diff --git a/README.md b/README.md index be0d4369..09b88524 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ +# Automated Install + +1. Install Raspbian +2. Set a **static** IP address +3. Run the command below + +```curl -L install.pi-hole.net | bash``` + +Once installed, **configure any device to use the Raspberry Pi as its DNS server and the ads will be blocked**. You can also configure your router's DHCP options to assign the Pi as clients DNS server so they do not need to do it manually. + +[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif "AdminLTE Presentation")](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY "Donate") + # Raspberry Pi Ad Blocker **A black hole for ads, hence Pi-hole** @@ -6,22 +18,19 @@ The Pi-hole is a DNS/Web server that will **block ads for any device on your network**. ## Coverage -Featured on [MakeUseOf](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) and [Lifehacker](http://lifehacker.com/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-co-1686093533)! -## Automated Install +### Security Now! Podcast +Pi-hole is mentioned at 100 minutes and 26 seconds (the link brings you right there) +[![Pi-hole on Security Now!](http://img.youtube.com/vi/p7-osq_y8i8/0.jpg)](http://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) -1. Install Raspbian -2. Set a **static** IP address -3. Run the command below +### Tech Blogs -```curl -s "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/automated%20install/basic-install.sh" | bash``` +Featured on [MakeUseOf](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) and [Lifehacker](http://lifehacker.com/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-co-1686093533)! -Once installed, **configure any device to use the Raspberry Pi as its DNS server and the ads will be blocked**. You can also configure your router's DHCP options to assign the Pi as clients DNS server so they do not need to do it manually. +## Technical Details A more detailed explanation of the installation can be found [here](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0). -[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif "AdminLTE Presentation")](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY "Donate") - ## Gravity The [gravity.sh](https://github.com/jacobsalmela/pi-hole/blob/master/gravity.sh) does most of the magic. The script pulls in ad domains from many sources and compiles them into a single list of [over 1.6 million entries](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0). @@ -29,7 +38,11 @@ The [gravity.sh](https://github.com/jacobsalmela/pi-hole/blob/master/gravity.sh) You can add a `whitelist.txt` or `blacklist.txt` in `/etc/pihole/` and the script will apply those files automatically. ## Web Interface -I am also working on a [Web interface](https://github.com/jacobsalmela/AdminLTE#pi-hole-admin-dashboard) so you can view stats and change settings. +The [Web interface](https://github.com/jacobsalmela/AdminLTE#pi-hole-admin-dashboard) will be installed automatically so you can view stats and change settings. You can find it at: + +`http://192.168.1.x/admin/index.php` + +![Web](http://i.imgur.com/m114SCn.png) ## Custom Config File If you want to use your own variables for the gravity script (i.e. storing the files in a different location) and don't want to have to change them every time there is an update to the script, create a file called `/etc/pihole/pihole.conf`. In it, you should add your own variables in a similar fashion as shown below: @@ -47,4 +60,7 @@ A technical and detailed description can be found [here](http://jacobsalmela.com ## Other Operating Systems This script will work for other UNIX-like systems with some slight **modifications**. As long as you can install `dnsmasq` and a Webserver, it should work OK. The automated install only works for a clean install of Raspiban right now since that is how the project originated. +### Examples Of The Pi-hole On Other Operating Systems +- [Sky-Hole](http://dlaa.me/blog/post/skyhole) + [![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif "AdminLTE Presentation")](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY "Donate") diff --git a/advanced/Scripts/whitelist.sh b/advanced/Scripts/whitelist.sh index aed6bd0f..d610d0a5 100755 --- a/advanced/Scripts/whitelist.sh +++ b/advanced/Scripts/whitelist.sh @@ -1,13 +1,44 @@ #!/bin/bash + +if [ $# = 0 ]; then + echo "Immediately whitelists one or more domains." + echo "Usage: whitelist.sh domain1 [domain2 ...]" +fi + +combopattern="" + # For each argument passed to this script for var in "$@" do - echo "Whitelisting $var..." - # Use sed to search for the domain in /etc/pihole/gravity.list and remove it using an in-place edit - sed -i "/$var/d" /etc/pihole/gravity.list - # Also add the domain to the whitelist.txt in /etc/pihole - echo "$var" >> /etc/pihole/whitelist.txt + echo "Whitelisting $var..." + + # Construct basic pattern to match domain name. + basicpattern=$(echo $var | awk -F '[# \t]' 'NF>0&&$1!="" {print ""$1""}' | sed 's/\./\\./g') + + if [ "$basicpattern" != "" ]; then + # Add to the combination pattern that will be used below + if [ "$combopattern" != "" ]; then combopattern="$combopattern|"; fi + combopattern="$combopattern$basicpattern" + + # Also add the domain to the whitelist but only if it's not already present + grep -E -q "^$basicpattern$" /etc/pihole/whitelist.txt \ + || echo "$var" >> /etc/pihole/whitelist.txt + fi done -echo "** $# domain(s) whitelisted." -# Force dnsmasq to reload /etc/pihole/gravity.list -kill -HUP $(pidof dnsmasq) \ No newline at end of file + +# Now report on and remove matched domains +if [ "$combopattern" != "" ]; then + echo "Modifying hosts file..." + + # Construct pattern to match entry in hosts file. + # This consists of one or more IP addresses followed by the domain name. + pattern=$(echo $combopattern | awk -F '[# \t]' '{printf "%s", "^(([0-9]+\.){3}[0-9]+ +)+("$1")$"}') + + # Output what will be removed and then actually remove + sed -r -n 's/'"$pattern"'/ Removed: \3/p' /etc/pihole/gravity.list + sed -r -i '/'"$pattern"'/d' /etc/pihole/gravity.list + + echo "** $# domain(s) whitelisted." + # Force dnsmasq to reload /etc/pihole/gravity.list + kill -HUP $(pidof dnsmasq) +fi diff --git a/advanced/lighttpd.conf b/advanced/lighttpd.conf index 1c3ed076..a4253a0e 100644 --- a/advanced/lighttpd.conf +++ b/advanced/lighttpd.conf @@ -2,37 +2,46 @@ server.modules = ( "mod_expire", "mod_compress", "mod_redirect", + "mod_setenv", "mod_rewrite" ) - -server.document-root = "/var/www" + +server.document-root = "/var/www/html" +server.error-handler-404 = "pihole/index.html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 - - + + index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - + compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) - + # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/include-conf-enabled.pl" - -# Set access to 1 day for better query performance when the list gets so large -# http://jacobsalmela.com/raspberry-pi-block-ads-adtrap/#comment-2013820434 -$HTTP["url"] =~ "^/pihole/" { - expire.url = ("" => "access plus 1 days") + +# If the URL starts with /admin, it is the Web interface +$HTTP["url"] =~ "^/admin/" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) +} + +# If the URL does not start with /admin, then it is a query for an ad domain +$HTTP["url"] =~ "^(?!/admin)/.*" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) + + # Set the cache to 1 day for better performance + expire.url = ("" => "access plus 1 days") + + # Send the query into the black hole + url.rewrite = (".*" => "pihole/index.html" ) } - -# Rewrites all URLs to the /var/www/pihole/index.html -$HTTP["host"] =~ ".*" { - url.rewrite = (".*" => "pihole/index.html") -} \ No newline at end of file diff --git a/advanced/pihole.cron b/advanced/pihole.cron new file mode 100644 index 00000000..a707607e --- /dev/null +++ b/advanced/pihole.cron @@ -0,0 +1 @@ +@weekly sudo /usr/local/bin/gravity.sh diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 80bb7543..7c48fdba 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -51,9 +51,10 @@ sudo apt-get -y install dnsmasq sudo update-rc.d dnsmasq enable echo "Installing a Web server" -sudo apt-get -y install lighttpd -sudo chown www-data:www-data /var/www -sudo chmod 775 /var/www +sudo apt-get -y install lighttpd php5-common php5-cgi php5 +sudo mkdir /var/www/html +sudo chown www-data:www-data /var/www/html +sudo chmod 775 /var/www/html sudo usermod -a -G www-data pi echo "Stopping services to modify them..." @@ -63,11 +64,21 @@ sudo service lighttpd stop echo "Backing up original config files and downloading Pi-hole ones..." sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig sudo mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig -sudo mv /var/www/index.lighttpd.html /var/www/index.lighttpd.orig +sudo mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig sudo curl -o /etc/dnsmasq.conf "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/advanced/dnsmasq.conf" sudo curl -o /etc/lighttpd/lighttpd.conf "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/advanced/lighttpd.conf" -sudo mkdir /var/www/pihole -sudo curl -o /var/www/pihole/index.html "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/advanced/index.html" +sudo lighty-enable-mod fastcgi fastcgi-php +sudo mkdir /var/www/html/pihole +sudo curl -o /var/www/html/pihole/index.html "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/advanced/index.html" + +echo "Installing the Web interface..." +sudo wget https://github.com/jacobsalmela/AdminLTE/archive/master.zip -O /var/www/master.zip +sudo unzip /var/www/master.zip -d /var/www/html/ +sudo mv /var/www/html/AdminLTE-master /var/www/html/admin +sudo rm /var/www/master.zip 2>/dev/null +sudo touch /var/log/pihole.log +sudo chmod 644 /var/log/pihole.log +sudo chown dnsmasq:root /var/log/pihole.log echo "Locating the Pi-hole..." sudo curl -o /usr/local/bin/gravity.sh "https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/gravity.sh" @@ -79,4 +90,4 @@ echo "Entering the event horizon..." sudo /usr/local/bin/gravity.sh echo "Restarting..." -sudo shutdown -r now +sudo reboot diff --git a/gravity.sh b/gravity.sh index 9ca3394b..a4400a50 100755 --- a/gravity.sh +++ b/gravity.sh @@ -1,10 +1,9 @@ #!/bin/bash # http://pi-hole.net -# Compiles a list of ad-serving domains by downloading them from multiple sources +# Compiles a list of ad-serving domains by downloading them from multiple sources # This script should only be run after you have a static IP address set on the Pi -piholeIPv4=$(ip addr show | awk '{match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | sed '/^\s*$/d' | grep -v "127.0.0.1") -piholeIPv6=$(ip addr show | awk '/scope\ global/ && /ff:fe/ {print $2}' | cut -d'/' -f1) +piholeIP=$(hostname -I) # Ad-list sources--one per line in single quotes sources=('https://adaway.org/hosts.txt' @@ -20,6 +19,9 @@ sources=('https://adaway.org/hosts.txt' adList=/etc/pihole/gravity.list origin=/etc/pihole piholeDir=/etc/pihole +if [[ -f $piholeDir/pihole.conf ]];then + . $piholeDir/pihole.conf +fi justDomainsExtension=domains matter=pihole.0.matter.txt andLight=pihole.1.andLight.txt @@ -32,13 +34,6 @@ latentBlacklist=$origin/latentBlacklist.txt whitelist=$piholeDir/whitelist.txt latentWhitelist=$origin/latentWhitelist.txt -# After setting defaults, check if there's local overrides -if [[ -r $piholeDir/pihole.conf ]];then - echo "** Local calibration requested..." - . $piholeDir/pihole.conf -fi - - echo "** Neutrino emissions detected..." # Create the pihole resource directory if it doesn't exist. Future files will be stored here @@ -49,66 +44,61 @@ else sudo mkdir $piholeDir fi -# Add additional swap to prevent the "Error fork: unable to allocate memory" message: https://github.com/jacobsalmela/pi-hole/issues/37 -function createSwapFile() -######################### - { - echo "** Creating more swap space to accomodate large solar masses..." - sudo dphys-swapfile swapoff - sudo curl -s -o /etc/dphys-swapfile https://raw.githubusercontent.com/jacobsalmela/pi-hole/master/advanced/dphys-swapfile - sudo dphys-swapfile setup - sudo dphys-swapfile swapon - } - - -if [[ -n "$noSwap" ]]; then - # if $noSwap is set, don't do anything - : -elif [[ -f /etc/dphys-swapfile ]];then - swapSize=$(cat /etc/dphys-swapfile | grep -m1 CONF_SWAPSIZE | cut -d'=' -f2) - if [[ $swapSize != 500 ]];then - mv /etc/dphys-swapfile /etc/dphys-swapfile.orig - echo "** Current swap size is $swapSize" - createSwapFile - else - : - fi -else - echo "** No swap file found. Creating one..." - createSwapFile -fi - # Loop through domain list. Download each one and remove commented lines (lines beginning with '# 'or '/') and blank lines for ((i = 0; i < "${#sources[@]}"; i++)) do url=${sources[$i]} # Get just the domain from the URL domain=$(echo "$url" | cut -d'/' -f3) - + # Save the file as list.#.domain saveLocation=$origin/list.$i.$domain.$justDomainsExtension - echo -n "Getting $domain list... " - # Use a case statement to download lists that need special cURL commands to complete properly - case "$domain" in - "adblock.mahakala.is") data=$(curl -s -A 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' -e http://forum.xda-developers.com/ -z $saveLocation $url);; - - "pgl.yoyo.org") data=$(curl -s -d mimetype=plaintext -d hostformat=hosts -z $saveLocation $url);; + agent="Mozilla/10.0" + + echo -n "Getting $domain list... " - *) data=$(curl -s -z $saveLocation -A "Mozilla/10.0" $url);; + # Use a case statement to download lists that need special cURL commands + # to complete properly and reset the user agent when required + case "$domain" in + "adblock.mahakala.is") + agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' + cmd="curl -e http://forum.xda-developers.com/" + ;; + + "pgl.yoyo.org") + cmd="curl -d mimetype=plaintext -d hostformat=hosts" + ;; + + # Default is a simple curl request + *) cmd="curl" esac - if [[ -n "$data" ]];then + # tmp file, so we don't have to store the (long!) lists in RAM + patternBuffer=`mktemp` + heisenbergCompensator="" + if [ -r $saveLocation ]; then + heisenbergCompensator="-z $saveLocation" + fi + CMD="$cmd -s $heisenbergCompensator -A '$agent' $url > $patternBuffer" + echo "** Engaging pattern transference..." + $cmd -s $heisenbergCompensator -A "$agent" $url > $patternBuffer + + + if [[ -s "$patternBuffer" ]];then # Remove comments and print only the domain name # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious # This helps with that and makes it easier to read # It also helps with debugging so each stage of the script can be researched more in depth - echo "$data" | awk 'NF {if ($1 !~ "#") { if (NF>1) {print $2} else {print $1}}}' | \ - sed -e 's/^[. \t]*//' -e 's/\.\.\+/./g' -e 's/[. \t]*$//' | grep "\." > $saveLocation + awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' $patternBuffer | \ + sed -nr -e 's/\.{2,}/./g' -e '/\./p' > $saveLocation echo "Done." else - echo "Skipping list because it does not have any new entries." + echo "Skipping pattern because transporter logic detected no changes..." fi + + # cleanup + rm -f $patternBuffer done # Find all files with the .domains extension and compile them into one file and remove CRs @@ -116,39 +106,43 @@ echo "** Aggregating list of domains..." find $origin/ -type f -name "*.$justDomainsExtension" -exec cat {} \; | tr -d '\r' > $origin/$matter # Append blacklist entries if they exist -if [[ -f $blacklist ]];then +if [[ -r $blacklist ]];then numberOf=$(cat $blacklist | sed '/^\s*$/d' | wc -l) echo "** Blacklisting $numberOf domain(s)..." cat $blacklist >> $origin/$matter -else - : fi -function gravity_advanced() ########################### - { - numberOf=$(cat $origin/$andLight | sed '/^\s*$/d' | wc -l) - echo "** $numberOf domains being pulled in by gravity..." +function gravity_advanced() { + + numberOf=$(wc -l < $origin/$andLight) + echo "** $numberOf domains being pulled in by gravity..." + # Remove carriage returns and preceding whitespace - cat $origin/$andLight | sed $'s/\r$//' | sed '/^\s*$/d' > $origin/$supernova + # not really needed anymore? + cp $origin/$andLight $origin/$supernova + # Sort and remove duplicates - cat $origin/$supernova | sort | uniq > $origin/$eventHorizon - numberOf=$(cat $origin/$eventHorizon | sed '/^\s*$/d' | wc -l) + sort -u $origin/$supernova > $origin/$eventHorizon + numberOf=$(wc -l < $origin/$eventHorizon) echo "** $numberOf unique domains trapped in the event horizon." + # Format domain list as "192.168.x.x domain.com" echo "** Formatting domains into a HOSTS file..." - cat $origin/$eventHorizon | awk '{sub(/\r$/,""); print "'"$piholeIPv4 "'" $0"\n""'"$piholeIPv6 "'" $0}' > $origin/$accretionDisc + awk '{print "'"$piholeIP"'" $1}' $origin/$eventHorizon > $origin/$accretionDisc + # Copy the file over as /etc/pihole/gravity.list so dnsmasq can use it sudo cp $origin/$accretionDisc $adList kill -HUP $(pidof dnsmasq) - } - +} + # Whitelist (if applicable) then remove duplicates and format for dnsmasq -if [[ -f $whitelist ]];then +if [[ -r $whitelist ]];then # Remove whitelist entries numberOf=$(cat $whitelist | sed '/^\s*$/d' | wc -l) plural=; [[ "$numberOf" != "1" ]] && plural=s - echo "** Whitelisting $numberOf domain${plural}..." + echo "** Whitelisting $numberOf $whitelist domain${plural}..." + # Append a "$" to the end, prepend a "^" to the beginning, and # replace "." with "\." of each line to turn each entry into a # regexp so it can be parsed out with grep -x @@ -165,6 +159,7 @@ do echo "$url" | awk -F '/' '{print "^"$3"$"}' | sed 's/\./\\./g' >> $latentWhitelist done +# Remove whitelist entries from deduped list grep -vxf $latentWhitelist $origin/$matter > $origin/$andLight gravity_advanced