Merge pull request #1777 from pi-hole/development

2025.03.0

Author: PromoFaux

README.md

@@ -67,8 +67,10 @@ services:
       - "80:80/tcp"
       # Default HTTPs Port. FTL will generate a self-signed certificate
       - "443:443/tcp"
-      # Uncomment the below if using Pi-hole as your DHCP Server
+      # Uncomment the line below if you are using Pi-hole as your DHCP server
       #- "67:67/udp"
+      # Uncomment the line below if you are using Pi-hole as your NTP server
+      #- "123:123/udp"
     environment:
       # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
       TZ: 'Europe/London'
@@ -139,6 +141,7 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''`.
 | `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the [API Documentation](https://docs.pi-hole.net/api).<br><br>Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`.<br/>Array type configs should be delimited with `;`.|
 | `PIHOLE_UID` | `1000` | Number | Overrides image's default pihole user id to match a host user id.<br/>**IMPORTANT**: id must not already be in use inside the container!|
 | `PIHOLE_GID` | `1000` | Number | Overrides image's default pihole group id to match a host group id.<br/>**IMPORTANT**: id must not already be in use inside the container!|
+| `WEBPASSWORD_FILE` | unset| `<Docker secret file>` | Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `FTLCONF_webserver_api_password` is set, `WEBPASSWORD_FILE` is ignored. If `FTLCONF_webserver_api_password` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file, then `FTLCONF_webserver_api_password` will be set to the contents of `WEBPASSWORD_FILE`. |
 
 ### Advanced Variables
 

src/Dockerfile

@@ -82,6 +82,7 @@ COPY --chmod=0755 start.sh /usr/bin/start.sh
 EXPOSE 53 53/udp
 EXPOSE 67/udp
 EXPOSE 80
+EXPOSE 123/udp
 EXPOSE 443
 
 ## Buildkit can do some fancy stuff and we can use it to either download FTL from ftl.pi-hole.net or use a local copy
@@ -98,7 +99,7 @@ RUN if   [ "$TARGETPLATFORM" = "linux/amd64" ];    then FTLARCH=amd64; \
     elif [ "$TARGETPLATFORM" = "linux/riscv64" ];  then FTLARCH=riscv64; \
     else FTLARCH=amd64; fi \
     && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \
-    && if [ "${FTL_BRANCH}" = "master" ]; then URL="https://github.com/pi-hole/ftl/releases/latest/download"; else URL="https://ftl.pi-hole.net/${FTL_BRANCH}"; fi \    
+    && if [ "${FTL_BRANCH}" = "master" ]; then URL="https://github.com/pi-hole/ftl/releases/latest/download"; else URL="https://ftl.pi-hole.net/${FTL_BRANCH}"; fi \
     && curl -sSL "${URL}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \
     && chmod +x /usr/bin/pihole-FTL \
     && readelf -h /usr/bin/pihole-FTL || (echo "Error with downloaded FTL binary" && exit 1) \
@@ -112,6 +113,6 @@ RUN  readelf -h /usr/bin/pihole-FTL || (echo "Error with local FTL binary" && ex
 # Use the appropriate FTL Install stage based on the FTL_SOURCE build-arg
 FROM ${FTL_SOURCE}-ftl-install AS final
 
-HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig -p $(pihole-FTL --config dns.port) +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 ENTRYPOINT ["start.sh"]

src/bash_functions.sh

@@ -189,6 +189,11 @@ migrate_v5_configs() {
 }
 
 setup_web_password() {
+    if [ -z "${FTLCONF_webserver_api_password+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "/run/secrets/${WEBPASSWORD_FILE}" ]; then
+        echo "  [i] Setting FTLCONF_webserver_api_password from file"
+        export FTLCONF_webserver_api_password=$(<"/run/secrets/${WEBPASSWORD_FILE}")
+    fi
+
     # If FTLCONF_webserver_api_password is not set
     if [ -z "${FTLCONF_webserver_api_password+x}" ]; then
         # Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount)

src/start.sh

@@ -11,8 +11,6 @@ TRAP_TRIGGERED=0
 
 start() {
 
-  local v5_volume=0
-
   # The below functions are all contained in bash_functions.sh
   # shellcheck source=/dev/null
   . /usr/bin/bash_functions.sh

test/Dockerfile

@@ -1,5 +1,5 @@
-ARG alpine_version="3.20"
-ARG docker_version="27.1.1"
+ARG alpine_version="3.21"
+ARG docker_version="28.0.0"
 
 FROM docker:${docker_version}-cli-alpine${alpine_version}