If you don’t mind DM’ing me or dropping it in a comment here it would be greatly appreciated! The docker engine isn’t something entirely new to me so i’m a bit skeptical into thinking that i missed something but always happy to compare with others, actually Docker is what pushed me to switch fully to Linux on my personal computers.
Snippet from my docker-compose.yml:
pihole:
container_name: pihole
hostname: pihole
image: pihole/pihole:latest
networks:
main:
ipv4_address: 172.18.0.25
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "127.0.0.1:67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "127.0.0.1:85:80/tcp"
- "127.0.0.1:7643:443"
environment:
TZ: 'America/Vancouver'
FTLCONF_webserver_api_password: 'insert-password-here'
FTLCONF_dns_listeningMode: 'all'
# Volumes store your data between container upgrades
volumes:
- './config/pihole/etc-pihole:/etc/pihole'
- './config/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
- '/etc/hosts:/etc/hosts:ro'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
- CAP_SYS_TIME
- CAP_SYS_NICE
- CAP_CHOWN
- CAP_NET_BIND_SERVICE
- CAP_NET_RAW
- CAP_NET_ADMIN
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.my.domain`)"
- "traefik.http.routers.pihole.entrypoints=https"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.routers.pihole.middlewares=fail2ban@file"
unbound:
image: alpinelinux/unbound
container_name: unbound
hostname: unbound
networks:
main:
ipv4_address: 172.18.0.26
ports:
- "127.0.0.1:5334:5335"
volumes:
- ./config/unbound/:/var/lib/unbound/
- ./config/unbound/unbound.conf:/etc/unbound/unbound.conf
- ./config/unbound/unbound.conf.d/:/etc/unbound/unbound.conf.d/
- ./config/unbound/log/unbound.log:/var/log/unbound/unbound.log
restart: unless-stopped
Edit: After re-reading the Unbound github and their documentation it seems i may have missed some volume mounts that are key to the function of Unbound, i’ll definitely have to dive deeper into it.
I got two PiHoles running on my network via Docker Compose, I tried setting up Unbound in Docker-Compose and that fell flat, from my understanding DNSSEC was preventing DNS resolution outright.
Also tried OpenSense + Unbound which led to the same thing.
Eventually got tired of having my network cutting in and out over minor changes so I just stuck with Quad9 for my upstream needs.
I may not know much about software development & programming itself however, I feel like I did my part here.
+1 for Linux folks.
Not nearly as user friendly for the non-networking types hence why I recommend one with a fancy GUI.
Edit: Also, I suspect Microsoft will do Microsoft things and hide/prevent their telemetry from being blocked, ultimately I don’t know the state of Windows right now as I’ve made the switched to Linux many years ago.
Ah I figured Portmaster was only for Linux, I dabbled around their software and found it quite good!
I think the reason I stopped using it in lieu of OpenSnitch was because 1) most features were locked behind a subscription and 2) already had PiHole running so the firewall wasn’t something I really needed.
Regardless thanks for letting me know it works for Windows, I’ll started recommending it over Glasswire!
Quick way of accomplishing the de-bloating of windows is by 1) managing your own DNS and blocking telemetry connections network wide (quite easy to do with PiHole + Docker Engine) or 2) installing Glasswire and blocking connections on the specific device however, I believe Glasswires Firewall is subscription based so this may be a turn-off for people.
Either work and are more efficient than digging around your Windows install and finding all the different variants of the same bloatware.
Late to the conversation but maybe consider https://invidious.io/ or https://docs.piped.video/ - also for an easy to use desktop client there is https://freetubeapp.io/ which utilizes invidious/piped API’s.
Personally I host an invidious instance on a separate machine and route that machine to a VPN my other devices do not use.
I don’t watch YouTube often but I’ve tried Yattee and had little issue with it. While it does use Invidious & Piped API’s I would argue it’s your best choice if your looking for privacy + native functionality.
Setting static IP’s is generally a good practice to take if you want to keep track of or monitor any device.