RPi-Docker-Server-Setup

Before getting started

• Create a fresh install of Raspberry Pi OS with ssh enabled (add an empty file named ssh to the boot folder)
• Connect the Raspberry Pi to your network (make sure to use a trunk port and assign a static IP)
• ssh into the Pi

Prepare Raspberry Pi

Change default user password

passwd

Update Raspberry Pi

sudo apt update

sudo apt full-upgrade

Open raspberry pi configuration

sudo raspi-config

Change Raspberry Pi Hostname (raspi-config > System Options > Hostname)

Set Raspberry Pi Country (raspi-config > Localisation Options > WLAN Country)

Complete Set Up (Finish > Would you like to reboot now? > Yes)

Setup non-default user

Enable root SSH (If headless)

Enable root password

sudo passwd root

Edit SSH congif

sudo nano /etc/ssh/sshd_config

Modify #PermitRootLogin prohibit-password to:

PermitRootLogin yes

Restart SSH

sudo systemctl restart sshd

Rename pi user

Login to root account

ssh root@raspberrypi

Change pi username (Replace nilsstreedain with the username you'd like to use)

usermod -l nilsstreedain pi

Change home directory name (Replace nilsstreedain with the username you'd like to use)

usermod -m -d /home/nilsstreedain nilsstreedain

Logout of root account

logout

SSH Authentication With Public/Private Key Pair Instead of Password

On Raspberry pi

Create public key directory

mkdir ~/.ssh && chmod 700 ~/.ssh

On Mac

Generate Public/Private Key Pair

ssh-keygen -b 4096

Upload Public key from Mac to Linux (Replace nilsstreedain with the username you'd like to use)

scp ~/.ssh/id_rsa.pub nilsstreedain@raspberrypi:~/.ssh/authorized_keys

Disable root password

Diable root password

sudo passwd -l root

Disable ssh for root. Edit SSH congif

sudo nano /etc/ssh/sshd_config

Modify PermitRootLogin yes to:

#PermitRootLogin prohibit-password

Also disable ssh authentication with password. Modify #PasswordAuthentication yes to:

PasswordAuthentication no

Restart SSH

sudo systemctl restart sshd

Setup Auto-Updtaes

Install Unattanded Upgrades

sudo apt-get install unattended-upgrades

Start Unattended Upgrades

sudo dpkg-reconfigure --priority=low unattended-upgrades

Setup Firewall

Install Uncomplicated Firewall

sudo apt install ufw

Allow TCP on port 22 for SSH

sudo ufw allow 22/tcp

Enable Firewall

sudo ufw enable

Setup VLANs

Install vlan package

sudo apt install vlan

Create network interface config file for vlans

sudo nano /etc/network/interfaces.d/vlans

Configure vlan interfaces by adding

auto eth0.16
iface eth0.16 inet manual
  vlan-raw-device eth0

Restart pi's networking

sudo systemctl restart networking

Test config for an IP in each vlan

hostname -I

Setup Docker

Install dependencies

sudo apt-get install curl git

Install Docker

bash -c "$(curl -fsSL https://get.docker.com)"

Test Docker

sudo docker run --rm hello-world

Install Docker Compose

sudo apt-get -y install docker-compose-plugin

Setup Pi-Hole

Create a directory to setup Pi-Hole with Auto-Updating Blocklists

mkdir pihole pihole/etc-pihole-updatelists && cd pihole

Copy the pihole-updatelists config file to configure pihole-updatelists

sudo wget https://raw.githubusercontent.com/nilsstreedain/RPi-Docker-Server-Setup/main/pihole/pihole-updatelists/pihole-updatelists.conf -O etc-pihole-updatelists/pihole-updatelists.conf

Copy the docker-compose file to configure cloudflared, pi-hole, pihole-updatelists, and their respective networking

sudo wget https://raw.githubusercontent.com/nilsstreedain/RPi-Docker-Server-Setup/main/pihole/docker-compose.yml -O docker-compose.yml

Run docker-compose

sudo docker compose up -d

Set Pi-Hole password

sudo docker exec -it pihole sudo pihole -a -p

Updating Pi-Hole and other Docker containers

When you need to update Pi-Hole, ssh into the raspberry pi and navigate to ~/pihole

cd ~/pihole

Pull the latest Pi-Hole docker updates

sudo docker pull jacklul/pihole

Then re-run docker-compose to build and run the new updated containers

sudo docker compose up -d --force-recreate