AdGuard Home
AdGuard Home is a network-wide ad and tracker blocker. It functions as a DNS server which returns an empty response when a domain is present on a blocklist. It caches queries, reducing the number sent to upstream DNS servers and speeding up resolution time. Along with blocking ads, it can rewrite DNS queries to point to user-defined IP addresses, which can be used to assign domains to hosts internally.
This compose file deploys AdGuard Home with port 53 exposed for accepting DNS queries. Persistent data is stored on NFS-mounted volumes, and the web dashboard is proxied through a Traefik reverse proxy with Cloudflare TLS certificates.
Once the service is running, you can change your router's DNS settings to point to the hosts IP address and port 53.
Docker Compose
# compose.yaml
services:
adguardhome:
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
ports:
- "53:53/tcp"
- "53:53/udp"
networks:
- agh_proxy
volumes:
- type: volume
source: docker-nfs
target: /opt/adguardhome/work
volume:
subpath: adguardhome/work
- type: volume
source: docker-nfs
target: /opt/adguardhome/conf
volume:
subpath: adguardhome/conf
cap_add:
- NET_ADMIN
environment:
- TZ=Europe/London
labels:
- "traefik.enable=true"
- "traefik.docker.network=agh_proxy"
- "traefik.http.services.adguardhome.loadbalancer.server.port=8082"
- "traefik.http.routers.adguardhome.rule=Host(`dns.${TRAEFIK_BASE_URL}`)"
- "traefik.http.routers.adguardhome.entrypoints=websecure"
- "traefik.http.routers.adguardhome.tls=true"
- "traefik.http.routers.adguardhome.tls.certresolver=cloudflare"
volumes:
docker-nfs:
driver: local
driver_opts:
type: nfs
o: addr=xxx.xxx.xxx.xxx,nolock,soft,rw,nfsvers=4.2
device: :/mnt/nfs-volume
networks:
agh_proxy:
name: agh_proxy
Environment Variables
# .env
TRAEFIK_BASE_URL=example.com
Traefik Configuration
# compose.yaml (excerpt)
services:
traefik:
image: traefik:latest
container_name: traefik
...
networks:
- traefik
# here
- agh_proxy
...
networks:
# here
agh_proxy:
name: agh_proxy