組織内でPi-Holeを動作させていますが、同様にAD Block機能があるAdGuard HomeをAlmaLinux 8にインストールしてみました。
AlmaLinux – Free Linux OS for the community, by the community
https://almalinux.org/
AdGuard Home
https://adguard.com/en/adguard-home/overview.html
AdguardTeam/AdGuardHome
https://github.com/AdguardTeam/AdGuardHome#getting-started
Privacy protection center for you and your devices
Free and open source, powerful network-wide ads & trackers blocking DNS server.
環境
・AlmaLinux release 8.5 (Arctic Sphynx)
・Kernel 4.18.0-348.7.1.el8_5.x86_64
・Minimal Install
- インストール
- 自動起動の確認
- Firewallの許可
- 管理画面にアクセス
- 管理画面にアクセス
- ダッシュボード
- インストールされたプログラム
- 設定ファイル
- フィルタ
インストールはとても簡単で一瞬で終わりました。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[root@alma ~]# curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v starting AdGuard Home installation script channel: release operating system: linux cpu type: amd64 AdGuard Home will be installed into /opt/AdGuardHome checking curl checking tar script is executed with root privileges no need to uninstall downloading package from https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz -> AdGuardHome_linux_amd64.tar.gz successfully downloaded AdGuardHome_linux_amd64.tar.gz unpacking package from AdGuardHome_linux_amd64.tar.gz into /opt successfully unpacked, contents: total 35812 -rwxrwxrwx. 1 root root 36577280 Dec 21 22:55 AdGuardHome -rw-rw-rw-. 1 root root 331 Dec 21 22:55 AdGuardHome.sig -rw-r--r--. 1 root root 28447 Dec 21 22:55 CHANGELOG.md -rw-r--r--. 1 root root 35149 Dec 21 22:55 LICENSE.txt -rw-r--r--. 1 root root 23236 Dec 21 22:55 README.md 2021/12/23 11:40:26 [info] service: control action: install 2021/12/23 11:40:27 [info] service: started 2021/12/23 11:40:27 [info] Almost ready! AdGuard Home is successfully installed and will automatically start on boot. There are a few more things that must be configured before you can use it. Click on the link below and follow the Installation Wizard steps to finish setup. AdGuard Home is now available at the following addresses: 2021/12/23 11:40:27 [info] Go to http://127.0.0.1:3000 2021/12/23 11:40:27 [info] Go to http://[::1]:3000 2021/12/23 11:40:27 [info] Go to http://192.168.1.1:3000 2021/12/23 11:40:27 [info] Go to http://[2222:222:eee:eee:222:2929:ffff:9999]:3000 2021/12/23 11:40:27 [info] service: action install has been done successfully on linux-systemd AdGuard Home is now installed and running you can control the service status with the following commands: sudo /opt/AdGuardHome/AdGuardHome -s start|stop|restart|status|install|uninstall |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@alma ~]# systemctl list-unit-files | grep Ad AdGuardHome.service enabled [root@alma ~]# systemctl status AdGuardHome * AdGuardHome.service - AdGuard Home: Network-level blocker Loaded: loaded (/etc/systemd/system/AdGuardHome.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-12-23 11:40:27 JST; 3min 44s ago Process: 5715 ExecStartPre=/bin/mkdir -p /var/log/ (code=exited, status=0/SUCCESS) Main PID: 5717 (AdGuardHome) Tasks: 8 (limit: 23501) Memory: 17.6M CGroup: /system.slice/AdGuardHome.service `-5717 /opt/AdGuardHome/AdGuardHome -s run Dec 23 11:40:27 alma.rootlinks.net systemd[1]: Starting AdGuard Home: Network-level blocker... Dec 23 11:40:27 alma.rootlinks.net systemd[1]: Started AdGuard Home: Network-level blocker. |
管理画面にアクセスするためにPort3000を許可します。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@alma ~]# firewall-cmd --permanent --add-port=3000/tcp success [root@alma ~]# firewall-cmd --reload success [root@alma ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: 3000/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
http://IP_Address:3000/にアクセスします…あれ!?、接続できないよ。なぜ?
Port3000で動作していない?
試しにFirewalldを無効かしていろいろ試すとPort80で動作していました。
インストール時に表示されるメッセージと違っていました。
Port3000を削除してPort80を許可します。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@alma ~]# firewall-cmd --permanent --remove-port=3000/tcp success [root@alma ~]# firewall-cmd --permanent --add-service=http success [root@alma ~]# firewall-cmd --reload success [root@alma ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client http ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
http://IP_Address/にアクセスすると初期設定ウィザードが開始されます。
初期設定で設定した管理者ID,パスワードでログイン、環境に合わせて各種設定を行います。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
total 35816 -rwxrwxrwx. 1 root root 36577280 Dec 21 22:55 AdGuardHome -rw-rw-rw-. 1 root root 331 Dec 21 22:55 AdGuardHome.sig -rw-r--r--. 1 root root 2874 Dec 23 14:46 AdGuardHome.yaml -rw-r--r--. 1 root root 28447 Dec 21 22:55 CHANGELOG.md -rw-r--r--. 1 root root 35149 Dec 21 22:55 LICENSE.txt -rw-r--r--. 1 root root 23236 Dec 21 22:55 README.md drwxr-xr-x. 3 root root 56 Dec 23 11:52 data [root@alma ~]# /opt/AdGuardHome/AdGuardHome --version AdGuard Home, version v0.107.0 [root@alma ~]# /opt/AdGuardHome/AdGuardHome --help Usage: /opt/AdGuardHome/AdGuardHome [options] Options: -c, --config VALUE Path to the config file. -w, --work-dir VALUE Path to the working directory. -h, --host VALUE Host address to bind HTTP server on. -p, --port VALUE Port to serve HTTP pages on. -s, --service VALUE Service control action: status, install, uninstall, start, stop, restart, reload (configuration). -l, --logfile VALUE Path to log file. If empty: write to stdout; if 'syslog': write to system log. --pidfile VALUE Path to a file where PID is stored. --check-config Check configuration and exit. --no-check-update Don't check for updates. --no-mem-optimization Disable memory optimization. --no-etc-hosts Do not use the OS-provided hosts. --local-frontend Use local frontend directories. -v, --verbose Enable verbose output. --glinet Run in GL-Inet compatibility mode. --version Show the version and exit. Show more detailed version description with -v. --help Print this help. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
[root@alma ~]# cat /opt/AdGuardHome/AdGuardHome.yaml bind_host: 0.0.0.0 bind_port: 80 beta_bind_port: 0 users: - name: Admin password: $2a$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ auth_attempts: 5 block_auth_min: 15 http_proxy: "" language: "" debug_pprof: false web_session_ttl: 720 dns: bind_hosts: - 0.0.0.0 port: 53 statistics_interval: 1 querylog_enabled: true querylog_file_enabled: true querylog_interval: 2160h querylog_size_memory: 1000 anonymize_client_ip: false protection_enabled: true blocking_mode: default blocking_ipv4: "" blocking_ipv6: "" blocked_response_ttl: 10 parental_block_host: family-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com ratelimit: 20 ratelimit_whitelist: [] refuse_any: true upstream_dns: - https://dns10.quad9.net/dns-query upstream_dns_file: "" bootstrap_dns: - 9.9.9.10 - 149.112.112.10 - 2620:fe::10 - 2620:fe::fe:10 all_servers: false fastest_addr: false fastest_timeout: 1s allowed_clients: [] disallowed_clients: [] blocked_hosts: - version.bind - id.server - hostname.bind trusted_proxies: - 127.0.0.0/8 - ::1/128 cache_size: 4194304 cache_ttl_min: 0 cache_ttl_max: 0 cache_optimistic: false bogus_nxdomain: [] aaaa_disabled: false enable_dnssec: false edns_client_subnet: false max_goroutines: 300 ipset: [] filtering_enabled: true filters_update_interval: 24 parental_enabled: false safesearch_enabled: false safebrowsing_enabled: false safebrowsing_cache_size: 1048576 safesearch_cache_size: 1048576 parental_cache_size: 1048576 cache_time: 30 rewrites: [] blocked_services: [] upstream_timeout: 10s local_domain_name: lan resolve_clients: true use_private_ptr_resolvers: true local_ptr_upstreams: [] tls: enabled: false server_name: "" force_https: false port_https: 443 port_dns_over_tls: 853 port_dns_over_quic: 784 port_dnscrypt: 0 dnscrypt_config_file: "" allow_unencrypted_doh: false strict_sni_check: false certificate_chain: "" private_key: "" certificate_path: "" private_key_path: "" filters: - enabled: true url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt name: AdGuard DNS filter id: 1 - enabled: false url: https://adaway.org/hosts.txt name: AdAway Default Blocklist id: 2 whitelist_filters: [] user_rules: [] dhcp: enabled: false interface_name: "" dhcpv4: gateway_ip: "" subnet_mask: "" range_start: "" range_end: "" lease_duration: 86400 icmp_timeout_msec: 1000 options: [] dhcpv6: range_start: "" lease_duration: 86400 ra_slaac_only: false ra_allow_slaac: false clients: [] log_compress: false log_localtime: false log_max_backups: 0 log_max_size: 100 log_max_age: 3 log_file: "" verbose: false os: group: "" user: "" rlimit_nofile: 0 schema_version: 12 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@alma ~]# ls -l /opt/AdGuardHome/data/filters/ total 820 -rw-r--r--. 1 root root 838903 Dec 23 11:52 1.txt [root@alma ~]# head /opt/AdGuardHome/data/filters/1.txt ! ! Title: AdGuard DNS filter ! Description: Filter composed of several other filters (AdGuard Base filter, Social media filter, Tracking Protection filter, Mobile ads filter, EasyList, EasyPrivacy, etc) and simplified specifically to be better compatible with DNS-level ad blocking. ! Homepage: https://github.com/AdguardTeam/AdguardSDNSFilter ! License: https://github.com/AdguardTeam/AdguardSDNSFilter/blob/master/LICENSE ! Last modified: 2021-12-23T00:20:01.892Z ! ! Compiled by @adguard/hostlist-compiler v1.0.12 ! ! |