Skip to content

Instantly share code, notes, and snippets.

@diyfr

diyfr/readme.md

Created September 29, 2023 14:39
Show Gist options
  • Save diyfr/e115a82027fe45a9abf0ff4d578b111f to your computer and use it in GitHub Desktop.
Save diyfr/e115a82027fe45a9abf0ff4d578b111f to your computer and use it in GitHub Desktop.
Download ZIP
AdGuard Home + Traefik
Raw
readme.md

edit traefik.yml

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  dot: # <- ADD THIS
    address: ":853"  # <- ADD THIS

dot entrypoint it's only for adguarhome. Check traefik dashboard

Add port to traefik container (compose file)

    ports:
      - "80:80"
      - "443:443"
      - "853:853"

adguard home compose file

services:
  # see @url:https://ae3.ch/adguard-home-docker-with-dns-over-https-and-traefik/
  adguard:
    image: adguard/adguardhome:latest
    container_name: adguard
    restart: unless-stopped
    environment:
      - TZ=Europe/Paris
    expose:
      - "80"
      - "53"
      - "853"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    networks:
      - traefik
    volumes:
      - /home/docker/vol/adguard/work:/opt/adguardhome/work
      - /home/docker/config/adguard/conf:/opt/adguardhome/conf
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.adguard.entrypoints=web"
      - "traefik.http.routers.adguard.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.http.routers.adguard.middlewares=https-redirect@file"
      - "traefik.http.routers.adguard-secure.entrypoints=websecure"
      - "traefik.http.routers.adguard-secure.rule=Host(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.http.routers.adguard-secure.tls=true"
      - "traefik.http.routers.adguard-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.adguard-secure.service=adguard-secure"
      - "traefik.http.services.adguard-secure.loadbalancer.server.port=80" # 3000 Change to 80 after first reboot and settings admin account
      - "traefik.docker.network=traefik"

      - "traefik.tcp.routers.adguard-tls.rule=HostSNI(`dns.domain.tld`)" # change with your own domain/sub domain
      - "traefik.tcp.routers.adguard-tls.tls=true"
      - "traefik.tcp.routers.adguard-tls.entrypoints=dot"
      - "traefik.tcp.routers.adguard-tls.tls.certresolver=letsencrypt"
      - "traefik.tcp.routers.adguard-tls.service=adguard-tls"
      - "traefik.tcp.services.adguard-tls.loadbalancer.server.port=53"

After first boot, edit /home/docker/config/adguard/conf/AdGuardHome.yml
In tls section :

tls:
  enabled: true # <- Enable this
  server_name: dns.domain.tld # <- Update this
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: true #<- Set true 
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false

Restart adguard container

Dns works : Standard port : 53 tls: 853 dns over https : 443

@ruby232
Copy link

ruby232 commented Dec 24, 2024

Thanks, worked very well for my.

@ruby232
Copy link

ruby232 commented Dec 24, 2024

The same domain for tls and web does not work, I had to assign me another domain for web.
dns.domain.con for tls
adguard.domain.com for web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment