Pi-hole on Docker Compose

.yaml:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # Web admin → map to a high port on host so NGINX can proxy to it without conflict
      - "80:80/tcp"   # Or pick any free port like 8080:80, 8000:80, etc.
      # DNS ports → these MUST stay exposed on the host (for ad-blocking to work network-wide)
      - "53:53/udp"
      - "53:53/tcp"
      # Uncomment if you want Pi-hole to handle DHCP too (requires NET_ADMIN cap below)
      #- "67:67/udp"
    environment:
      TZ: 'America/Los_Angeles'          # Update to your timezone (you're in Anaheim, CA)
      FTLCONF_webserver_api_password: 'correct horse battery staple'  # Change this!
      # Optional but useful for reverse proxy setups:
      VIRTUAL_HOST: pi.hole              # Helps some auto-proxy tools, but not required for manual NGINX
      # If you need Pi-hole to listen on all interfaces for DNS (common in Docker bridge network)
      FTLCONF_dns_listeningMode: 'all'
    volumes:
      - './data:/etc/pihole'
      # - './etc-dnsmasq.d:/etc/dnsmasq.d'   # Uncomment if you use custom dnsmasq configs
    cap_add:
      - NET_ADMIN                        # Required for DNS (and DHCP if enabled)
    restart: unless-stopped