How to Install & Configure Pihole on Ubuntu 20.04

1. Installation
– Run these commands:

# sudo apt-get install gamin -y
sudo curl -sSL https://install.pi-hole.net | bash

– Possible problem: lighttpd service not running (when gamin has not been preinstalled)
– Fix: run these commands

sudo pihole uninstall
rambo@pihole:~$ sudo pihole uninstall
[?] Are you sure you would like to remove Pi-hole? [y/N] y
[✓] Root user check
[✓] Update local cache of available packages
[i] Existing PHP installation detected : PHP version 7.4.3
[i] Be sure to confirm if any dependencies should not be removed
[i] The following dependencies may have been added by the Pi-hole install:
dhcpcd5 git iproute2 whiptail dnsutils cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2 lighttpd php7.4-common php7.4-cgi php7.4-sqlite3 php7.4-xml php7.4-json php7.4-intl
[?] Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] n
[✓] Removed Web Interface
[✓] Removed /etc/cron.d/pihole
[✓] Removed lighttpd configs
[✓] Removed config files
[i] Removing pihole-FTL...Failed to stop pihole-FTL.service: Unit pihole-FTL.service not loaded.
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt purge lighttpd -y
#sudo pihole -r
#useradd -G pihole pihole
sudo apt-get install gamin -y
curl -sSL install.pi-hole.net | sudo bash
2. Follow the wizard to complete the installation

Hint: simply by pressing enter or <ok >repeatedly until reaching this screen

3. Configure firewall
# Adding firewall rules per pihole prerequites https://docs.pi-hole.net/main/prerequisites/
#sudo iptables -I INPUT -p tcp --dport 53 -j ACCEPT
#sudo iptables -I INPUT -p udp --dport 53 -j ACCEPT
#sudo iptables -I INPUT -p udp --dport 67 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4711 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4712 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4713 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4714 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4715 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4716 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4717 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4718 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4719 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 4720 -j ACCEPT
sudo ip6tables -I INPUT -p udp --dport 547 -j ACCEPT

# DHCP Server:
sudo iptables -I INPUT -p tcp --dport 67 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 67 -j ACCEPT

# DHCP client/relay
sudo iptables -I INPUT -p tcp --dport 68 -j ACCEPT
sudo iptables -I INPUT -p udp --dport 68 -j ACCEPT

# DHCP Failover partners
sudo iptables -I INPUT -p tcp --dport 647 -j ACCEPT

# DNS
sudo iptables -I INPUT -p tcp --dport 53 -j ACCEPT

# Grant Pihole TCP:53 access to localhost
sudo iptables -A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 53 -j ACCEPT

# Allowing a traffic from a certain subnet
iptables -A INPUT -s 10.10.10.0/22 -j ACCEPT
# iptables -D INPUT -s 10.10.10.0/22 -j ACCEPT # Reverse previous command

# Save firewall rules
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
sudo sh -c "ip6tables-save > /etc/iptables/rules.v6"
# Fixing startup conflicts between iptables & netfilter-persistent
# sudo systemctl edit netfilter-persistent.service
vim /etc/systemd/system/netfilter-persistent.service.d/iptables.conf
### Verify this content ###
[Unit]
Conflicts=iptables.service ip6tables.service

### Modify content and save file ###
[Unit]
After=iptables.service ip6tables.service ufw.service
4. Check service status
rambo@pihole:~$ service lighttpd status
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-12-04 22:43:12 PST; 10min ago
Main PID: 32359 (lighttpd)
Tasks: 6 (limit: 4615)
Memory: 10.0M
CGroup: /system.slice/lighttpd.service
├─32359 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
├─32393 /usr/bin/php-cgi
├─32396 /usr/bin/php-cgi
├─32397 /usr/bin/php-cgi
├─32398 /usr/bin/php-cgi
└─32399 /usr/bin/php-cgi

Dec 04 22:43:12 pihole systemd[1]: Starting Lighttpd Daemon...
Dec 04 22:43:12 pihole systemd[1]: Started Lighttpd Daemon.
rambo@pihole:~$ service pihole* status
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated)
Active: active (exited) since Fri 2020-12-04 22:43:14 PST; 18min ago
Docs: man:systemd-sysv-generator(8)
Process: 32518 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Dec 04 22:43:14 pihole systemd[1]: Starting LSB: pihole-FTL daemon...
Dec 04 22:43:14 pihole pihole-FTL[32518]: Not running
Dec 04 22:43:14 pihole su[32536]: (to pihole) root on none
Dec 04 22:43:14 pihole su[32536]: pam_unix(su:session): session opened for user pihole by (uid=0)
Dec 04 22:43:14 pihole su[32536]: pam_unix(su:session): session closed for user pihole
Dec 04 22:43:14 pihole systemd[1]: Started LSB: pihole-FTL daemon.
5. Configuration
  • Pihole Control Panel:
    http://piholeServerIp/admin
  • Ad Lists:
    https://firebog.net
    https://hosts.oisd.nl
    https://github.com/mmotti/pihole-regex/blob/master/regex.list
  • Test
    dig @<piholeServerIp> blockedsite.com
  • Flush dns
    sudo systemd-resolve --flush-caches # Ubuntu
    service nscd restart # Redhat
    ipconfig /flushdns # Windows
  • Blacklist – regex blocks
    Youtube ads: .*sn-\S{4,}-\S{4,}\.googlevideo\.com
    Youtube.com: (\.|^)(youtu\.?be.*|googlevideo\.com)$
  • Change admin password
    sudo pihole -a -p
6. Troubleshooting
  • Issue: ‘DNS Service Not Running’
    Resolution 1: pihole checkout master
    Resolution 2: re-install pihole
      – Backup: pihole -a teleporter
      – Move backup file: copy the tar.gz file from current directory $(pwd)/*.tar.gz to desktop where Internet browser is available for the restoring step
      – Uninstall: pihole uninstall
      – Reinstall: sudo apt install pihole
      – Restore settings: Login into Pi-hole > Settings > Teleporter > Under Restore, click Choose File > pick the backup file in tar.gz format > open > click Restore > OK
    Resolution 3: 
     – Run debug: pihole -d
     – Grant Pihole TCP:53 access to localhost: sudo iptables -A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 53 -j ACCEPT
    Resolution 4: Set the watchservice script to ensure that pihole is running at all times
  • Issue: unable to reach server via port 80
    Resolution: sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
  • Issue: Pihole service crashes at random times
    Resolution: create a service watcher script
7. How to create a Backup via command line:
cd ~/Desktop
pihole -a teleporter
ls ~/Desktop

2 thoughts on “How to Install & Configure Pihole on Ubuntu 20.04”

Leave a Reply

Your email address will not be published. Required fields are marked *