Thursday, October 15, 2020

Setup AdGuard Home on DigitalOcean - 1 Basic Setup (from scratch)

Its time we all focus on reducing screen time and being distracted by getting common ad serving platforms blocked from my personal devices. On my laptop I usually have an ad-blocker installed in the browser but for my mobile devices I currently don't use any adblockers. So it will be useful in setting up a DNS level adblocker that I can share with my family and friends as needed.

After doing some research on platforms available I decided to give adguard home a try. given it acts as a DNS server it can be replaced later without any issues later on.

Once the functional aspects are setup properly, I will have time to worry about non functional requirements (security / backup, restore / monitoring / performance / cost efficiency / high availability / etc..)

heres the steps I followed:
  1. https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
  2. https://frankindev.com/2019/11/26/doh-dot-based-on-adguardhome/
    1. sudo apt get update
    2. sudo apt get upgrade
    3. sudo apt install bind9-host (this is auto installed)
    4. sudo mkdir /etc/adguardhome
    5. sudo chown sammy:sammy /etc/adguardhome
    6. wget https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz
    7. sudo ./AdGuardHome -s install
    8. sudo ufw allow <port number for webportal>
    9. setup via webportal
    10. sudo apt install software-properties-common
    11. sudo add-apt-repository ppa:certbot/certbot
    12. sudo apt update
    13. sudo apt install certbot
    14. sudo certbot certonly --manual --preferred-challenges=dns
    15. go through the steps and setup the certificates
    16. go to Adguard webportal encryption settings and follow the steps
  3. Setup android device DNS over HTTPS
    1. download nebulo app from app store
    2. add the new server via DNS over TLS or DNS over HTTPS
    3. go back and refresh dashboard to see if the new client is registered
  4. Setup OSX device
    1. Todo
  5. Setup IOS device
    1. Todo
  6. UFW block for regional IP addresses 
    1. https://scottlinux.com/2013/08/30/block-geo-region-list-of-ips-with-ufw-in-linux/
    2. download the ip list with CIDR format and copy it over to the server
    3. while read line; do sudo ufw delete allow from $line; done < cdir-list.txt
    4. while read line; do sudo ufw allow from $line to any port 9003; done < cdir-list.txt
  7. Take backup of the server

Additional reading material:
  • https://medium.com/@nykolas.z/troubleshooting-dns-over-https
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)