    fi;
-
-    if [[ "${IPV4_ADDRESS}" != "" ]]; then
-        tmp=${IPV4_ADDRESS%/*}
-        sed -i "s/@IPV4@/$tmp/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/pi.hole\/@IPV4@/d' ${dnsmasq_pihole_01_location}
-        sed -i '/^address=\/@HOSTNAME@\/@IPV4@/d' ${dnsmasq_pihole_01_location}
-    fi
-
-    if [[ "${IPV6_ADDRESS}" != "" ]]; then
-        sed -i "s/@IPv6@/$IPV6_ADDRESS/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/pi.hole\/@IPv6@/d' ${dnsmasq_pihole_01_location}
-        sed -i '/^address=\/@HOSTNAME@\/@IPv6@/d' ${dnsmasq_pihole_01_location}
-    fi
-
-    if [[ "${hostname}" != "" ]]; then
-        sed -i "s/@HOSTNAME@/$hostname/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/@HOSTNAME@*/d' ${dnsmasq_pihole_01_location}
-    fi
-}
-
-setup_lighttpd_bind() {
-    local serverip="$1"
-    # if using '--net=host' only bind lighttpd on $ServerIP and localhost
-    if grep -q "docker" /proc/net/dev ; then #docker (docker0 by default) should only be present on the host system
-        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
-            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
-        fi
-    fi
-}
-
-setup_php_env() {
-    if [ -z "$VIRTUAL_HOST" ] ; then
-      VIRTUAL_HOST="$ServerIP"
-    fi;
-    local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\","
-    local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\","
-    local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\","
-
-    # idempotent line additions
-    grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG"
-    grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG"
-    grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG"
-
-    echo "Added ENV to php:"
-    grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
-}
-
-setup_web_port() {
-    local warning="WARNING: Custom WEB_PORT not used"
-    # Quietly exit early for empty or default
-    if [[ -z "${1}" || "${1}" == '80' ]] ; then return ; fi
-
-    if ! echo $1 | grep -q '^[0-9][0-9]*$' ; then 
-        echo "$warning - $1 is not an integer"
-        return
-    fi
-
-    local -i web_port="$1"
-    if (( $web_port < 1 || $web_port > 65535 )); then
-        echo "$warning - $web_port is not within valid port range of 1-65535"
-        return
-    fi
-    echo "Custom WEB_PORT set to $web_port"
-    echo "INFO: Without proper router DNAT forwarding to $ServerIP:$web_port, you may not get any blocked websites on ads"
-
-    # Update any default port 80 references in the HTML
-    grep -Prl '://127\.0\.0\.1/' /var/www/html/ | xargs -r sed -i "s|/127\.0\.0\.1/|/127.0.0.1:${WEB_PORT}/|g"
-    grep -Prl '://pi\.hole/' /var/www/html/ | xargs -r sed -i "s|/pi\.hole/|/pi\.hole:${WEB_PORT}/|g"
-    # Update lighttpd's port
-    sed -i '/server.port\s*=\s*80\s*$/ s/80/'$WEB_PORT'/g' /etc/lighttpd/lighttpd.conf
-
-}
-
-generate_password() {
-    if [ -z "${WEBPASSWORD+x}" ] ; then
-        # Not set at all, give the user a random pass
-        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
-        echo "Assigning random password: $WEBPASSWORD"
-    fi;
-}
-
-setup_web_password() {
-    setup_var_exists "WEBPASSWORD" && return
-
-    PASS="$1"
-    # Turn bash debug on while setting up password (to print it)
-    if [[ "$PASS" == "" ]] ; then
-        echo "" | pihole -a -p
-    else
-        echo "Setting password: ${PASS}"
-        set -x
-        pihole -a -p "$PASS" "$PASS"
-    fi
-    # Turn bash debug back off after print password setup
-    # (subshell to null hides printing output)
-    { set +x; } 2>/dev/null
-
-    # To avoid printing this if conditional in bash debug, turn off  debug above..
-    # then re-enable debug if necessary (more code but cleaner printed output)
-    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
-        set -x
-    fi
-}
-
-setup_ipv4_ipv6() {
-    local ip_versions="IPv4 and IPv6"
-    if [ "$IPv6" != "True" ] ; then
-        ip_versions="IPv4"
-        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
-    fi;
-    echo "Using $ip_versions"
-}
-
-test_configs() {
-    set -e
-    echo -n '::: Testing pihole-FTL DNS: '
-    sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
-    echo -n '::: Testing lighttpd config: '
-    lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
-    set +e
-    echo "::: All config checks passed, cleared for startup ..."
-}
-
-
-setup_blocklists() {
-    local blocklists="$1"   
-    # Exit/return early without setting up adlists with defaults for any of the following conditions:
-    # 1. skip_setup_blocklists env is set
-    exit_string="(exiting ${FUNCNAME[0]} early)"
-
-    if [ -n "${skip_setup_blocklists}" ]; then
-        echo "::: skip_setup_blocklists requested ($exit_string)"
-        return
-    fi
-
-    # 2. The adlist file exists already (restarted container or volume mounted list)
-    if [ -f "${adlistFile}" ]; then
-        echo "::: Preexisting ad list ${adlistFile} detected ($exit_string)"
-        cat "${adlistFile}"
-        return
-    fi
-
-    echo "::: ${FUNCNAME[0]} now setting default blocklists up: "
-    echo "::: TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
-    installDefaultBlocklists
-
-    echo "::: Blocklists (${adlistFile}) now set to:"
-    cat "${adlistFile}"
-}
-
-setup_var_exists() {
-    local KEY="$1"
-    if [ -n "$2" ]; then
-        local REQUIRED_VALUE="[^\n]+"
-    fi
-    if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
-        echo "::: Pre existing ${KEY} found"
-        true
-    else
-        false
-    fi
-}
-
--- a/build-and-test.sh
+++ b/build-and-test.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -ex
+
+if [[ "$1" == "enter" ]]; then
+    enter="-it --entrypoint=bash"
+fi
+
+GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g")
+GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true)
+GIT_TAG="${GIT_TAG:-$GIT_BRANCH}"
+
+# generate and build dockerfile
+docker build --tag image_pipenv --file test/Dockerfile test/
+docker run --rm \
+    --volume /var/run/docker.sock:/var/run/docker.sock \
+    --volume "$(pwd):/$(pwd)" \
+    --workdir "$(pwd)" \
+    --env PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
+    --env GIT_TAG="${GIT_TAG}" \
+    ${enter} image_pipenv
--- a/circle-deploy.sh
+++ b/circle-deploy.sh
@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-# Circle CI Job for merging/deploying all architectures (post-test passing)
-. circle-vars.sh
-
-annotate() {
-    local base=$1
-    local image=$2
-    local arch=$3
-    local annotate_flags="${annotate_map[$arch]}"
-
-    $dry docker manifest annotate ${base} ${image} --os linux ${annotate_flags}
-}
-
-# Keep in sync with circle-ci job names
-declare -A annotate_map=( 
-    ["amd64"]="--arch amd64" 
-    ["armel"]="--arch arm --variant v6" 
-    ["armhf"]="--arch arm --variant v7" 
-    ["arm64"]="--arch arm64 --variant v8"
-)
-
-# push image when not running a PR
-mkdir -p ~/.docker
-export DOCKER_CLI_EXPERIMENTAL='enabled'
-echo "{}" | jq '.experimental="enabled"' | tee ~/.docker/config.json
-docker info
-if [[ "$CIRCLE_PR_NUMBER" == "" ]]; then
-    images=()
-    echo $DOCKERHUB_PASS | docker login --username=$DOCKERHUB_USER --password-stdin
-    ls -lat ./ci-workspace/
-    cd ci-workspace
-
-    for arch in *; do
-        arch_image=$(cat $arch)
-        docker pull $arch_image
-        images+=($arch_image)
-    done
-
-    for docker_tag in $MULTIARCH_IMAGE $LATEST_IMAGE; do
-        docker manifest create $docker_tag ${images[*]}
-        for arch in *; do
-            arch_image=$(cat $arch)
-            docker pull $arch_image
-            annotate "$docker_tag" "$arch_image" "$arch"
-        done
-
-        docker manifest inspect "$docker_tag"
-        docker manifest push "$docker_tag"
-    done;
-fi
--- a/circle-test.sh
+++ b/circle-test.sh
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-
-# Circle CI Job for single architecture
-
-# setup qemu/variables
-docker run --rm --privileged multiarch/qemu-user-static:register --reset > /dev/null
-. circle-vars.sh
-
-if [[ "$1" == "enter" ]]; then
-    enter="-it --entrypoint=sh"
-fi
-
-# generate and build dockerfile
-docker build -t image_pipenv -f Dockerfile_build .
-env > /tmp/env
-docker run --rm \
-    -v /var/run/docker.sock:/var/run/docker.sock \
-    -v "$(pwd):/$(pwd)" \
-    -w "$(pwd)" \
-    -e PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
-    --env-file /tmp/env \
-    $enter image_pipenv
-# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd):/$(pwd)" -w "$(pwd)" --env-file /tmp/env image_pipenv /ws/Dockerfile.sh
-
-docker images
-echo $DOCKERHUB_PASS | docker login --username=$DOCKERHUB_USER --password-stdin
-docker push $ARCH_IMAGE
-mkdir -p ci-workspace
-echo "$ARCH_IMAGE" | tee ./ci-workspace/$ARCH
--- a/circle-vars.sh
+++ b/circle-vars.sh
@@ -1,49 +0,0 @@
-set -a
-
-CIRCLE_JOB="${CIRCLE_JOB:-}"
-ARCH="${ARCH:-$CIRCLE_JOB}"
-if [[ -z "$ARCH" ]] ; then
-    echo "Defaulting arch to amd64"
-    ARCH="amd64"
-fi
-BASE_IMAGE="${BASE_IMAGE:-${CIRCLE_PROJECT_REPONAME}}"
-if [[ -z "$BASE_IMAGE" ]] ; then
-    echo "Defaulting image name to pihole"
-    BASE_IMAGE="pihole"
-fi
-
-# The docker image will  match the github repo path by default but is overrideable with CircleCI environment
-# BASE_IMAGE Overridable by Circle environment, including namespace (e.g. BASE_IMAGE=bobsmith/test-img:latest)
-CIRCLE_PROJECT_USERNAME="${CIRCLE_PROJECT_USERNAME:-unset}"
-HUB_NAMESPACE="${HUB_NAMESPACE:-$CIRCLE_PROJECT_USERNAME}"
-[[ $CIRCLE_PROJECT_USERNAME == "pi-hole" ]] && HUB_NAMESPACE="pihole" # Custom mapping for namespace
-[[ $BASE_IMAGE != *"/"* ]] && BASE_IMAGE="${HUB_NAMESPACE}/${BASE_IMAGE}" # If missing namespace, add one
-
-# Secondary docker tag info (origin github branch/tag) will get prepended also
-ARCH_IMAGE="$BASE_IMAGE"
-[[ $ARCH_IMAGE != *":"* ]] && ARCH_IMAGE="${BASE_IMAGE}:$ARCH" # If tag missing, add circle job name as a tag (architecture here)
-
-DOCKER_TAG="${CIRCLE_TAG:-$CIRCLE_BRANCH}"
-if [[ -n "$DOCKER_TAG" ]]; then
-    # remove latest tag if used (as part of a user provided image variable)
-    ARCH_IMAGE="${ARCH_IMAGE/:latest/:}"
-    # Prepend the github tag(version) or branch. image:arch = image:v1.0-arch
-    ARCH_IMAGE="${ARCH_IMAGE/:/:${DOCKER_TAG}-}"
-    # latest- sometimes has a trailing slash, remove it
-    ARCH_IMAGE="${ARCH_IMAGE/%-/}"
-fi
-
-# To get latest released, cut a release on https://github.com/pi-hole/docker-pi-hole/releases (manually gated for quality control)
-latest_tag=''
-if ! latest_tag=$(curl -sI https://github.com/pi-hole/docker-pi-hole/releases/latest | grep --color=never -i Location | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then
-    print "Failed to retrieve latest docker-pi-hole release metadata"
-else
-    if [[ "$DOCKER_TAG" == "$latest_tag" ]] ; then
-        #LATEST_IMAGE="$BASE_IMAGE:latest"
-        LATEST_IMAGE="$BASE_IMAGE:testing_latest_deleteme"
-    fi
-fi
-
-MULTIARCH_IMAGE="$BASE_IMAGE:$DOCKER_TAG"
-
-set +a
--- a/docker-compose-traefik-proxy.md
+++ b/docker-compose-traefik-proxy.md
@@ -1,108 +0,0 @@
-Please note the following about this [traefik](https://traefik.io/) example for Docker Pi-hole
-
- Still requires standard Pi-hole setup steps, make sure you've gone through the [README](https://github.com/pihole/docker-pi-hole/blob/master/README.md) and understand how to setup Pi-hole without traefik first
- Update these things before using:
-    - set instances of `homedomain.lan` below to your home domain (typically set in your router)
-    - set your Pi-hole ENV WEBPASSWORD if you don't want a random admin pass
- This works for me, Your mileage may vary!
- For support, do your best to figure out traefik issues on your own:
-    - by looking at logs and traefik web interface on port 8080
-    - also by searching the web and searching their forums/docker issues for similar question/problems
- Port 8053 is mapped directly to Pi-hole to serve as a back door without going through traefik
- There is some delay after starting your container before traefik forwards the HTTP traffic correctly, give it a minute
-
-```
-version: '3'
-
-services:
-  #
-  traefik:
-    container_name: traefik
-    domainname: homedomain.lan
-
-    image: traefik
-    restart: unless-stopped
-    # Note I opt to whitelist certain apps for exposure to traefik instead of auto discovery
-    # use `--docker.exposedbydefault=true` if you don't want to have to do this
-    command: "--web --docker --docker.domain=homedomain.lan --docker.exposedbydefault=false --logLevel=DEBUG"
-    ports:
-      - "80:80"
-      - "443:443"
-      - "8080:8080"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /dev/null:/traefik.toml
-    networks:
-      - default
-      - discovery
-    dns:
-      - 192.168.1.50
-      - 192.168.1.1
-
-  pihole:
-    container_name: pihole
-    domainname: homedomain.lan
-
-    image: pihole/pihole:latest
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
-    ports:
-      - '0.0.0.0:53:53/tcp'
-      - '0.0.0.0:53:53/udp'
-      - '0.0.0.0:67:67/udp'
-      - '0.0.0.0:8053:80/tcp'
-    volumes:
-      - ./etc-pihole/:/etc/pihole/
-      - ./etc-dnsmasqd/:/etc/dnsmasq.d/
-      # run `touch ./pihole.log` first unless you like errors
-      # - ./pihole.log:/var/log/pihole.log
-    environment:
-      ServerIP: 192.168.1.50
-      PROXY_LOCATION: pihole
-      VIRTUAL_HOST: pihole.homedomain.lan
-      VIRTUAL_PORT: 80
-      TZ: 'America/Chicago'
-      # WEBPASSWORD:
-    restart: unless-stopped
-    labels:
-       # required when using --docker.exposedbydefault=false
-       - "traefik.enable=true"
-       # https://www.techjunktrunk.com/docker/2017/11/03/traefik-default-server-catch-all/
-       - "traefik.frontend.rule=HostRegexp:pihole.homedomain.lan,{catchall:.*}"
-       - "traefik.frontend.priority=1"
-       - "traefik.backend=pihole"
-       - "traefik.port=80"
-
-networks:
-  # Discovery is manually created to avoid forcing any order of docker-compose stack creation (`docker network create discovery`)
-  # allows other compose files to be seen by proxy
-  # Not required if you aren't using multiple docker-compose files...
-  discovery:
-    external: true
-```
-
-After running `docker-compose up -d` you should see this if you look at logs on traefik `docker-compose logs -f traefik`
-
-```
-traefik    | time="2018-03-07T18:57:41Z" level=debug msg="Provider event received {Status:health_status: healthy ID:33567e94e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 From:pihole/pihole:latest Type:container Action:health_status: healthy Actor:{ID:33567e94
-e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 Attributes:map[com.docker.compose.project:traefik image:pihole/pihole:latest traefik.frontend.priority:1 com.docker.compose.container-number:1 com.docker.compose.service:pihole com.docker.compose.version:1.19.0 name:pihole traefik.enable:true url:https://www.github.com/pihole/docker-pi-hole com.docker.compose.oneoff:False maintainer:adam@diginc.us traefik.backend:pihole traefik.frontend.rule:HostRegexp:pihole.homedomain.lan,{catchall:.*} traefik.port:80 com.docker.compose.config-
-hash:7551c3f4bd11766292c7dad81473ef21da91cae8666d1b04a42d1daab53fba0f]} Scope:local Time:1520449061 TimeNano:1520449061934970670}"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Filtering disabled container /traefik"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.whitelistSourceRange labels"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.entryPoints labels"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.auth.basic labels"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Validation of load balancer method for backend backend-pihole failed: invalid load-balancing method ''. Using default method wrr."
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-pihole":{"servers":{"server-pihole":{"url":"http://172.18.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-HostRegexp
-pihole-homedomain-lan-catchall-0":{"entryPoints":["http"],"backend":"backend-pihole","routes":{"route-frontend-HostRegexp-pihole-homedomain-lan-catchall-0":{"rule":"HostRegexp:pihole.homedomain.lan,{catchall:.*}"}},"passHostHeader":true,"priority":1,"basicAuth":[]}}}"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating frontend frontend-HostRegexp-pihole-homedomain-lan-catchall-0"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Wiring frontend frontend-HostRegexp-pihole-homedomain-lan-catchall-0 to entryPoint http"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating route route-frontend-HostRegexp-pihole-homedomain-lan-catchall-0 HostRegexp:pihole.homedomain.lan,{catchall:.*}"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating backend backend-pihole"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating load-balancer wrr"
-traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating server server-pihole at http://172.18.0.2:80 with weight 0"
-traefik    | time="2018-03-07T18:57:42Z" level=info msg="Server configuration reloaded on :80"
-traefik    | time="2018-03-07T18:57:42Z" level=info msg="Server configuration reloaded on :8080"
-```
-
-Also your port 8080 should list the Route/Rule for pihole and backend-pihole container.
--- a/doco-example.yml
+++ b/doco-example.yml
@@ -1 +0,0 @@
-docker-compose.yml
--- a/examples/docker-compose-nginx-proxy.yml
+++ b/examples/docker-compose-nginx-proxy.yml
@@ -3,8 +3,8 @@ version: "3"
 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

 services:
-  jwilder-proxy:
-    image: jwilder/nginx-proxy
+  nginx-proxy:
+    image: nginxproxy/nginx-proxy
    ports:
      - '80:80'
    environment:
@@ -15,20 +15,16 @@ services:

  pihole:
    image: pihole/pihole:latest
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      - "67:67/udp"
      - '8053:80/tcp'
-      - "443:443/tcp"
    volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      # run `touch ./var-log/pihole.log` first unless you like errors
-      # - './var-log/pihole.log:/var/log/pihole.log'
+      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
@@ -41,7 +37,7 @@ services:
    extra_hosts:
      # Resolve to nothing domains (terminate connection)
      - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
-      # LAN hostnames for other docker containers using jwilder
+      # LAN hostnames for other docker containers using nginx-proxy
      - 'yourDomain.lan:192.168.41.55'
      - 'pihole pihole.yourDomain.lan:192.168.41.55'
      - 'ghost ghost.yourDomain.lan:192.168.41.55'
@@ -55,9 +51,9 @@ services:
 #    ports:
 #      - '2368:2368/tcp'
 #    volumes:
-#      - '/etc/ghost/:/ghost-override'
+#      - '/etc/ghost:/ghost-override'
 #    environment:
 #      PROXY_LOCATION: ghost
 #      VIRTUAL_HOST: ghost.yourDomain.lan
 #      VIRTUAL_PORT: 2368
-#    restart: always
+#    restart: always
--- a/examples/docker-compose.yml.example
+++ b/examples/docker-compose.yml.example
@@ -12,21 +12,14 @@ services:
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
-      - "443:443/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
-      # run `touch ./var-log/pihole.log` first unless you like errors
-      # - './var-log/pihole.log:/var/log/pihole.log'
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
-    # Recommended but not required (DHCP needs NET_ADMIN)
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
-    restart: unless-stopped
+    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)  
--- a/examples/docker-pi-hole.cron
+++ b/examples/docker-pi-hole.cron
@@ -22,7 +22,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 #          Download any updates from the adlists
 59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updateGravity > /dev/null

-# Update docker-pi-hole by pulling the latest docker image ane re-creating your container.
+# Update docker-pi-hole by pulling the latest docker image and re-creating your container.
 # pihole software update commands are unsupported in docker!
 #30 2    * * 7   root    PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updatePihole > /dev/null

--- a/examples/docker_run.sh
+++ b/examples/docker_run.sh
@@ -2,23 +2,30 @@

 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

+PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}"
+[[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
+
+# Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip.
 docker run -d \
    --name pihole \
    -p 53:53/tcp -p 53:53/udp \
    -p 80:80 \
-    -p 443:443 \
    -e TZ="America/Chicago" \
-    -v "$(pwd)/etc-pihole/:/etc/pihole/" \
-    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
+    -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \
+    -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --restart=unless-stopped \
+    --hostname pi.hole \
+    -e VIRTUAL_HOST="pi.hole" \
+    -e PROXY_LOCATION="pi.hole" \
+    -e FTLCONF_LOCAL_IPV4="127.0.0.1" \
    pihole/pihole:latest

 printf 'Starting up pihole container '
 for i in $(seq 1 20); do
    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
        printf ' OK'
-        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
+        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: http://${IP}/admin/"
        exit 0
    else
        sleep 3
@@ -26,7 +33,7 @@ for i in $(seq 1 20); do
    fi

    if [ $i -eq 20 ] ; then
-        echo -e "\nTimed out waiting for Pi-hole start, consult check your container logs for more info (\`docker logs pihole\`)"
+        echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)"
        exit 1
    fi
 done;
--- a/examples/pihole.service
+++ b/examples/pihole.service
--- a/install.sh
+++ b/install.sh
@@ -1,113 +0,0 @@
-#!/bin/bash -ex
-
-mkdir -p /etc/pihole/
-mkdir -p /var/run/pihole
-# Production tags with valid web footers
-export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
-export WEB_VERSION="v4.3.3"
-
-# Only use for pre-production / testing
-export CHECKOUT_BRANCHES=false
-# Search for release/* branch naming convention for custom checkouts
-if [[ "$CORE_VERSION" == *"release/"* ]] ; then
-    CHECKOUT_BRANCHES=true
-fi
-
-apt-get update
-apt-get install --no-install-recommends -y curl procps ca-certificates
-curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C /
-mv /init /s6-init
-
-# debconf-apt-progress seems to hang so get rid of it too
-which debconf-apt-progress
-mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
-
-# Get the install functions
-curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL"
-PH_TEST=true . "${PIHOLE_INSTALL}"
-
-# Preseed variables to assist with using --unattended install
-{
-  echo "PIHOLE_INTERFACE=eth0"
-  echo "IPV4_ADDRESS=0.0.0.0"
-  echo "IPV6_ADDRESS=0:0:0:0:0:0"
-  echo "PIHOLE_DNS_1=8.8.8.8"
-  echo "PIHOLE_DNS_2=8.8.4.4"
-  echo "QUERY_LOGGING=true"
-  echo "INSTALL_WEB_SERVER=true"
-  echo "INSTALL_WEB_INTERFACE=true"
-  echo "LIGHTTPD_ENABLED=true"
-}>> "${setupVars}"
-source $setupVars
-
-export USER=pihole
-distro_check
-
-# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
-apt-get -y install debconf-utils
-echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
-
-ln -s /bin/true /usr/local/bin/service
-bash -ex "./${PIHOLE_INSTALL}" --unattended
-rm /usr/local/bin/service
-# Old way of setting up
-#install_dependent_packages INSTALLER_DEPS[@]
-#install_dependent_packages PIHOLE_DEPS[@]
-#install_dependent_packages PIHOLE_WEB_DEPS[@]
-# IPv6 support for nc openbsd better than traditional
-apt-get install -y --force-yes netcat-openbsd
-
-piholeGitUrl="${piholeGitUrl}"
-webInterfaceGitUrl="${webInterfaceGitUrl}"
-webInterfaceDir="${webInterfaceDir}"
-#git clone --branch "${CORE_VERSION}" --depth 1 "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}"
-#git clone --branch "${WEB_VERSION}" --depth 1 "${webInterfaceGitUrl}" "${webInterfaceDir}"
-
-tmpLog="/tmp/pihole-install.log"
-installLogLoc="${installLogLoc}"
-FTLdetect 2>&1 | tee "${tmpLog}"
-installPihole 2>&1 | tee "${tmpLog}"
-mv "${tmpLog}" /
-
-fetch_release_metadata() {
-    local directory="$1"
-    local version="$2"
-    pushd "$directory"
-    git fetch -t
-    git remote set-branches origin '*'
-    git fetch --depth 10
-    git checkout master
-    git reset --hard "$version"
-    popd
-}
-
-if [[ $CHECKOUT_BRANCHES == true ]] ; then
-    ln -s /bin/true /usr/local/bin/service
-    ln -s /bin/true /usr/local/bin/update-rc.d
-    echo y | bash -x pihole checkout core ${CORE_VERSION}
-    echo y | bash -x pihole checkout web ${WEB_VERSION}
-    echo y | bash -x pihole checkout ftl tweak/overhaul_overTime
-    # If the v is forgotten: ${CORE_VERSION/v/}
-    unlink /usr/local/bin/service
-    unlink /usr/local/bin/update-rc.d
-else
-    # Reset to our tags so version numbers get detected correctly
-    fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}"
-    fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}"
-fi
-# FTL Armel fix not in prod yet
-# Remove once https://github.com/pi-hole/pi-hole/commit/3fbb0ac8dde14b8edc1982ae3a2a021f3cf68477 is in master
-if [[ "$ARCH" == 'armel' ]]; then
-    curl -o /usr/bin/pihole-FTL https://ftl.pi-hole.net/development/pihole-FTL-armel-native
-fi
-
-sed -i 's/readonly //g' /opt/pihole/webpage.sh
-sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
-
-# Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc`
-sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
-sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
-
-touch /.piholeFirstBoot
-
-echo 'Docker install successful'
--- a/s6/debian-root/etc/cont-init.d/20-start.sh
+++ b/s6/debian-root/etc/cont-init.d/20-start.sh
@@ -1,20 +0,0 @@
-#!/usr/bin/with-contenv bash
-set -e
-
-bashCmd='bash -e'
-if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then 
-    set -x ;
-    bashCmd='bash -e -x'
-fi
-
-# used to start dnsmasq here for gravity to use...now that conflicts port 53
-
-$bashCmd /start.sh
-# Gotta go fast, no time for gravity
-if [ -n "$PYTEST" ]; then 
-    sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" 
-fi
-gravity.sh
-
-# Kill dnsmasq because s6 won't like it if it's running when s6 services start
-kill -9 $(pgrep pihole-FTL) || true
--- a/s6/debian-root/etc/fix-attrs.d/01-resolver-resolv
+++ b/s6/debian-root/etc/fix-attrs.d/01-resolver-resolv
@@ -1 +0,0 @@
-/etc/resolv.conf false doesntexist,0:1000 0664 0664
--- a/s6/debian-root/etc/services.d/cron/run
+++ b/s6/debian-root/etc/services.d/cron/run
@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv bash
-s6-echo "Starting crond"
-
-exec -c
-fdmove -c 2 1 /usr/sbin/cron -f
--- a/s6/debian-root/etc/services.d/lighttpd/finish
+++ b/s6/debian-root/etc/services.d/lighttpd/finish
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Stopping lighttpd"
-killall -9 lighttpd
--- a/s6/debian-root/etc/services.d/lighttpd/run
+++ b/s6/debian-root/etc/services.d/lighttpd/run
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Starting lighttpd"
-lighttpd -D -f /etc/lighttpd/lighttpd.conf
--- a/s6/debian-root/etc/services.d/pihole-FTL/finish
+++ b/s6/debian-root/etc/services.d/pihole-FTL/finish
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Stopping pihole-FTL"
-kill -9 $(pgrep pihole-FTL)
--- a/s6/debian-root/etc/services.d/pihole-FTL/run
+++ b/s6/debian-root/etc/services.d/pihole-FTL/run
@@ -1,9 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
-s6-setuidgid ${DNSMASQ_USER} pihole-FTL $FTL_CMD >/dev/null 2>&1
-
-# Notes on above:
-# - DNSMASQ_USER default of root is in Dockerfile & can be overwritten by runtime container env
-# - /var/log/pihole*.log has FTL's output that no-daemon would normally print in FG too
-#   prevent duplicating it in docker logs by sending to dev null
--- a/s6/debian-root/usr/bin/host-ip
+++ b/s6/debian-root/usr/bin/host-ip
@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-#
-# This script will determine the network IP of the container.
-#
-# Return format should be a single IP address.
-#
-
-# Default to using the value of the $HOSTNAME ENV variable.
-getent hosts ${1:-$HOSTNAME} | awk '{print $1}'
--- a/s6/debian-root/usr/bin/set-contenv
+++ b/s6/debian-root/usr/bin/set-contenv
@@ -1,12 +0,0 @@
-#!/usr/bin/execlineb -S0
-
-if { s6-test $# -eq 2 }
-
-backtick -in FILENAME {
-    pipeline { s6-echo "${1}" }
-    tr "a-z" "A-Z"
-}
-import -u FILENAME
-
-redirfd -w 1 /var/run/s6/container_environment/${FILENAME}
-s6-echo -n -- ${2}
--- a/s6/service
+++ b/s6/service
@@ -1,30 +0,0 @@
-#!/bin/bash
-# This script patches all service commands into the appropriate s6- commands
-# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
-start() {
-    s6-svc -wU -u -T2500 /var/run/s6/services/$service
-}
-
-stop() {
-    s6-svc -wD -d -T2500 /var/run/s6/services/$service
-}
-
-restart() {
-    stop
-    start
-    #s6-svc -t -wR -T5000 /var/run/s6/services/$service
-}
-
-status() {
-    s6-svstat /var/run/s6/services/$service
-}
-
-service="$1"
-command="$2"
-
-if [[ ! -d "/var/run/s6/services/$service" ]] ; then
-    echo "s6 service not found for $service, exiting..."
-    exit
-fi;
-
-${command} "${service}"
--- a/s6/timeout
+++ b/s6/timeout
@@ -1,15 +0,0 @@
-#!/bin/bash
-# A shim to make busybox timeout take in debian style args
-# v1 only need support for this style: `timeout 1 getent hosts github.com`
-
-# Busybox args:
-#   Usage: timeout [-t SECS] [-s SIG] PROG ARGS
-# Debian args:
-#   Usage: timeout [OPTION] DURATION COMMAND [ARG]...
-#     or:  timeout [OPTION]
-
-TIMEOUT=/usr/bin/timeout
-SECS="${1}"
-ARGS="${@:2}"
-
-$TIMEOUT -t $SECS $ARGS
--- a/setup.py
+++ b/setup.py
@@ -1,6 +0,0 @@
-from setuptools import setup
-
-setup(
-    setup_requires=['pytest-runner'],
-    tests_require=['pytest'],
-)
--- a/src/.dockerignore
+++ b/src/.dockerignore
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -0,0 +1,45 @@
+ARG PIHOLE_BASE
+FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
+
+ARG PIHOLE_DOCKER_TAG
+ENV PIHOLE_DOCKER_TAG "${PIHOLE_DOCKER_TAG}"
+
+ENV S6_OVERLAY_VERSION v3.1.1.2
+
+ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
+
+ENTRYPOINT [ "/s6-init" ]
+
+COPY s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+# php config start passes special ENVs into
+ARG PHP_ENV_CONFIG
+ENV PHP_ENV_CONFIG /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
+ARG PHP_ERROR_LOG
+ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0
+
+
+ENV FTLCONF_LOCAL_IPV4 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER pihole
+
+ENV PATH /opt/pihole:${PATH}
+
+HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/dependencies.d/lighttpd
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/dependencies.d/lighttpd
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/dependencies.d/pihole-FTL
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/dependencies.d/pihole-FTL
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/type
@@ -0,0 +1 @@
+oneshot
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/up
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_gravityonboot/up
@@ -0,0 +1,2 @@
+#!/command/execlineb
+background { bash -e /usr/local/bin/_gravityonboot.sh }
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies
@@ -0,0 +1 @@
+_uid-gid-changer
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type
@@ -0,0 +1 @@
+oneshot
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up
@@ -0,0 +1,2 @@
+#!/command/execlineb
+foreground { bash -e /usr/local/bin/_startup.sh }
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type
@@ -0,0 +1 @@
+oneshot
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up
@@ -0,0 +1,2 @@
+#!/command/execlineb
+foreground { bash -e /usr/local/bin/_uid-gid-changer.sh }
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish
@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash

 s6-echo "Stopping cron"
 killall -9 cron
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run
@@ -0,0 +1,3 @@
+#!/command/with-contenv bash
+exec -c
+fdmove -c 2 1 /usr/sbin/cron -f
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type
@@ -0,0 +1 @@
+longrun
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish
@@ -0,0 +1,8 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd-access-log"
+pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+access\.log" |cut -f1 -d" ")
+if [[ -n ${pid} ]]; then
+  kill -9 ${pid}
+fi
+s6-echo "Stopped lighttpd-access-log"
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run
@@ -0,0 +1,5 @@
+#!/command/with-contenv bash
+
+s6-echo "Starting lighttpd-access-log"
+
+s6-setuidgid www-data cat /var/log/lighttpd/access-pihole.log 2>&1
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type
@@ -0,0 +1 @@
+longrun
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish
@@ -0,0 +1,8 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd-error-log"
+pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+error\.log" |cut -f1 -d" ")
+if [[ -n ${pid} ]]; then
+  kill -9 ${pid}
+fi
+s6-echo "Stopped lighttpd-error-log"
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run
@@ -0,0 +1,5 @@
+#!/command/with-contenv bash
+
+s6-echo "Starting lighttpd-error-log"
+
+s6-setuidgid www-data cat /var/log/lighttpd/error-pihole.log 2>&1
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type
@@ -0,0 +1 @@
+longrun
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish
@@ -0,0 +1,6 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd"
+service lighttpd-access-log stop
+service lighttpd-error-log stop
+killall -9 lighttpd
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run
@@ -0,0 +1,34 @@
+#!/command/with-contenv bash
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+if [[ 1 -eq ${WEBLOGS_STDOUT:-0} ]]; then
+  #lighthttpd cannot use /dev/stdout https://redmine.lighttpd.net/issues/2731
+  for fi in /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
+  do
+    if [[ ! -p ${fi} ]]; then
+      rm -f ${fi}
+      mkfifo -m 600 ${fi}
+    fi
+  done
+  chown -R www-data:www-data /var/log/lighttpd
+  service lighttpd-access-log start
+  service lighttpd-error-log start
+  sleep 2
+else
+  #remove fifo if exists
+  [[ -p /var/log/lighttpd/access-pihole.log ]] && rm -Rf /var/log/lighttpd/access-pihole.log
+  [[ -p  /var/log/lighttpd/error-pihole.log ]] && rm -Rf /var/log/lighttpd/error-pihole.log
+
+  # install /dev/null log files to ensure they exist (create if non-existing, preserve if existing)
+  [[ ! -f /var/log/lighttpd/access-pihole.log ]] && install /dev/null /var/log/lighttpd/access-pihole.log
+  [[ ! -f  /var/log/lighttpd/error-pihole.log ]] && install /dev/null /var/log/lighttpd/error-pihole.log
+
+  # Ensure that permissions are set so that lighttpd can write to the logs
+  chown -R www-data:www-data /var/log/lighttpd
+  chmod 0644 /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
+fi
+
+lighttpd -D -f /etc/lighttpd/lighttpd.conf
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type
@@ -0,0 +1 @@
+longrun
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish
@@ -0,0 +1,4 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping pihole-FTL"
+killall -15 pihole-FTL
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run
@@ -0,0 +1,48 @@
+#!/command/with-contenv bash
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+# Remove possible leftovers from previous pihole-FTL processes
+rm -f /dev/shm/FTL-* 2> /dev/null
+rm /run/pihole/FTL.sock 2> /dev/null
+
+# install /dev/null files to ensure they exist (create if non-existing, preserve if existing)
+mkdir -pm 0755 /run/pihole /var/log/pihole
+[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid
+[[ ! -f /run/pihole-FTL.port ]] && install /dev/null /run/pihole-FTL.port
+[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log
+[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log
+[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit all necessary files
+chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
+chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+chmod -f 0644 /etc/pihole/macvendor.db
+# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
+chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
+# Should be removed with Pi-hole v6.0
+if [ ! -f /var/log/pihole.log ]; then
+    ln -s /var/log/pihole/pihole.log /var/log/pihole.log
+    chown -h pihole:pihole /var/log/pihole.log
+
+fi
+if [ ! -f /var/log/pihole-FTL.log ]; then
+    ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+    chown -h pihole:pihole /var/log/pihole-FTL.log
+fi
+
+# Call capsh with the detected capabilities
+capsh --inh=${CAP_STR:1} --addamb=${CAP_STR:1} --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1"
+
+# Notes on above:
+# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
+# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
+#   prevent duplicating it in docker logs by sending to dev null
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type
@@ -0,0 +1 @@
+longrun
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_gravityonboot
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_gravityonboot
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd
--- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL
+++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL
--- a/src/s6/debian-root/usr/local/bin/_gravityonboot.sh
+++ b/src/s6/debian-root/usr/local/bin/_gravityonboot.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+gravityDBfile="/etc/pihole/gravity.db"
+config_file="/etc/pihole/pihole-FTL.conf"
+# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML
+echo "  Checking if custom gravity.db is set in ${config_file}"
+if [[ -f "${config_file}" ]]; then
+    gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")"
+fi
+
+if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then
+    if [ -n "$SKIPGRAVITYONBOOT" ];then
+        echo "  SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
+        echo "  Ignoring SKIPGRAVITYONBOOT on this occaision."
+    fi
+    pihole -g
+else
+    echo "  Skipping Gravity Database Update."
+fi
--- a/src/s6/debian-root/usr/local/bin/_startup.sh
+++ b/src/s6/debian-root/usr/local/bin/_startup.sh
@@ -0,0 +1,78 @@
+#!/bin/bash -e
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+# The below functions are all contained in bash_functions.sh
+# shellcheck source=/dev/null
+. /usr/local/bin/bash_functions.sh
+
+# shellcheck source=/dev/null
+SKIP_INSTALL=true . "${PIHOLE_INSTALL}"
+
+echo "  [i] Starting docker specific checks & setup for docker pihole/pihole"
+
+# TODO:
+#if [ ! -f /.piholeFirstBoot ] ; then
+#    echo "   [i] Not first container startup so not running docker's setup, re-create container to run setup again"
+#else
+#    regular_setup_functions
+#fi
+
+# Initial checks
+# ===========================
+fix_capabilities
+validate_env || exit 1
+ensure_basic_configuration
+
+# Web interface setup
+# ===========================
+setup_web_port
+load_web_password_secret
+setup_web_password
+setup_web_theme
+setup_web_temp_unit
+setup_web_layout
+setup_web_php_env
+
+# lighttpd setup
+# ===========================
+setup_ipv4_ipv6
+setup_lighttpd_bind
+
+# Misc Setup
+# ===========================
+setup_admin_email
+setup_blocklists
+
+# FTL setup
+# ===========================
+setup_FTL_upstream_DNS
+[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
+apply_FTL_Configs_From_Env
+setup_FTL_User
+setup_FTL_Interface
+setup_FTL_ListeningBehaviour
+setup_FTL_CacheSize
+setup_FTL_query_logging
+setup_FTL_server || true
+[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
+[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
+[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
+# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
+setup_FTL_ProcessDNSSettings
+
+test_configs
+
+[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
+
+echo "  [i] Docker start setup complete"
+echo ""
+
+pihole -v
+
+echo "  Container tag is: ${PIHOLE_DOCKER_TAG}"
+echo ""
+echo "  [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}"
+echo ""
--- a/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh
+++ b/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+modifyUser()
+{
+  declare username=${1:-} newId=${2:-}
+  [[ -z ${username} || -z ${newId} ]] && return
+
+  local currentId=$(id -u ${username})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "  [i] Changing ID for user: ${username} (${currentId} => ${newId})"
+  usermod -o -u ${newId} ${username}
+}
+
+modifyGroup()
+{
+  declare groupname=${1:-} newId=${2:-}
+  [[ -z ${groupname} || -z ${newId} ]] && return
+
+  local currentId=$(id -g ${groupname})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "  [i] Changing ID for group: ${groupname} (${currentId} => ${newId})"
+  groupmod -o -g ${newId} ${groupname}
+}
+
+modifyUser www-data ${WEB_UID}
+modifyGroup www-data ${WEB_GID}
+modifyUser pihole ${PIHOLE_UID}
+modifyGroup pihole ${PIHOLE_GID}
--- a/src/s6/debian-root/usr/local/bin/bash_functions.sh
+++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh
@@ -0,0 +1,534 @@
+#!/bin/bash
+
+# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
+# else it will get overridden itself when we source basic-install.sh
+[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
+
+# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
+[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$ServerIP"
+[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$ServerIPv6"
+
+# Previously used FTLCONF_ equivalent has since been deprecated, also convert this one
+[ -n "${FTLCONF_REPLY_ADDR4}" ] && echo "FTLCONF_REPLY_ADDR4 is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$FTLCONF_REPLY_ADDR4"
+[ -n "${FTLCONF_REPLY_ADDR6}" ] && echo "FTLCONF_REPLY_ADDR6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$FTLCONF_REPLY_ADDR6"
+
+# Some of the bash_functions use utilities from Pi-hole's utils.sh
+# shellcheck disable=SC2154
+# shellcheck source=/dev/null
+. /opt/pihole/utils.sh
+
+export setupVars="/etc/pihole/setupVars.conf"
+export FTLconf="/etc/pihole/pihole-FTL.conf"
+export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
+export adlistFile="/etc/pihole/adlists.list"
+
+change_setting() {
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
+}
+
+changeFTLsetting() {
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
+}
+
+fix_capabilities() {
+    # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
+    # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
+    # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
+    echo "  [i] Setting capabilities on pihole-FTL where possible"
+    /sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
+    /sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
+    /sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
+    /sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
+    /sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
+
+    if [[ ${CAP_STR} ]]; then
+        # We have the (some of) the above caps available to us - apply them to pihole-FTL
+        echo "  [i] Applying the following caps to pihole-FTL:"
+        IFS=',' read -ra CAPS <<< "${CAP_STR:1}"
+        for i in "${CAPS[@]}"; do
+            echo "        * ${i}"
+        done
+
+        setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
+
+        if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then
+            # DHCP is requested but NET_ADMIN is not available.
+            echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
+            echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
+            DHCP_ACTIVE='false'
+            change_setting "DHCP_ACTIVE" "false"
+        fi
+
+        if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
+            echo "  [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
+            echo "            If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
+            exit 1
+        fi
+    else
+        echo "  [!] WARNING: Unable to set capabilities for pihole-FTL."
+        echo "              Please ensure that the container has the required capabilities."
+        exit 1
+    fi
+}
+
+
+# shellcheck disable=SC2034
+ensure_basic_configuration() {
+    echo "  [i] Ensuring basic configuration by re-running select functions from basic-install.sh"
+    # Set Debian webserver variables for installConfigs
+    LIGHTTPD_USER="www-data"
+    LIGHTTPD_GROUP="www-data"
+    LIGHTTPD_CFG="lighttpd.conf.debian"
+    installConfigs
+    installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case
+
+    if [ ! -f "${setupVars}" ]; then
+        install -m 644 /dev/null "${setupVars}"
+        echo "  [i] Creating empty ${setupVars} file."
+        # The following setting needs to exist else the web interface version won't show in pihole -v
+        change_setting "INSTALL_WEB_INTERFACE" "true"
+    fi
+
+    set +e
+    mkdir -p /var/run/pihole /var/log/pihole
+    touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
+
+    chown pihole:root /etc/lighttpd
+
+    # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
+    chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
+    chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
+
+    set -e
+    # Update version numbers
+    pihole updatechecker
+    pihole updatechecker remote
+    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
+
+    # If the setup variable file exists,
+    if [[ -e "${setupVars}" ]]; then
+        cp -f "${setupVars}" "${setupVars}.update.bak"
+    fi
+
+    # Remove any existing macvendor.db and replace it with a symblink to the one moved to the root directory (see install.sh)
+    if [[ -f "/etc/pihole/macvendor.db" ]]; then
+        rm /etc/pihole/macvendor.db
+    fi
+    ln -s /macvendor.db /etc/pihole/macvendor.db
+
+    # When fresh empty directory volumes are used then we need to create this file
+    if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
+        cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
+    fi;
+
+    # setup_or_skip_gravity
+}
+
+validate_env() {
+    # Optional FTLCONF_LOCAL_IPV4 is a valid IP
+    # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
+    # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
+    if [[ "$(nc -4 -w1 -z "$FTLCONF_LOCAL_IPV4" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV4" > /dev/null ; then
+        echo "ERROR: FTLCONF_LOCAL_IPV4 Environment variable ($FTLCONF_LOCAL_IPV4) doesn't appear to be a valid IPv4 address"
+        exit 1
+    fi
+
+    # Optional IPv6 is a valid address
+    if [[ -n "$FTLCONF_LOCAL_IPV6" ]] ; then
+        if [[ "$FTLCONF_LOCAL_IPV6" == 'kernel' ]] ; then
+            echo "  [!] ERROR: You passed in IPv6 with a value of 'kernel', this maybe because you do not have IPv6 enabled on your network"
+            unset FTLCONF_LOCAL_IPV6
+            exit 1
+        fi
+        if [[ "$(nc -6 -w1 -z "$FTLCONF_LOCAL_IPV6" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV6" > /dev/null ; then
+            echo "  [!] ERROR: FTLCONF_LOCAL_IPV6 Environment variable ($FTLCONF_LOCAL_IPV6) doesn't appear to be a valid IPv6 address"
+            echo "        TIP: If your server is not IPv6 enabled just remove '-e FTLCONF_LOCAL_IPV6' from your docker container"
+            exit 1
+        fi
+    fi;
+}
+
+setup_FTL_User(){
+    # Run DNSMASQ as root user to avoid SHM permission issues
+    if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
+        # Change user that had been set previously to root
+        for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
+            sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
+        done
+    else
+      echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
+    fi
+}
+
+setup_FTL_Interface(){
+    local interface="${INTERFACE:-eth0}"
+
+    # Set the interface for FTL to listen on
+    local interfaceType='default'
+    if [ "$interface" != 'eth0' ] ; then
+      interfaceType='custom'
+    fi;
+    echo "  [i] FTL binding to $interfaceType interface: $interface"
+    change_setting "PIHOLE_INTERFACE" "${interface}"
+}
+
+setup_FTL_ListeningBehaviour(){
+    if [ -n "$DNSMASQ_LISTENING" ]; then
+      change_setting "DNSMASQ_LISTENING" "${DNSMASQ_LISTENING}"
+    fi;
+}
+
+setup_FTL_CacheSize() {
+    local warning="  [i] WARNING: CUSTOM_CACHE_SIZE not used"
+    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+    # Quietly exit early for empty or default
+    if [[ -z "${CUSTOM_CACHE_SIZE}" || "${CUSTOM_CACHE_SIZE}" == '10000' ]] ; then return ; fi
+
+    if [[ "${DNSSEC}" == "true" ]] ; then
+        echo "$warning - Cannot change cache size if DNSSEC is enabled"
+        return
+    fi
+
+    if ! echo "$CUSTOM_CACHE_SIZE" | grep -q '^[0-9]*$' ; then
+        echo "$warning - $CUSTOM_CACHE_SIZE is not an integer"
+        return
+    fi
+
+    local -i custom_cache_size="$CUSTOM_CACHE_SIZE"
+    if (( custom_cache_size < 0 )); then
+        echo "$warning - $custom_cache_size is not a positive integer or zero"
+        return
+    fi
+    echo "  [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
+
+    change_setting "CACHE_SIZE" "$custom_cache_size"
+    sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
+}
+
+apply_FTL_Configs_From_Env(){
+    # Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeFTLsetting
+    # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf
+    # setting defined here: https://docs.pi-hole.net/ftldns/configfile/
+    declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(.+)\"/\1 \2/' | while read -r name value
+    do
+        echo "  [i] Applying pihole-FTL.conf setting $name=$value"
+        changeFTLsetting "$name" "$value"
+    done
+}
+
+setup_FTL_dhcp() {
+  if [ -z "${DHCP_START}" ] || [ -z "${DHCP_END}" ] || [ -z "${DHCP_ROUTER}" ]; then
+    echo "  [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER"
+    change_setting "DHCP_ACTIVE" "false"
+  else
+    change_setting "DHCP_ACTIVE" "${DHCP_ACTIVE}"
+    change_setting "DHCP_START" "${DHCP_START}"
+    change_setting "DHCP_END" "${DHCP_END}"
+    change_setting "DHCP_ROUTER" "${DHCP_ROUTER}"
+    change_setting "DHCP_LEASETIME" "${DHCP_LEASETIME}"
+    change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+    change_setting "DHCP_IPv6" "${DHCP_IPv6}"
+    change_setting "DHCP_rapid_commit" "${DHCP_rapid_commit}"
+  fi
+}
+
+setup_FTL_query_logging(){
+    if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then
+        echo "  [i] Disabling Query Logging"
+        change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE"
+        removeKey "${dnsmasqconfig}" log-queries
+    else
+        # If it is anything other than false, set it to true
+        change_setting "QUERY_LOGGING" "true"
+        # Set pihole logging on for good measure
+        echo "  [i] Enabling Query Logging"
+        addKey "${dnsmasqconfig}" log-queries
+    fi
+
+}
+
+setup_FTL_server(){
+    [ -n "${REV_SERVER}" ] && change_setting "REV_SERVER" "$REV_SERVER"
+    [ -n "${REV_SERVER_DOMAIN}" ] && change_setting "REV_SERVER_DOMAIN" "$REV_SERVER_DOMAIN"
+    [ -n "${REV_SERVER_TARGET}" ] && change_setting "REV_SERVER_TARGET" "$REV_SERVER_TARGET"
+    [ -n "${REV_SERVER_CIDR}" ] && change_setting "REV_SERVER_CIDR" "$REV_SERVER_CIDR"
+
+    if [ -z "$REV_SERVER" ];then
+        # If the REV_SERVER* variables are set, then there is no need to add these.
+        # If it is not set, then adding these variables is fine, and they will be converted by the Pi-hole install script
+        [ -n "${CONDITIONAL_FORWARDING}" ] && change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
+        [ -n "${CONDITIONAL_FORWARDING_IP}" ] && change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
+        [ -n "${CONDITIONAL_FORWARDING_DOMAIN}" ] && change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
+        [ -n "${CONDITIONAL_FORWARDING_REVERSE}" ] && change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
+    fi
+}
+
+setup_FTL_upstream_DNS(){
+    if [ -z "${PIHOLE_DNS_}" ]; then
+        # For backward compatibility, if DNS1 and/or DNS2 are set, but PIHOLE_DNS_ is not, convert them to
+        # a semi-colon delimited string and store in PIHOLE_DNS_
+        # They are not used anywhere if PIHOLE_DNS_ is set already
+        [ -n "${DNS1}" ] && echo "  [i] Converting DNS1 to PIHOLE_DNS_" && PIHOLE_DNS_="$DNS1"
+        [[ -n "${DNS2}" && "${DNS2}" != "no" ]] && echo "  [i] Converting DNS2 to PIHOLE_DNS_" && PIHOLE_DNS_="$PIHOLE_DNS_;$DNS2"
+    fi
+
+    # Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config
+    if [ -n "${PIHOLE_DNS_}" ]; then
+        echo "  [i] Setting DNS servers based on PIHOLE_DNS_ variable"
+        # Remove any PIHOLE_DNS_ entries from setupVars.conf, if they exist
+        sed -i '/PIHOLE_DNS_/d' /etc/pihole/setupVars.conf
+        # Split into an array (delimited by ;)
+        # Loop through and add them one by one to setupVars.conf
+        IFS=";" read -r -a PIHOLE_DNS_ARR <<< "${PIHOLE_DNS_}"
+        count=1
+        valid_entries=0
+        for i in "${PIHOLE_DNS_ARR[@]}"; do
+            # Ensure we don't have an empty value first (see https://github.com/pi-hole/docker-pi-hole/issues/1174#issuecomment-1228763422 )
+            if [ -n "$i" ]; then
+              if valid_ip "$i" || valid_ip6 "$i" ; then
+                change_setting "PIHOLE_DNS_$count" "$i"
+                ((count=count+1))
+                ((valid_entries=valid_entries+1))
+                continue
+              fi
+              # shellcheck disable=SC2086
+              if [ -n "$(dig +short ${i//#*/})" ]; then
+                # If the "address" is a domain (for example a docker link) then try to resolve it and add
+                # the result as a DNS server in setupVars.conf.
+                resolved_ip="$(dig +short ${i//#*/} | head -n 1)"
+                if [ -n "${i//*#/}" ] && [ "${i//*#/}" != "${i//#*/}" ]; then
+                    resolved_ip="${resolved_ip}#${i//*#/}"
+                fi
+                echo "Resolved ${i} from PIHOLE_DNS_ as: ${resolved_ip}"
+                if valid_ip "$resolved_ip" || valid_ip6 "$resolved_ip" ; then
+                    change_setting "PIHOLE_DNS_$count" "$resolved_ip"
+                    ((count=count+1))
+                    ((valid_entries=valid_entries+1))
+                    continue
+                fi
+              fi
+              # If the above tests fail then this is an invalid DNS server
+              echo "  [!] Invalid entry detected in PIHOLE_DNS_: ${i}"
+            fi
+        done
+
+        if [ $valid_entries -eq 0 ]; then
+            echo "  [!] No Valid entries detected in PIHOLE_DNS_. Aborting"
+            exit 1
+        fi
+    else
+        # Environment variable has not been set, but there may be existing values in an existing setupVars.conf
+        # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4
+        # Pi-hole can run with only one upstream configured, so we will just check for one.
+        setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)"
+
+        if [ -z "${setupVarsDNS}" ]; then
+            echo "  [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4"
+            change_setting "PIHOLE_DNS_1" "8.8.8.8"
+            change_setting "PIHOLE_DNS_2" "8.8.4.4"
+        else
+            echo "  [i] Existing DNS servers detected in setupVars.conf. Leaving them alone"
+        fi
+    fi
+}
+
+setup_FTL_ProcessDNSSettings(){
+    # Commit settings to 01-pihole.conf
+
+    # shellcheck source=/dev/null
+    . /opt/pihole/webpage.sh
+    ProcessDNSSettings
+}
+
+setup_lighttpd_bind() {
+    local serverip="${FTLCONF_LOCAL_IPV4}"
+    # if using '--net=host' only bind lighttpd on $FTLCONF_LOCAL_IPV4 and localhost
+    if grep -q "docker" /proc/net/dev && [[ $serverip != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
+        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
+            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
+        fi
+    fi
+}
+
+setup_web_php_env() {
+    if [ -z "$VIRTUAL_HOST" ] ; then
+      VIRTUAL_HOST="$FTLCONF_LOCAL_IPV4"
+    fi;
+
+    for config_var in "VIRTUAL_HOST" "CORS_HOSTS" "PHP_ERROR_LOG" "PIHOLE_DOCKER_TAG" "TZ"; do
+      local beginning_of_line="\t\t\t\"${config_var}\" => "
+      if grep -qP "$beginning_of_line" "$PHP_ENV_CONFIG" ; then
+        # replace line if already present
+        sed -i "/${beginning_of_line}/c\\${beginning_of_line}\"${!config_var}\"," "$PHP_ENV_CONFIG"
+      else
+        # add line otherwise
+        sed -i "/bin-environment/ a\\${beginning_of_line}\"${!config_var}\"," "$PHP_ENV_CONFIG"
+      fi
+    done
+
+    echo "  [i] Added ENV to php:"
+    grep -E '(VIRTUAL_HOST|CORS_HOSTS|PHP_ERROR_LOG|PIHOLE_DOCKER_TAG|TZ)' "$PHP_ENV_CONFIG"
+}
+
+setup_web_port() {
+    local warning="  [!] WARNING: Custom WEB_PORT not used"
+    # Quietly exit early for empty or default
+    if [[ -z "${WEB_PORT}" || "${WEB_PORT}" == '80' ]] ; then return ; fi
+
+    if ! echo "$WEB_PORT" | grep -q '^[0-9][0-9]*$' ; then
+        echo "$warning - $WEB_PORT is not an integer"
+        return
+    fi
+
+    local -i web_port="$WEB_PORT"
+    if (( web_port < 1 || web_port > 65535 )); then
+        echo "$warning - $web_port is not within valid port range of 1-65535"
+        return
+    fi
+    echo "  [i] Custom WEB_PORT set to $web_port"
+    echo "  [i] Without proper router DNAT forwarding to $FTLCONF_LOCAL_IPV4:$web_port, you may not get any blocked websites on ads"
+
+    # Update lighttpd's port
+    sed -i '/server.port\s*=\s*80\s*$/ s/80/'"${WEB_PORT}"'/g' /etc/lighttpd/lighttpd.conf
+
+}
+
+setup_web_theme(){
+    # Parse the WEBTHEME variable, if it exists, and set the selected theme if it is one of the supported values.
+    # If an invalid theme name was supplied, setup WEBTHEME to use the default-light theme.
+    if [ -n "${WEBTHEME}" ]; then
+        case "${WEBTHEME}" in
+        "default-dark" | "default-darker" | "default-light" | "default-auto" | "lcars")
+            echo "  [i] Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}"
+            change_setting "WEBTHEME" "${WEBTHEME}"
+            ;;
+        *)
+            echo "  [!] Invalid theme name supplied: ${WEBTHEME}, falling back to default-light."
+            change_setting "WEBTHEME" "default-light"
+            ;;
+        esac
+    fi
+}
+
+load_web_password_secret() {
+   # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
+   # allowing secrets to be passed via docker secrets
+   if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
+     WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
+   fi;
+}
+
+setup_web_password() {
+    if [ -z "${WEBPASSWORD+x}" ] ; then
+        # ENV WEBPASSWORD_OVERRIDE is not set
+
+        # Exit if setupvars already has a password
+        setup_var_exists "WEBPASSWORD" && return
+        # Generate new random password
+        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
+        echo "  [i] Assigning random password: $WEBPASSWORD"
+    else
+        # ENV WEBPASSWORD_OVERRIDE is set and will be used
+        echo "  [i] Assigning password defined by Environment Variable"
+        # WEBPASSWORD="$WEBPASSWORD"
+    fi
+
+    # Explicitly turn off bash printing when working with secrets
+    { set +x; } 2>/dev/null
+
+    if [[ "$WEBPASSWORD" == "" ]] ; then
+        echo "" | pihole -a -p
+    else
+        pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
+    fi
+
+    # To avoid printing this if conditional in bash debug, turn off  debug above..
+    # then re-enable debug if necessary (more code but cleaner printed output)
+    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+        set -x
+    fi
+}
+
+setup_ipv4_ipv6() {
+    local ip_versions="IPv4 and IPv6"
+    if [ "${IPv6,,}" != "true" ] ; then
+        ip_versions="IPv4"
+        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
+    fi;
+    echo "  [i] Using $ip_versions"
+}
+
+test_configs() {
+    set -e
+    echo -n '  [i] Testing lighttpd config: '
+    lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
+    set +e
+    echo "  [i] All config checks passed, cleared for startup ..."
+}
+
+setup_blocklists() {
+    # Exit/return early without setting up adlists with defaults for any of the following conditions:
+    # 1. skip_setup_blocklists env is set
+    exit_string="(exiting ${FUNCNAME[0]} early)"
+
+    if [ -n "${skip_setup_blocklists}" ]; then
+        echo "  [i] skip_setup_blocklists requested $exit_string"
+        return
+    fi
+
+    # 2. The adlist file exists already (restarted container or volume mounted list)
+    if [ -f "${adlistFile}" ]; then
+        echo "  [i] Preexisting ad list ${adlistFile} detected $exit_string"
+        return
+    fi
+
+    echo "  [i] ${FUNCNAME[0]} now setting default blocklists up: "
+    echo "  [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
+    installDefaultBlocklists
+
+    echo "  [i] Blocklists (${adlistFile}) now set to:"
+    cat "${adlistFile}"
+}
+
+setup_var_exists() {
+    local KEY="$1"
+    if [ -n "$2" ]; then
+        local REQUIRED_VALUE="[^\n]+"
+    fi
+    if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
+        echo "  [i] Pre existing ${KEY} found"
+        true
+    else
+        false
+    fi
+}
+
+setup_web_temp_unit() {
+  local UNIT="${TEMPERATUREUNIT}"
+  # check if var is empty
+  if [[ "$UNIT" != "" ]] ; then
+      # check if we have valid units
+      if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then
+          pihole -a -"${UNIT}"
+      fi
+  fi
+}
+
+setup_web_layout() {
+  local LO="${WEBUIBOXEDLAYOUT}"
+  # check if var is empty
+  if [[ "$LO" != "" ]] ; then
+      # check if we have valid types boxed | traditional
+      if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then
+          change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT"
+      fi
+  fi
+}
+
+setup_admin_email() {
+  local EMAIL="${ADMIN_EMAIL}"
+  # check if var is empty
+  if [[ "$EMAIL" != "" ]] ; then
+      pihole -a -e "$EMAIL"
+  fi
+}
--- a/src/s6/debian-root/usr/local/bin/install.sh
+++ b/src/s6/debian-root/usr/local/bin/install.sh
@@ -0,0 +1,95 @@
+#!/bin/bash -ex
+# shellcheck disable=SC2034
+
+mkdir -p /etc/pihole/
+mkdir -p /var/run/pihole
+
+CORE_LOCAL_REPO=/etc/.pihole
+WEB_LOCAL_REPO=/var/www/html/admin
+
+setupVars=/etc/pihole/setupVars.conf
+
+detect_arch() {
+  DETECTED_ARCH=$(dpkg --print-architecture)
+  S6_ARCH=$DETECTED_ARCH
+  case $DETECTED_ARCH in
+  amd64)
+    S6_ARCH="x86_64";;
+  armel)
+    S6_ARCH="arm";;
+  armhf)
+    S6_ARCH="armhf";;
+  arm64)
+    S6_ARCH="aarch64";;
+  i386)
+    S6_ARCH="i686";;
+esac
+}
+
+
+# Helps to have some additional tools in the dev image when debugging
+if [[ "${PIHOLE_DOCKER_TAG}" = 'nightly' ||  "${PIHOLE_DOCKER_TAG}" = 'dev' ]]; then
+  apt-get update
+  apt-get install --no-install-recommends -y nano less
+  rm -rf /var/lib/apt/lists/*
+fi
+
+detect_arch
+
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" | tar Jxpf - -C /
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" | tar Jxpf - -C /
+
+# IMPORTANT: #########################################################################
+# Move /init somewhere else to prevent issues with podman/RHEL                       #
+# See: https://github.com/pi-hole/docker-pi-hole/issues/1176#issuecomment-1227587045 #
+mv /init /s6-init                                                                    #
+######################################################################################
+
+# Preseed variables to assist with using --unattended install
+{
+  echo "PIHOLE_INTERFACE=eth0"
+  echo "IPV4_ADDRESS=0.0.0.0"
+  echo "IPV6_ADDRESS=0:0:0:0:0:0"
+  echo "PIHOLE_DNS_1=8.8.8.8"
+  echo "QUERY_LOGGING=true"
+  echo "INSTALL_WEB_SERVER=true"
+  echo "INSTALL_WEB_INTERFACE=true"
+  echo "LIGHTTPD_ENABLED=true"
+}>> "${setupVars}"
+source $setupVars
+
+export USER=pihole
+
+export PIHOLE_SKIP_OS_CHECK=true
+
+# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated
+curl -sSL https://install.pi-hole.net | bash -sex -- --unattended
+
+# At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions
+if [[ "${PIHOLE_DOCKER_TAG}" = 'nightly'  ]]; then
+  yes | pihole checkout dev
+fi
+
+sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
+
+# sed a new function into the `pihole` script just above the `helpFunc()` function for later use.
+sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
+
+# Replace a few of the `pihole` options with calls to `unsupportedFunc`:
+# pihole -up / pihole updatePihole
+sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+# pihole uninstall
+sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+# pihole -r / pihole reconfigure
+sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+
+# Move macvendor.db to root dir and symlink it back into /etc/pihole. See https://github.com/pi-hole/docker-pi-hole/issues/1137
+# If user goes on to bind monunt this directory to their host, then we can easily ensure macvendor.db is the latest
+# (it is otherwise only updated when FTL is updated, which doesn't happen as part of the normal course of running this image)
+mv /etc/pihole/macvendor.db /macvendor.db
+ln -s /macvendor.db /etc/pihole/macvendor.db
+
+if [ ! -f /.piholeFirstBoot ]; then
+  touch /.piholeFirstBoot
+fi
+echo 'Docker install successful'
--- a/src/s6/service
+++ b/src/s6/service
@@ -0,0 +1,53 @@
+#!/bin/bash
+# This script patches all service commands into the appropriate s6- commands
+# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
+
+start() {
+  restart
+}
+
+stop() {
+  /command/s6-svc -wD -d -T2500 /run/service/"$service"
+}
+
+restart() {
+  local pid
+
+  # Get the PID(s) of the service we are asking to restart
+  mapfile -t pids < <(pgrep "$service")
+
+  # Only attempt to stop the service if it is already running
+  if [ "${#pids[@]}" -gt 0 ]; then
+    stop
+
+    for pid in "${pids[@]}"; do
+      # Loop until we are certain that the process has been stopped
+      while test -d /proc/"$pid"; do
+        sleep 0.2
+      done
+    done
+  fi
+
+  # Check it hasn't been started by something else in the meantime
+  pid=$(pgrep "$service")
+
+  # Only attempt to start the service if it is not already running
+  if [ -z "$pid" ]; then
+    /command/s6-svc -wu -u -T2500 /run/service/"$service"
+  fi
+
+}
+
+status() {
+  /command/s6-svstat /run/service/"$service"
+}
+
+service="$1"
+command="$2"
+
+if [[ ! -d "/run/service/$service" ]] ; then
+  echo "s6 service not found for $service, exiting..."
+  exit
+fi;
+
+${command} "${service}"
--- a/start.sh
+++ b/start.sh
@@ -1,69 +0,0 @@
-#!/bin/bash -e
-# Dockerfile variables
-export TAG
-export ServerIP
-export ServerIPv6
-export PYTEST
-export PHP_ENV_CONFIG
-export PHP_ERROR_LOG 
-export HOSTNAME
-export WEBLOGDIR
-export DNS1
-export DNS2
-export DNSSEC
-export DNS_BOGUS_PRIV
-export DNS_FQDN_REQUIRED
-export INTERFACE
-export DNSMASQ_LISTENING_BEHAVIOUR="$DNSMASQ_LISTENING"
-export IPv6
-export WEB_PORT
-export CONDITIONAL_FORWARDING
-export CONDITIONAL_FORWARDING_IP
-export CONDITIONAL_FORWARDING_DOMAIN
-export CONDITIONAL_FORWARDING_REVERSE
-
-export adlistFile='/etc/pihole/adlists.list'
-
-# The below functions are all contained in bash_functions.sh
-. /bash_functions.sh
-
-# PH_TEST prevents the install from actually running (someone should rename that)
-PH_TEST=true . $PIHOLE_INSTALL
-
-echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
-
-docker_checks
-
-# TODO:
-#if [ ! -f /.piholeFirstBoot ] ; then
-#    echo " ::: Not first container startup so not running docker's setup, re-create container to run setup again"
-#else
-#    regular_setup_functions
-#fi
-
-fix_capabilities
-generate_password
-validate_env || exit 1
-prepare_configs
-change_setting "IPV4_ADDRESS" "$ServerIP"
-change_setting "IPV6_ADDRESS" "$ServerIPv6"
-change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
-change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
-change_setting "DNSSEC" "$DNSSEC"
-change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
-change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
-change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
-change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
-setup_web_port "$WEB_PORT"
-setup_web_password "$WEBPASSWORD"
-setup_dnsmasq "$DNS1" "$DNS2" "$INTERFACE" "$DNSMASQ_LISTENING_BEHAVIOUR"
-setup_php_env
-setup_dnsmasq_hostnames "$ServerIP" "$ServerIPv6" "$HOSTNAME"
-setup_ipv4_ipv6
-setup_lighttpd_bind "$ServerIP"
-setup_blocklists
-test_configs
-
-[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
-
-echo " ::: Docker start setup complete"
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`/etc/resolv.conf false doesntexist,0:1000 0664 0664`