Technitium DNS server zone high-availability

on
0

AdGuard Home DNS-over-HTTPS setup

on

AdGuard Home is a network-wide software for blocking ads & tracking and it support DNS-over-HTTPS protocol out-of-the-box.

To setup DoH under AdGuard Home:

1. Register your AdGuard Home instance with a domain name (mydns.viewdns.net). You can use No-IP as they provide free domain services.

2. Install certbot and request free SSL certificates from Lets' Encrypt.

sudo apt-get install certbot

3. Certbot will use port 80 to register/renew SSL certificate. Create certbot pre and post hook script to stop/start AdGuard Home web server during the certificates request/renew process.

# /home/ubuntu/adguardhome_pre_hook.sh
#!/bin/bash
 
# stop AdGuardHome service
/opt/AdGuardHome/AdGuardHome -s stop

# allow HTTP iptables access
# only enable this if you enable iptables rules source IP control
#/sbin/iptables -R INPUT 7 -p tcp -m state --state NEW --dport 80 -j ACCEPT
# /home/ubuntu/adguardhome_post_hook.sh
#!/bin/bash
 
# start AdGuardHome service
/opt/AdGuardHome/AdGuardHome -s start

# allow HTTP iptables access
# only enable this if you enable iptables rules source IP control
# your ddns hostname
#ddns_host="hostname.ddns.net"

# extract your latest dynamic IP from the ddns hostname
#ddns_ip=`host $ddns_host | cut -d ' ' -f 4`

#/sbin/iptables -R INPUT 7 -p tcp -m state --state NEW --dport 80 -s $ddns_ip -j ACCEPT

4. Make both files executable.

sudo chmod +x  /home/ubuntu/adguardhome_p*.sh

5. To test certbot request SSL certificates process. Replace the email address with your.

sudo certbot certonly --standalone --preferred-challenges http -d mydns.viewdns.net --pre-hook /home/ubuntu/adguardhome_pre_hook.sh --post-hook /home/ubuntu/adguardhome_post_hook.sh -m youremail@gmail.com --dry-run

6. Run the script with out '--dry-run' option. Replace the email address with your.

sudo certbot certonly --standalone --preferred-challenges http -d mydns.viewdns.net --pre-hook /home/ubuntu/adguardhome_pre_hook.sh --post-hook /home/ubuntu/adguardhome_post_hook.sh -m youremail@gmail.com

7. Enable Encryption in AdGuard Home webUI with the registered domain name and SSL certificates. Make sure to allow port 443 (tcp) in iptables and Oracle VCN's firewall.

 
 
 
 
8. Configure Firefox to use DoH server (https://mydns.viewdns.net/dns-query) under Network Connection.
 

9. Check out AdGuard Home Query Log for DoH connection.
 

10. Certbot will auto renew via cron when the certificates expiry date near.


Comments

Sandro said…
Hi, your guides are literally amazing. You have solved so many problems for me in a super simple way.
I would like to ask you for a little help, I would like to go to the next step with AdGuard, installing unbound DNS but after installing the certificate (perfectly working) with let's encrypt I have this error at every update attempt:

Failed to fetch http://eu-milan-1-ad-1.clouds.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification.

Thank you for your support
November 25, 2023 at 6:49 PM
Post a Comment