Categories
SecOps

How to install AdGuard Home

Install AdGuard Home Network-wide ads & trackers blocking DNS server.

I am using Pi-Hole with Unbound to perform DNS blocking, but AdGuard Home is an interesting alternative, so it’s worth checking it out.

Open AdGuardHome to get current release.

$ sudo wget --directory-prefix /opt https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.105.2/AdGuardHome_linux_amd64.tar.gz 

Extract downloaded archive.

$ sudo tar -xzf /opt/AdGuardHome_linux_amd64.tar.gz -C /opt/

Install service file.

$ sudo /opt/AdGuardHome/AdGuardHome --service install
2021/03/25 22:14:23 [info] Service control action: install
2021/03/25 22:14:23 [info] Service has been started
2021/03/25 22:14:23 [info] Almost ready!
AdGuard Home is successfully installed and will automatically start on boot.
There are a few more things that must be configured before you can use it.
Click on the link below and follow the Installation Wizard steps to finish setup.
2021/03/25 22:14:23 [info] AdGuard Home is available on the following addresses:
2021/03/25 22:14:23 [info] Go to http://127.0.0.1:3000
2021/03/25 22:14:23 [info] Go to http://[::1]:3000
2021/03/25 22:14:23 [info] Go to http://172.16.7.8:3000
2021/03/25 22:14:23 [info] Action install has been done successfully on linux-systemd

Service will be running, but it needs to be stopped at this moment.

$ systemctl status AdGuardHome.service 
* AdGuardHome.service - AdGuard Home: Network-level blocker
     Loaded: loaded (/etc/systemd/system/AdGuardHome.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-03-25 22:14:23 UTC; 21s ago
   Main PID: 1191 (AdGuardHome)
      Tasks: 7 (limit: 531)
     Memory: 11.7M
        CPU: 57ms
     CGroup: /system.slice/AdGuardHome.service
             `-1191 /opt/AdGuardHome/AdGuardHome -s run
$ sudo systemctl stop AdGuardHome.service 

Create a designated user.

$ sudo adduser --home /opt/AdGuardHome --shell /bin/bash --gecos AdGuardHome --disabled-password adguardhome 

Change application ownership.

$ sudo chown -R adguardhome:adguardhome /opt/AdGuardHome

Create a systemd drop-in directory.

$ sudo mkdir /etc/systemd/system/AdGuardHome.service.d   

Define service user and group.

$ echo -e "[Service]\nUser=adguardhome\nGroup=adguardhome\n" | sudo tee /etc/systemd/system/AdGuardHome.service.d/user.conf
[Service]
User=adguardhome
Group=adguardhome

Reload the systemd manager configuration.

$ sudo systemctl daemon-reload

Ensure that the application can open port numbers less than 1024.

$ sudo setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /opt/AdGuardHome/AdGuardHome
$ sudo getcap /opt/AdGuardHome/AdGuardHome
/opt/AdGuardHome/AdGuardHome cap_net_bind_service,cap_net_raw=eip

Start service.

$ sudo systemctl start AdGuardHome.service 

Open port 3000 using web-browser to perform initial configuration.

The configuration will be stored using a YAML file.

$ ls -l /opt/AdGuardHome/AdGuardHome.yaml 
-rw-r--r-- 1 adguardhome adguardhome 2715 Mar 25 22:30 /opt/AdGuardHome/AdGuardHome.yaml