Last updated on 5 April 2025
Bridge Mode
Drop the compose below into your Project YAML section.
YAML
services:
pihole:
image: pihole/pihole:latest
container_name: pihole-bridge
cap_add:
- CAP_NET_RAW
- CAP_NET_BIND_SERVICE
- CAP_CHOWN
- CAP_SYS_NICE
- CAP_SYS_TIME
environment:
- PIHOLE_UID=1234 #CHANGE_TO_YOUR_UID
- PIHOLE_GID=65432 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- FTLCONF_webserver_api_password=YOURPASSWORD
- FTLCONF_dns_listeningMode=all
- DNSMASQ_USER=pihole
volumes:
- /volume1/docker/pihole:/etc/pihole
ports:
- 53:53/udp
- 8000:80/tcp
- 8443:443/tcp
labels:
- com.centurylinklabs.watchtower.enable=false
restart: unless-stoppedWe are now changing some settings to the YAML based on your User IDs and Timezone etc
| Section | Explanation |
|---|---|
| PIHOLE_UID= | This UID is the one you obtained when setting up your dockerlimited user in the earlier guide at the start of the page. This tells Pi-hole to run under this user rather than root and gives it access to the folders we created. |
| PIHOLE_GID= | As per the above this line will be the GID you obtained earlier. |
| TZ= | You will need to change this line to your own timezone code – you can find the correct list of ones to use on wikipedia.org/wiki/List_of_tz_database_time_zones |
| FTLCONF_webserver_ api_password= | Change this to the password you would like to use for the Web UI |
You can now jump ahead to Page 5 for the final configuration.
Using bridge network and a slightly different pihole mimage with unbound included, but as internal pihole image is same it should still apply.
I have 2 bridge yaml configurations which are almost identical (volumes are different) running on synology and on a orangepi5.
Now here the difference: on the opi5 I see the client addresses when I browse the pihole Query log.
When I do the same on synology, I see the bridge network def gw ip address.
Any clue? Do you have the same?
Only difference I have found so far is the difference in docker version. Synology is on 24.0.2 and opi5 is on 28.1.1
Complete config on synology:
[code]
services:
pihole-unbound:
container_name: pihole-unbound
image: mpgirro/pihole-unbound:2025.04.0
hostname: pihole4
domainname: home.local
ports:
# – 8006:443/tcp
– 53:53/tcp
– 53:53/udp
– 8002:8002/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
# – 5335:5335/tcp # Uncomment to enable unbound access on local server
# – 22/tcp # Uncomment to enable SSH
environment:
– PUID=1028 # Dockerlimited
– PGID=100
– PIHOLE_UID=1028
– PIHOLE_GID=100
– FTLCONF_LOCAL_IPV4=192.168.2.4
– TZ=Europe/Amsterdam
– FTLCONF_webserver_api_password=mypassword
– FTLCONF_webserver_interface_theme=default-light
– REV_SERVER=true
– REV_SERVER_DOMAIN=home.local
– REV_SERVER_TARGET=192.168.2.1
– REV_SERVER_CIDR=192.168.2.0/24
– FTLCONF_dns_revServers=true,192.168.2.0/24,192.168.2.1,home.local
– FTLCONF_dns_upstreams=127.0.0.1#5335
– FTLCONF_dns_dnssec=”true”
– FTLCONF_dns_listeningMode=single
– FTLCONF_webserver_port=8002s
– WEBTHEME=default-light
volumes:
– /volume2/docker/pihole/unbound:/etc/pihole:rw
– /volume2/docker/pihole/dnsmasq:/etc/dnsmasq.d:rw
restart: unless-stopped
labels:
– “com.centurylinklabs.watchtower.enable=true”
mem_limit: 1g
[/code]
Hey just getting back to this!!
I have severe internet issues at the moment due to a local issue so struggling even stay connected to Discord so pulling images just time out! – Once I get some normal connectivity I can test here (It’s been 5 days of issues so not sure when this will be!!)
Based on the GitHub your config looks logical, I don’t think the image supports the PUID and PGID variables so likely can get rid of those lines.
Any progress on the unbound portion of this posting?
Thanks in advance.
Hey Matt – I have been a bit restricted time and bandwidth wise recently – It will come back just a matter of getting some time to setup and test locally