Docker Website (10) AdGuard Home

0. Why AdGuard is needed

In China, domestic Apps will have strange opening advertisements, and even bought home TVs will have startup advertisements that cannot be turned off. .

Using automatic skipping software, such as the well-known Li Tiaotiao, light start, auto skipping, is a temporary solution, not a permanent solution; and self-built DNS server, blocking the ad server from the root, is the best solution.

Note:
AdGuard Home is only suitable for home use, not suitable for deployment on enterprise servers. It is recommended to use the NAS/Raspberry Pi/OpenWrt router at home for deployment. Do not enable public access when deploying with domestic cloud servers. You need to enable the IP whitelist, otherwise you will be warned by the cloud vendor within 1 working day!

Disclaimer:
This tutorial only briefly shares the construction method. Refer to the DNS server built in this tutorial. This site will not be responsible for any consequences caused by illegal purposes.

1. About

AdGuard Home is a network-wide ad blocking and anti-tracking software.
Once you install it, it will protect all your home devices and you won't need to install any client software.
With the rise of the Internet of Things and connected devices, it is increasingly important to be in control of your entire network environment.
——AdGuard Home official website

According to the netizen test of V2EX and other websites, AdGuard Home can filter almost all advertisements including mobile phone screen advertisement, in-app advertisement, TV startup advertisement, and the user experience is very good.

However, due to special reasons, you may not be able to enjoy such a good service, and the reason will be discussed later

2. Installation

2.1, non-Docker installation

You can use this method if you don't want to use Docker.

GitHub project address:
https://github.com/AdguardTeam/AdGuardHome

One-click script execution:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

Note: If the server port 53 is occupied, this method cannot be used, or the configuration is very troublesome. For example, I configured the Dnsmasq server and chose Docker deployment.

2.2, command line installation

implement:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

When initializing, please keep the panel port as 3000. Otherwise, change the port mapping above.

3. Initialization

Reverse generation according to the old method, just visit the website.

Just keep the default settings.

4, DNS related settings

Refer to the following pictures:

Special Note:

• If the server is in China, you can directly use Tencent Cloud PublicDNS, which is currently free and integrates the advertising blocking function of well-known blocking lists such as AdGuard and EasyList
• If the server is in China, use the DNS that comes with the server first, which is generally the fastest DNS in an availability zone
• If you go to a small factory server, you can also use the DNS of Ali, Tencent or 114, none of the above DNS is polluted

List of upstream DNS servers:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

119.29.29.29
1.2.4.8
101.226.4.6
tcp://114.114.114.114
tcp://114.114.115.115
tcp://223.5.5.5
tcp://223.6.6.6
tcp://8.8.4.4
tcp://202.14.67.4
tcp://202.14.67.14
tcp://202.130.97.65
tcp://202.130.97.66
tcp://168.95.192.1
https://1.1.1.1/dns-query
https://1.0.0.1/dns-query
tls://8.8.8.8
tls://8.8.4.4
tls://dns.google:853

List of Bootstrap servers:

1
2
3
4
5
6
7
8
9

219.141.136.10
219.141.140.10
202.96.199.133
119.29.29.29
223.5.5.5
180.76.76.76
8.8.8.8
8.8.4.4
208.67.222.222

If it prompts that a certain server cannot pass the verification when saving, just delete this line.

5. Remove advertisements

Set block list:

recommend:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

* Note: /
The more ad blocking list is not the better, just choose the most comprehensive one (domestic first, most foreign ones may block Google, YouTube and other ads), too many rules will slow down the DNS resolution speed.

6. Effect

6.1, client configuration

router:

Currently, it is not possible to configure AdGuardHome's DoH/DoT on the router to realize the sharing of ads by the whole family. But you can use DNSPod's PublicDNS, which supports TCP/UDP DNS.

Android:

Android devices natively support DoT, just search for encrypted DNS in the settings.

In addition, you can also install AdGuard software to experience DoH:

AdGuard App
https://adguard.com/adguard-android/overview.html

The official comes with many servers with AdGuard installed, and the default ones can be accessed in mainland China.

Regardless of whether it is Root or not, it does not affect the use.

Windows:

Find the DNS settings in the settings:

6.2, reverse proxy

Using DoH is still easy to be warned, so you can use Nginx reverse proxy + pagoda firewall to modify the DoH path and implement Access Token authentication.

Reverse proxy configuration:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

1
2
3

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;

You can get the real IP of the client.

In Pagoda Firewall - Site Settings, add "Protected URL",

Parameter customization, such as using username and password, the final DoH path is:

https://domain name/entry/?username=password

If there is no parameter, it will be intercepted, and the IP will be directly blocked by the pagoda firewall after several interceptions, effectively preventing active detection, preventing being rubbed or being blocked by the wall.

6.3 Experience