在 Debian 12/11/10 上安装 Pi-hole 网络广告拦截器

Pi-hole 是一种广泛使用的 DNS 污水坑，旨在保护您的网络设备免受不需要的内容的影响，而无需客户端应用程序。 Pi-hole 配有漂亮的响应式 Web 界面仪表板，您可以在其中查看和控制您的 Pi-hole。该软件应用程序可以阻止 IPv4 和 IPv6 上的广告，并让您成为控制网络隐私的唯一人。

在这篇短文中，我们将介绍在 Debian Linux 计算机上安装和运行 Pi-hole Ads Blocker 所需的步骤。我的机器是 Debian 12 服务器安装，如以下输出所示。

jkmutai@pi02:~$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/";
SUPPORT_URL="https://www.debian.org/support";
BUG_REPORT_URL="https://bugs.debian.org/";

更新系统上的包索引。

sudo apt update

安装 git 命令行工具

sudo apt install git vim bash-completion

在 Debian 上安装 Pi-hole 广告拦截器

从 Github 克隆 Pi-hole 项目存储库。

$ git clone https://github.com/pi-hole/pi-hole.git
Cloning into 'pi-hole'...
remote: Enumerating objects: 23064, done.
remote: Counting objects: 100% (23064/23064), done.
remote: Compressing objects: 100% (8365/8365), done.
remote: Total 23064 (delta 14897), reused 22635 (delta 14587), pack-reused 0
Receiving objects: 100% (23064/23064), 7.48 MiB | 365.00 KiB/s, done.
Resolving deltas: 100% (14897/14897), done.

切换到pi-hole目录。

cd "pi-hole/automated install/"

使用这个强大的软件解决方案的开发人员创建的脚本开始安装 Pi-hole。

sudo bash basic-install.sh

您的安装输出应类似于下面所示的输出。

 [✓] Root user check

        .;;,.
        .ccccc:,.
         :cccclll:.      ..,,
          :ccccclll.   ;ooodc
           'ccll:;ll .oooodc
             .;cll.;;looo:.
                 .. ','.
                .',,,,,,'.
              .',,,,,,,,,,.
            .',,,,,,,,,,,,....
          ....''',,,,,,,'.......
        .........  ....  .........
        ..........      ..........
        ..........      ..........
        .........  ....  .........
          ........,,,,,,,'......
            ....',,,,,,,,,,,,.
               .',,,,,,,,,'.
                .',,,,,,'.
                  ..'''.

  [i] SELinux not detected
  [✓] Update local cache of available packages

  [✓] Checking apt-get for upgraded packages... up to date!

  [i] Checking for / installing Required dependencies for OS Check...
  [✓] Checking for grep
  [i] Checking for dnsutils (will be installed)
  [i] Waiting for package manager to finish (up to 30 seconds)
  [i] Processing apt-get install(s) for: dnsutils, please wait...
----------------------------------------------------------------------
Selecting previously unselected package dnsutils.
(Reading database ... 36659 files and directories currently installed.)
Preparing to unpack .../dnsutils_1%3a9.18.19-1~deb12u1_all.deb ...
Unpacking dnsutils (1:9.18.19-1~deb12u1) ...
Setting up dnsutils (1:9.18.19-1~deb12u1) ...
----------------------------------------------------------------------
  [✓] Supported OS detected
  [i] Checking for / installing Required dependencies for this install script...
  [✓] Checking for git
  [✓] Checking for iproute2
  [i] Checking for dialog (will be installed)
  [✓] Checking for ca-certificates
  [i] Waiting for package manager to finish (up to 30 seconds)
  [i] Processing apt-get install(s) for: dialog, please wait...
----------------------------------------------------------------------
Selecting previously unselected package dialog.
(Reading database ... 36663 files and directories currently installed.)
Preparing to unpack .../dialog_1.3-20230209-1_amd64.deb ...
Unpacking dialog (1.3-20230209-1) ...
Setting up dialog (1.3-20230209-1) ...
Processing triggers for man-db (2.11.2-2) ...
----------------------------------------------------------------------

接下来您将获得对话框菜单。在第一个中，您会被警告该设备将转变为网络范围的广告拦截器。

按 继续 Pi-hole 安装。

您的服务器应该有一个静态 IP 地址才能正常运行。

上游 DNS 提供商有多个选项。您还可以将路由器设置为 DNS 服务器并将来自 Pi-hole 的请求转发到它以进行更多本地控制。

对于我的情况，上游 DNS 服务器是我的路由器，用于完全流量控制。这是由OPNsense 提供支持的。

确认 DNS 上游服务器条目并接受安装。

Pi-hole 使用第三方 DNS 映射列表来阻止广告。希望在安装中包含默认阻止列表。这是 StevenBlack 在 Github 上提供的列表。

同意安装管理 Web 界面，除非您想对命令行界面执行 Pi-hole 管理。

接受安装lighttpd Web 服务器以提供Pi-hole 使用的PHP 文件。这提供了 Pi-hole Web 控制台的完整功能。

启用有助于解决 DNS 问题的查询日志记录。

选择 FTL 的操作隐私模式。

Pi-hole 的安装和配置将在提供定制选项后不久开始。

----------------------------------------------------------------------
  [i] IPv4 address: 192.168.1.253/24
  [i] Unable to find IPv6 ULA/GUA address
  [i] IPv6 address:
  [i] Using upstream DNS: Custom (192.168.1.1, 192.168.1.1)
  [i] Installing StevenBlack's Unified Hosts List
  [i] Installing Admin Web Interface
  [i] Installing lighttpd
  [i] Query Logging on.
  [i] Using privacy level: 0
  [✗] Check for existing repository in /etc/.pihole
  [i] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole...HEAD is now at 19bfa08 Pi-hole core v5.17.3 (#5520)
  [✓] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole

  [✗] Check for existing repository in /var/www/html/admin
  [i] Clone https://github.com/pi-hole/web.git into /var/www/html/admin...HEAD is now at be05b0f v5.21 (#2860)
  [✓] Clone https://github.com/pi-hole/web.git into /var/www/html/admin

  [i] Checking for / installing Required dependencies for Pi-hole software...
  [✓] Checking for cron
  [i] Checking for curl (will be installed)
  [✓] Checking for iputils-ping
  [i] Checking for psmisc (will be installed)
  [✓] Checking for sudo
  [i] Checking for unzip (will be installed)
  [i] Checking for idn2 (will be installed)
  [✓] Checking for libcap2-bin
  [i] Checking for dns-root-data (will be installed)
  [✓] Checking for libcap2
  [i] Checking for netcat-openbsd (will be installed)
  [✓] Checking for procps
  [i] Checking for jq (will be installed)
  [i] Checking for lighttpd (will be installed)
  [i] Checking for php-common (will be installed)
  [i] Checking for php-cgi (will be installed)
  [i] Checking for php-sqlite3 (will be installed)
  [i] Checking for php-xml (will be installed)
  [i] Checking for php-intl (will be installed)
  [i] Checking for php-json (will be installed)
  [i] Waiting for package manager to finish (up to 30 seconds)
  [i] Processing apt-get install(s) for: curl psmisc unzip idn2 dns-root-data netcat-openbsd jq lighttpd php-common php-cgi php-sqlite3 php-xml php-intl php-json, please wait...
----------------------------------------------------------------------
Selecting previously unselected package lighttpd.
...

等待几秒钟，Pi-hole 安装完成。

----------------------------------------------------------------------
  [✓] Enabling lighttpd service to start on reboot...
  [✗] Checking for group 'pihole'
  [✓] Creating group 'pihole'
  [✓] Creating user 'pihole'

  [i] FTL Checks...

  [✓] Detected x86_64 processor
  [i] Checking for existing FTL binary...
  [✓] Downloading and Installing FTL
  [✓] Installing scripts from /etc/.pihole

  [i] Installing configs from /etc/.pihole...
  [✓] No dnsmasq.conf found... restoring default dnsmasq.conf...
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf

  [✓] Installing sudoer file

  [✓] Installing latest Cron script

  [✓] Installing latest logrotate script
  [i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
  [✓] man pages installed and database updated
  [i] Testing if systemd-resolved is enabled
  [i] Systemd-resolved is not enabled
  [✓] Restarting lighttpd service...
  [✓] Enabling lighttpd service to start on reboot...
  [i] Restarting services...
  [✓] Enabling pihole-FTL service to start on reboot...
  [✓] Restarting pihole-FTL service...
  [i] Creating new gravity database
  [i] Migrating content of /etc/pihole/adlists.list into new database
  [✓] Deleting existing list cache
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [✓] Creating new gravity databases
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
  [✓] Parsed 154885 exact domains and 0 ABP-style domains (ignored 1 non-domain entries)
      Sample of non-domain entries:
        - "0.0.0.0"


  [✓] Building tree
  [✓] Swapping databases
  [✓] The old database remains available
  [i] Number of gravity domains: 154885 (154885 unique domains)
  [i] Number of exact blacklisted domains: 0
  [i] Number of regex blacklist filters: 0
  [i] Number of exact whitelisted domains: 0
  [i] Number of regex whitelist filters: 0
  [✓] Flushing DNS cache
  [✓] Cleaning up stray matter
  [✓] Restarting DNS server

  [✗] DNS service is NOT running
  [i] Web Interface password: fTOK9xlr
  [i] This can be changed using 'pihole -a -p'

  [i] View the web interface at http://pi.hole/admin or http://192.168.1.253/admin

  [i] You may now configure your devices to use the Pi-hole as their DNS server
  [i] Pi-hole DNS (IPv4): 192.168.1.253
  [i] If you have not done so already, the above IP should be set to static.

  [i] The install log is located at: /etc/pihole/install.log
  [✓] Installation complete!

访问 Pi-hole Web 仪表板

您可以访问 Pi-hole Web 界面，查看 Web 界面：http://Your_Server_IP/admin。

但首先要重置管理员用户密码。

$ sudo pihole -a -p
Enter New Password (Blank for no password):
Confirm Password:
  [✓] New password set

使用设置的密码访问Pi-hole web仪表板。

将广告列表添加到 pi-hole

Pi-hole 使用广告列表 – 基本上是要阻止的域 URL 列表。 Pi-hole 会将这个域列表提取到其所谓的重力数据库中。

以下是我的 Github 存储库中的列表示例。

https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/abuse.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/crypto.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/drugs.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/porn.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/malware.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/ransomware.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/redirect.txt
https://raw.githubusercontent.com/jmutai/pihole-blocklist/main/scam.txt

要导入新列表（例如从 Github URL 导入），请转到管理仪表板>广告列表。在“广告列表组管理”>“添加新的广告列表”下，输入广告列表地址并为其指定一个描述。

粘贴地址并发表评论，然后点击“添加”

在工具>“更新重力”>“更新”下完成后更新重力数据库

您应该看到 Pi-hole 下载列表并更新其数据库。

还可以将域或域通配符添加到白名单或黑名单。进入域名，输入域名并选择黑名单或白名单选项。

增加最大并发 DNS 查询

如果您收到错误“已达到并发 DNS 查询的最大数量（最大值：150）”，请创建自定义配置文件。

sudo tee /etc/dnsmasq.d/02-custom-settings.conf<<EOF
dns-forward-max=3000
min-cache-ttl=300
rebind-domain-ok=
EOF

默认值为 150，但我们将其调整为 3000。更改后重新启动 Pi-hole。

sudo systemctl restart pihole-FTL.service

现在应该调整最大并发 DNS 查询数。

在客户端设备中使用 Pi-hole 作为 DNS

现在将您的终端设备配置为使用 Pi-hole 作为默认 DNS 服务器。如果您使用 DHCP 服务器，请更新其配置以分配 Pi-hole IP 地址作为 DHCP 服务器。请参阅服务器 > DHCP 服务器部分下的 OPNsense 配置。

使用 Pi-hole 作为 DNS 或 DHCP 服务器

您可以使用 Pi-hole 在本地 DNS > DNS 记录下将域映射到 IP 地址。

如果您想自定义，Pi-hole 使用 Dnsmasq 作为 DNS 服务器。

可以在设置DHCP下启用DHCP服务器。它支持静态 DHCP 租约配置。