AdGuard Home installation and use refers to the north
Why don't people like ads and trackers?
A good product, need to be widely reported, in order to survive, a good film, need to be widely reported, only a good box office. So there's advertising. From the initial word-of-mouth development to today's "thousands of people, guess what you like", advertising has evolved from a one-way form of communication to a dedicated delivery based on personal preferences, the user's right to accept from active to passive.
But when advertising is always flooding our lives, watching the news there are patch ads, brushing friends circle has Oba's interactive ads, watching TV dramas have 90 seconds of headline ads, small sites also have the feelings of online licensing, in "15 million value" ((Netflix episode "Black Mirror"In a house surrounded by screens, the male owner lives in a screen around the clock to play ads, want to block ads can only choose to pay, even after you block ads will remind users "for the continued development of the site, please turn off the ad blocking plug-in", in order to normal browsing the web, users can only compromise.
Not all ads are intrusive, user-impact ads, and there's no shortage of well-produced, well-experienced ads, presented by The Coalition for Better Ads Better Ads Standards[1] Side-bar ads, small patch ads, top-bar/bottom ads have less impact on the user's browsing experience, while floating-window ads, large/full-screen patch ads, and auto-playing video ads can affect the user's mood. And users can only choose to block all, advertisers' earnings will be greatly affected. In addition to ads, information-gathering and analytics tools, such as Google Analytics, are blocked to help site owners improve website operations and provide better content without untringly violating users' privacy.
How does the ad blocking /anti-tracking plug-in work?
The implementation principle of ad blocking plug-in can be divided into three kinds -- URL match blocking, traffic filtering, web DOM filtering. The first two belong to Request Blocking, which belongs to Page Code Filtering and CSS Injection and JavaScript (来源:AdGuard: How ad blocking works)。
Url matches masking
Advertising alliance advertising resources are usually placed separately from the site, to Baidu Alliance, for example, Baidu Alliance's advertising domain name https://cpro.baidustatic.com/ , so we can mask separately from https://cpro.baidustatic.com/ without affecting the proper loading of the site's content. When the site domain name is the same as the ad resource domain name, url-based ads are blocked as if they were "South Orange North."
Web doM filtering
DOM(Document Object Model, file object model), in the W3C DOM standard (W3C DOM is a platform- and language-neutral interface that allows programs and scripts to dynamically access and update the content, structure, and style of documentsAny label or element in a Web page is a node in a tree structure. Web DOM filtering ads compensate for blocking ads based on matching URLs, targeting the ad DOM element through CSS3 Selector and using them display=none!important and other syntax to hide ads. The DOM filtering process occurs when a page is loaded, with the disadvantage that new ad content loaded through Ajax and Pjax cannot be blocked.
Traffic filtering
Set up filters at the physical/virtual gateway to block traffic with advertising characteristics, such as websites that use Https encryption, and take MITM (Man-in-the-middle attack,Man-in-the-middle attackDecrypting https encrypted traffic and blocking ad traffic in it is a feature that is common in some third-party router firmware, such as KoolProxy and ad blocking guru Plus.
Before decrypting, the client needs to install and trust the certificate generated by the ad blocking software, and if the website has Https encryption and needs to verify the certificate, traffic filtering ad blocking will affect the normal browsing of the page. In addition, if the device performance is low, this interception method will slow down the network speed to some extent.
We used to use ad blocking and privacy protection plug-ins like AdBlock Plus, AdGuard, Ghostery, and uBlock Origin on our computer browsers to remove disturbing ads from our web pages. For Android and iOS, system permissions are limited (Such as root permissions, system certificates, and user certificates), filter mode, want to be on the phone「It takes a while to find a piece of clean soil.
After the above method only for a single device to take effect, with the increase in the number of devices, one by one to set up very troublesome, in addition to increasing the cost of software subscriptions, in the face of smart TVs, smart speakers, traditional ad blocking software is difficult to cope with. And if you're using soft routing, NAS, or even Raspberry Pi in your home, try installing DNS ad blocking software on it for gateway-level ad blocking.
The DNS ad filter you're introducing today is AdGuard Home, developed by the AdGuard team.
AdGuard Home is an all-web ad blocking and anti-tracking software. Once you've installed it, it protects all your home devices, and you no longer need to install any client software. With the rise of the Internet of Things and connected devices, it's becoming increasingly important to take control of your own entire network environment.
—— AdGuard Home
AdGuard Home is a private DNS service side of AdGuard Open Source that enables ad blocking and privacy anti-tracking of global domain networks simply by deploying it at the gateway. During DNS resolution, URLs within the matching rule library are intercepted, and in the client, web doMs can also be blocked through custom filtering rules.
How do I install AdGuard Home?
AdGuard Home based on Golang,Official support[2] Runs within Linux 32-bit / 64-bit / ARM (v6 / v7)/MIPS, FreeBSD, Windows, macOS, Docker, and maintained by third-party developers OpenWrt package[3] 、Home Assistant expansion[4]And. Arch Linux[5] 。
Due to space limitations, the following will show you how to install and configure AdGuard Home on NAS (System: Debian 10) and Windows PC (System: Windows 10), and check out the introductions or tutorials for netizens in AdGuard Home - Wiki for other devices. DNS servers in a local area network are recommended to run on long-term power-on devices such as soft-routed, NAS, or Raspberry Pi to avoid DNS not being resolved properly due to device shutdowns.
I do not recommend running tools such as AdGuard Home and Pi-Hole on a regular router, which has a significant impact on the operational efficiency of AdGuard Home. According to my tests, Pi-Hole empty loads use 15MB of memory (excluding cache), AdGuard Home empty loads take up 20MB of memory (excluding cache), AdGuard Home takes up 700MB of memory (including cache) with 13 units, and filter rules 74,000 plus.
AdGuard Home supports installation and operation in binary, Docker containers, and can be installed in the right way according to your personal preferences. Docker installations are recommended if the system running the device involves the operation of important businesses, such as NAS file storage, Web servers, and so on, and is not susceptible to business applications.
•The following tutorials require a certain foundation for computer operation, router usage, and server usage•The information you need to use below is shown below, and the settings vary from user to user •NAS LAN IP: 10.2.168.100 •AdGuard Home Back office: http://10.2.168.100:3000 •Private AdGuard Home DNS address: 10.2.168.100:53
Download and install AdGuard Home
To. AdGuard Home website[6] Download the installation package.
Windows system
Download the binary
Download using the browser/download tool: https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_amd64.zip
The decompression package is obtained AdGuardHome.exe File.
Will. AdGuardHome.exe Move to C:\Program Files\AdGuard_Home folder
Open the command prompt as an administrator and execute the following command
cd "C:\Program Files\AdGuard_Home".\AdGuardHome.exe --service install
When prompted AdGuard Home is successfully installed and will automatically start on boot. This means that AdGuard Home was successfully installed on the current system. The address and port that manages the background are displayed on the command line, which is the default http://IP:3000。
Linux system
Linux users are required to log into the SSH using the root user and execute commands for the corresponding system version.
Download, unzim, and move binary files
#Linux x64wget https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_amd64.tar.gz -O AdGuardHome.tar.gz#Linux i386wget https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_386.tar.gz -O AdGuardHome.tar.gz#Linux ARMv7wget https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz -O AdGuardHome.tar.gz#Linux ARMv6wget https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz -O AdGuardHome.tar.gz
For ease of management, we moved the binary to /usr/local/AdGuard_Home/ folder.
#解压tar xvf AdGuardHome.tar.gz#移动文件mkdir /usr/local/AdGuard_Homemv AdGuardHome/AdGuardHome /usr/local/AdGuard_Home
Install AdGuard Home into the system
cd /usr/local/AdGuard_Home./AdGuardHome --service install
When prompted AdGuard Home is successfully installed and will automatically start on boot. This means that AdGuard Home was successfully installed on the current system. The address and port that manages the background are displayed on the terminal, which is the default http://IP:3000。
Docker container
In addition to installing directly into the system, we can also install AdGuard Home with Docker. For a tutorial on installing Docker and adding Docker mirror feeds, search for yourself.
Deployment preparation
#拉取 image of AdGuard Home Dockerdocker pull adguard/adguardhome#设置 where AdGuard Home's profile is storedmkdir /etc/AdGuard_Home/
Create a container
#创建 the AdGuard Home containerdocker run \--name AdGuard_Home \-v /etc/AdGuard_Home/:/opt/adguardhome/work \-v /etc/AdGuard_Home/:/opt/adguardhome/conf \-p 53:53/tcp -p 53:53/udp -p 67:67/udp -p 70:68/tcp -p 70:68/udp -p 3000:80/tcp -p 446:443/tcp -p 853:853/tcp -p 3000:3000/tcp \--restart=always \-d adguard/adguardhome
Be sure to check for port conflicts before creating containers, because my NAS uses OpenMediaVault, 53 (local DNS server in Debian / Ubuntu system), 68 (DHCP client), 80 (OpenMediaVault web background), 443 (Https) ports will conflict, so the corresponding ports can be adjusted to 70, 446, 3000, 53 port conflicts can be resolved by shutting down the local DNS server. If a port is occupied, it can be used netstat-tunlp Grep port number The query occupies the process.
After the container is successfully deployed, pass http://IP:3000 A successful opening of the installation interface indicates a successful deployment.
Initialize the settings
Go to the installation wizard
Open the background of AdGuard Home in your browser, go to the installation wizard, and click "Start Configuration." The default background address is:http://IP:3000/
Set up the network interface
Change the background access port to 3000 to avoid conflicts with the 80 ports in the NAS background, and keep the DNS port at 53.
Set up an administrator account
Complete the initialization setup
Post-configuration
Once the installation is complete, we need to set up further and optimize it as needed.
General settings
•Filter update interval: The default update interval for DNS filter lists, typically 3 days to 7 days•Use AdGuard's Browse Safe web service: Similar to Chrome web security checks, AdGuard proactively blocks and pops up prompts when a user visits a potentially threatening website•Use the AdGuard "parental control" service: If you have an adult child in your home, it is recommended to turn it on and avoid visiting bad websites•Forced Safe Search: Hide inappropriate content such as Bing, Google, Yandex, NSFW on YouTube•Query record retention time: The AdGuard Home service uses sqlite file databases to store logs, and long retention can slow down while taking up a lot of storage space, with home users typically keeping it for 7 to 30 days•Statistics retention time: Data display for dashboards, typically for 7 to 30 days
DNS settings
•Upstream DNS Servers: The upstream DNS servers of AdGuard Home can be found in the recommended list below, generally with 1 to 2. In addition to being an ad filter gateway, AdGuard Home can also avoid DNS hijacking by carriers if pure DNS is set•BootStrap DNS server address: As a pre-DNS resolver for DoH/DoT DNS, you can refer to the recommended list below•Query mode, speed limit, EDNS, DNSSEC, blocking mode, DNS cache settings, access settings can be adjusted as needed, generally keep the default settings
DNS server recommendations
The speed at which you connect to DNS servers varies from region to region, and you can find the DNS server with the lowest local connection latency by pinging the speed measurement. More DNS servers are available AdGuard documentation[7]found in .
Due to layout restrictions, please go to the original text to view the form
DNS blocking list
In order to better play the AdGuard Home de-advertising function, relying on the default filtering rules is not enough, but it should not be too much, too many filtering rules will affect the speed of resolution, you can add filtering rules as needed.
Due to layout restrictions, please go to the original text to view the form
Replace device DNS
Once AdGuard Home is set up, you can deploy AdGuard Home's DNS address to a local area network device.
Change the router DNS address
The methods for modifying different brands of routers vary, referred to the instructions or online tutorials (Router Model s change DNS), as in the case of the Redmi AC2100 router below.
Open and log on to the router's background management page.
Find THE DNS settings in your LAN settings, change your preferred DNS server to the DNS address of AdGuard Home, and set up as another DNS service provider to avoid local area network inability to access the Internet due to downtime of the AdGuard Home server. When the changes are complete, click Save. After the router changes DNS, DNS resolution for all devices within the LAN is done through AdGuard Home DNS, enabling filtering advertising and anti-privacy tracking.
Change your phone's DNS address
Android devices
•Go to Settings - Network and Internet - Wi-Fi and click the Settings button on the side of the currently connected network•Click the "Edit" button on the Wi-Fi details page•Find "IP Settings"•Enter the device's IP, gateway, and AdGuard Home server addresses, respectively
iOS devices
•Go to Settings - Wi-Fi and click on the name of the currently connected network•Find "Configure DNS" on the Wi-Fi Details page•Switch to manual settings and enter the AdGuard Home server address
Change your computer's DNS address
macOS device
•Open Network Preferences, select the currently connected network, and click the Advanced button at the bottom right•Switch to the DNS tab and fill in the AdGuard Home server address
Windows devices
•Turn on Windows Settings - Network and Internet and click Change Adapter Options•Select the wired/wireless card and click on the toolbar "Change the settings for this connection"•Find "Internet Protocol Version 4" and click the "Property" button•Fill in the DNS server and click the "Edit" button
Use effects
After using AdGuard Home to process DNS requests in a local area network for 12 hours, 6% of DNS requests are blocked. On the client side, floating-window ads and page-bounces can be blocked while browsing the web, and some privacy tracking services are blocked by AdGuard.
Of course, AdGuard Home isn't 14-escity either, as the official document says, with content blocking tools such as Adblock Plus, AdGuard, and uBlock Origin in the face of the same ad resource domain name, Twitch ads, YouTube video ads, and sponsored tweets on social platforms abroad.
Problems.
Port conflict
Running AdGuard Home on a Linux device typically results in 53 (local DNS servers), 68 (DHCP clients), 80 (Https), and 443 (Https) port conflicts that can be resolved netstat-tunlp Grep port number The query occupies the process. There are two solutions: use different ports and deactivation of conflicting processes.
If you are running AdGuard Home as Docker, it appears listen udp 0.0.0.0:53: bind: address already in use tips that need to be handled manually.
#停止 DNSStubListenersystemctl stop systemd-resolved#创建文件夹 (if not present)mkdir /etc/systemd/resolved.conf.d/#使用 create a profile with Nanonano /etc/systemd/resolved.conf.d/adguardhome.conf
Paste the following in the editor:
[Resolve]DNS=127.0.0.1DNSStubListener=no
After saving, execute the following command.
#创建备份sudo mv /etc/resolv.conf /etc/resolv.conf.backup#将 /etc/resolv.conf 链接至 /run/systemd/resolve/resolv.confln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf#重启 DNSStubListenersystemctl restart systemd-resolved
Use when you're done netstat -tunlp | grep 53 The command checks if there are still processes occupying the 53 ports, and if there is no conflict, restart the AdGuard Home container.
How long is the average processing time?
There are several factors that can take AdGuard Home too long to process:
•Local-to-upstream DNS speed: If the local carrier's DNS does not have DNS hijacking and poisoning issues, it is recommended to use the carrier DNS plus public DNS scheme, DNS speed can be compared by ping value. And in AdGuard Home, you choose to handle DNS requests in a "parallel request" manner Browse security, home control, and mandatory secure search services: all three features that do not go through DNS caches when DNS requests are made, directly to upstream DNS servers, slowing down AdGuard Home processing•IPv6: If you are using broadband and the campus network does not support IPv6, you can disable resolution IPv6 to improve response speed•Filtering rules: Too many filtering rules can affect the speed of response, preferring to choose the rule that best suits you, generally keep 3 to 4 ad filtering rules.•Statistical cycle: After completing the above optimization, it is found that the average processing time has not changed much, the use experience is not slow, it is possible that the statistical cycle is too long, the results before the optimization will be counted, resulting in the results before and after the optimization is not much different. Reduce the dashboard's statistical cycle to 24 hours and take a look.
The usage experience after completing the above steps is worse than not using AdGuard Home, and the problem is a bit serious. This is when you need to look up AdGuard Home's logs to find the cause of the problem.
Some pages were mistakenly killed by AdGuard Home
If some pages are mistakenly killed by AdGuard Home, you can look in AdGuard Home's logs for intercepts. If there is a conflict with the rule, you need to add the mansoeed URL to the whitelist through a custom filter rule, or select another filter rule. Common conflicts include Google Analytics, ad networks, and more.
Custom filtering rules
AdGuard Home's filtering rules are compatible with Adblock syntax, Hosts syntax, and Domain-only syntax. Specific usage can be used by reference to the AdGuard Grammar Rules - How to Create Your Own Ad Filters ()https://www.leeyiding.com/archives/50/)。
Can I use AdGuard Home DNS with the Surge/Clash gateway?
OK. Surge and Clash are available separately dns-server And. dns-nameserver Field for the user to modify the DNS resolution server, just fill in the profile with the DNS server address of AdGuard Home.
The last words
If you have a need to get rid of ads on multiple devices, and you happen to have a raspberry pi, soft route, NAS and even an old computer that glows, AdGuard Home might be a good choice to bring you a refreshing online world. Similar tools include Pi-Hole, which, when upgraded to version 5.0, is not much different from AdGuard Home except for a lack of multilingual support, fewer built-in filter choices, and less compatibility than AdGuard Home.
References
•AdGuard Home Wiki•AdGuard: How ad blocking works•How to run AdGuard Home in Docker with 'resolved' daemon
•Want a "clean" web browsing experience? You need this platform-wide advertising guide•AdGuard Grammar Rules - How to create your own ad filters•W3C DOM•The Coalition for Better Ads - Better Ads Standards
The reference link
[1] Better Ads Standards: https://www.betterads.org/standards/[2] Official support: https://adguard.com/zh_cn/adguard-home/overview.html[3] OpenWrt Package: https://github.com/rufengsuixing/luci-app-adguardhome[4] Home Assistant Expansion: https://github.com/hassio-addons/addon-adguard-home[5] Arch Linux: https://aur.archlinux.org/packages/adguardhome/[6] AdGuard Home Website: https://adguard.com/zh_cn/adguard-home/overview.html[7] AdGuard documentation: https://kb.adguard.com/zh/general/dns-providers[8] AdGuard Home Wiki: https://github.com/AdguardTeam/AdGuardHome/wiki[9] How to run AdGuard Home in Docker with 'resolved' daemon: https://hub.docker.com/r/adguard/adguardhome[10] Want a "clean" web browsing experience? You need this platform-wide advertising guide: https://sspai.com/post/56617[11] AdGuard Grammar Rules - How to create your own ad filters: https://www.leeyiding.com/archives/50/[12] W3C DOM: https://www.w3.org/TR/dom41/#introduction-to-the-dom[13] The Coalition for Better Ads - Better Ads Standards: https://www.betterads.org/standards/
Send to the author