Server Build Part 3: Domain Level Ad-Blocking with Pi-Hole

Welcome back. So far, we have installed and setup XenServer on a rack mounted server. We’ve also installed a guest OS. Part 1 can be found here, and Part 2 can be found here. Today, we are going to install a domain level ad-blocker.

I’ve been working on this stupid part for months. Literally months. I’ve had absolute no luck until a few hours ago, so I wanted to write my steps down before I forget. This has been an absolute nightmare.

First things first, you’ll need some relaxing music. I recently got some music from Paul Schwartz, and I recommend it to everyone. Next, you’ll need some patience, and familiarity with CLI (command line interface). Lastly, you’ll need the Ubuntu Server 14.04 *.iso.

For those not familiar with the Pi-Hole, basically, it’s a magical script that is designed to run on the Raspberry Pi. The Pi is a microcomputer that is surprisingly powerful. People have used them for home automation, video game arcades, and a bunch of other things. Plus it’s only $35. The goal of the Pi-Hole is to funnel all of your internet traffic through the Pi, and it will decide if the traffic is an ad or not. If not, the internets get through, just like normal. If it is an ad, the packet is blocked. This increases how fast web pages load, and most importantly, blocks the Keanu damned fucking ads. Fuck ads. I hate them. I hate them so very much.

Where was I? Oh. Yeah. I don’t have a Pi. But, the Pi-Hole is built for Debian, and Ubuntu is based on Debian, so it should work, right? Well, eventually, it did. I tried Debian 8.4, and that didn’t work. Then I tried Ubuntu 16.04 and I got it to at least load the Admin page, but it wasn’t blocking any ads. Finally, I tried Ubuntu 14.04 and it worked. My best guess is that it didn’t work because 16.04 uses a newer version of PHP. In any case, let’s get to it.

Load up your XenCenter. Create a new VM, and use Ubuntu 14.04 as the Template. Select your ISO. This will be a light weight OS, so we don’t need much in the way of resources. That’s why I picked the Ubuntu Server. There’s no GUI to slow the system down. It’s all command line. It should work with a regular Ubuntu install, but why waste resources? I only used 2 vCPUs and 1024 mb of RAM. I did increase the Hard Drive to 15 gigs, for whenever I do update it to 16.04.

Go through the installation as normal. You need a static IP, as usual. In my case, I’m using 192.168.1.102. When given the option to install other packages, just install the OpenSSH server. Do not. NOT. install Apache2. That will bite you in the ass later.

Once installed, it will restart. After it reboots, log in. Before we install the Pi-Hole, we need to have a webserver. Pi-Hole uses Lighttpd, instead of Apache2. I’ve heard of people getting it to work on Apache2, but I couldn’t. Oddly enough, Pi-Hole doesn’t install Lighttpd, so we have to do it on our own. That’s why it’s easier to install that first.

• sudo apt-get install lighttpd -y

Once that’s installed, we can get to the actual Pi-Hole.

• sudo curl -L https://install.pi-hole.net | bash

Follow the prompts. When it asks which DNS to use, I just went with Google servers.

After the Pi-Hole is done, installing, open up a browser tab on your main computer, and go to (ip of the Pi-Hole)/admin (ie. 192.168.1.102/admin). You should see the Pi-Hole Console page. It should look like the image above. If it’s working, we are almost done. If not, restart the Pi-Hole VM, and check again.

Now let’s check that it’s working. On your computer, change the DNS server on your computer to the Pi-Hole IP. This is different on different OSes. For instance, on Windows 10, right click on the Internet Icon next to the clock, select “Open Network and Sharing Center”, then click “Change Adapter Settings”, then right click on the connection you are using, and select “Properties”. Find the Internet Protocol Version 4 option, click “Properties” and at the bottom, you’ll see two spots for IP addresses.

Now try going to a webpage. Just a normal page, like Google. Does it work? Great. Now go to a page that you know has ads. Are they still there? If so, you might have to restart your computer. In my case, they were gone, but they had a blank box in their place. I’m still working on solving this.

I updated the index page that the Pi-Hole uses.

• sudo nano /var/www/html/pihole/index.html

This is what it should look like:

• <html>
  <body>
  <div>
  <img src =”data:image/gif;base64,R0lGODlhAQABAAAAACwAAAAAAQABAAA=” alt=”Blocked by Pi-hole” />
  </div>
  </body>
  </html>

That didn’t help. So I tried to do a URL rewrite. First download the blank gif, then rename it, move it, and open up a script.

• cd /var/www/html/pihole
• sudo curl -O http://probablyprogramming.com/wp-content/uploads/2009/03/handtinyblack.gif
• sudo mkdir images
• sudo mv handtinyblack.gif images/25Bytes.gif
• sudo nano /etc/lighttpd/lighttpd.conf

And add this to the end:

• $HTTP[“host”] =~ “.*” {
  url.rewrite = (“.*” => “images/25Bytes.gif”)
  }

Still no luck. Not sure what the problem is, but at least the ads are blocked. You should be able to change your router so that it uses the Pi-Hole as a DNS server, but mine gave me issues when I tried that. Ideally, anything that is connected to your wifi router, would send all internet requests to the Pi-Hole, and that would block all ads.

On Windows 10 (and maybe other versions of Windows), you might get a glitch where the “connected” icon might look like it’s not connected to the internet, but it actually is. To solve that, you have to add a Windows domain to the Whitelist.

• sudo pihole -w msftncsi.com

From what I’ve read, they’ve now added an autoupdate feature, but just in case it isn’t working, you can run these two commands. The first updates the admin page. The second updates the adblock list.

• pihole -u
• pihole -g

And I’m finally done with this bullshit. Time to go relax and not think about computers for a while. Next time I might finally get around to walking you through setting up a domain controller.