AdGuard Home:客製化 DNS 解析伺服器 (支援 DoH/DoT)
硬體配置:
1c 256M 4g 即可(開高我也沒意見)
大量清單建議:2c 4G 16G
安裝方式:
到 Github 選擇對應 OS 安裝包 下載 解壓縮執行安裝即可
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.105.2/AdGuardHome_linux_amd64.tar.gz
tar zxvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome/
sudo ./AdGuardHome -s install或使用一鍵安裝包:
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -vIP:3000 進入網頁設定(預設值即可)
一般設置
DNS設置
上游的 DNS 伺服器:
1.1.1.2
1.0.0.2
168.95.192.1
8.8.8.8
quic://dns-unfiltered.adguard.com:784
https://dns.google/dns-query
tls://dns.google
https://dns.cloudflare.com/dns-query
https://security.cloudflare-dns.com/dns-query自我啟動(Bootstrap)DNS 伺服器:
tls://1.1.1.1
tls://8.8.8.8
tls://8.8.4.4勾選同時查詢 DNS
RBL清單:
預設內建可以全勾之後,以下可以參考新增:
#NeoHost
https://cdn.jsdelivr.net/gh/neoFelhz/[email protected]/127.0.0.1/full/hosts
#CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts
#StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
#ABP
https://bestpika.github.io/abp/yui.txt
https://gist.github.com/bestpika/5e414a4f60b2a996a6fb31ec592a56b4/raw/hide.txt
https://filters.adtidy.org/extension/ublock/filters/3.txt
https://filters.adtidy.org/extension/ublock/filters/15.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/badware.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resource-abuse.txt
https://raw.githubusercontent.com/Yhonay/antipopads/master/popads.txt
https://raw.githubusercontent.com/NanoAdblocker/NanoFilters/master/NanoFilters/NanoTimer.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjxlist.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt
https://280blocker.net/files/280blocker_adblock.txt
https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-easylist.txt
#AAK
https://easylist-downloads.adblockplus.org/antiadblockfilters.txt
https://raw.githubusercontent.com/jspenguin2017/uBlockProtector/master/uBlockProtectorList.txt
#Other
https://filter.futa.gg/filter.txt
https://filter.futa.gg/hosts.txt
https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt
https://filter.futa.gg/nofarm_hosts.txt
https://filter.futa.gg/removeparam.txt
https://filter.futa.gg/experimental.txt
https://filter.futa.gg/hide_farm_from_search.txt
https://anti-ad.net/easylist.txt
https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/all.txt
https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/skyrules.txt
#Xuan2host_Filter
https://pvecli.xuan2host.com/Filter/Xuan2host_Filter.txt
#LegitimateURLShortener
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
ChinaList+EasyList
http://sub.adtchrome.com/adt-chinalist-easylist.txt
#EasyList China 中文補充規則
https://easylist-downloads.adblockplus.org/easylistchina.txt
#xinggsf乘風廣告過濾規則
https://gitee.com/xinggsf/Adblock-Rule/raw/master/rule.txt自訂過濾規則:
Let's Encrypt:
先利用其他域名證書讓 nginx -t 檢查通過之後 CF DNS 直通 Let's Encrypt 簽發證書回傳:
server
{
listen 80;
server_name agh.yourdomain;
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl http2;
server_name agh.yourdomain;
root /dev/null;
ssl_certificate /etc/letsencrypt/live/agh.yourdomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/agh.yourdomain/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
location / {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://10.0.1.191;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf|css|js)$ {
proxy_pass https://10.0.1.191;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /dns-query {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://10.0.1.191:443/dns-query;
}
}然後利用 proxy 取得的 ssl 證書拷貝至 AdGuard Home 加密頁面, 填寫相同域名,不勾選 HTTP to HTTPS 之後,生效收工。
如果不小心開啟安全搜尋請先關閉之後進入 Youtube 將嚴格篩選模式關閉:
驗證 DoT 以及 DoH >> https://github.com/ameshkov/dnslookup
apt install golang
git clone https://github.com/ameshkov/dnslookup
cd dnslookup
make
./dnslookup www.google.com https://adg.yourdomain/dns-queryor 使用此測試:
time nslookup www.google.com agh.yourdomain其他封鎖清單:
https://github.com/tasi788/abp
https://github.com/privacy-protection-tools/anti-AD
Configuration:
bind_host: 0.0.0.0
bind_port: 80
beta_bind_port: 0
users:
- name: Username
password:
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: zh-tw
rlimit_nofile: 0
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 10.0.1.191
port: 53
statistics_interval: 90
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 90
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 1.1.1.2
- 1.0.0.2
- 168.95.192.1
- 8.8.8.8
- 168.95.1.25
- quic://dns-unfiltered.adguard.com:784
- https://dns.google/dns-query
- tls://dns.google
- https://dns.cloudflare.com/dns-query
- https://security.cloudflare-dns.com/dns-query
upstream_dns_file: ""
bootstrap_dns:
- tls://1.1.1.1
- tls://8.8.8.8
- tls://8.8.4.4
all_servers: true
fastest_addr: false
allowed_clients: []
disallowed_clients:
- 195.37.190.77
- 88.152.11.31
- 27.115.124.74
- 47.245.54.133
blocked_hosts:
- version.bind
- id.server
- hostname.bind
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
bogus_nxdomain: []
aaaa_disabled: true
enable_dnssec: true
edns_client_subnet: false
max_goroutines: 50
ipset: []
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
local_domain_name: lan
resolve_clients: true
local_ptr_upstreams: []
tls:
enabled: true
server_name: agh.
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: |-
private_key: |-
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: true
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
- enabled: true
url: https://cdn.jsdelivr.net/gh/neoFelhz/[email protected]/127.0.0.1/full/hosts
name: neoHosts
id: 1587358099
- enabled: true
url: https://zerodot1.gitlab.io/CoinBlockerLists/hosts
name: CoinBlocker
id: 1587358920
- enabled: true
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
name: StevenBlack
id: 1587358921
- enabled: true
url: https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS/HOSTS
name: CHEF-KOCH NASBlocklist
id: 1587358922
- enabled: true
url: https://bestpika.github.io/abp/yui.txt
name: 廣告退散
id: 1587659743
- enabled: true
url: https://gist.github.com/bestpika/5e414a4f60b2a996a6fb31ec592a56b4/raw/hide.txt
name: 廣告退散 禁則事項
id: 1587659744
- enabled: true
url: https://filters.adtidy.org/extension/ublock/filters/3.txt
name: AdGuard Tracking Protection filter
id: 1587659745
- enabled: true
url: https://filters.adtidy.org/extension/ublock/filters/15.txt
name: AdGuard DNS filter
id: 1587659747
- enabled: true
url: https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/badware.txt
name: uBlock filters – Badware risks
id: 1587659748
- enabled: true
url: https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resource-abuse.txt
name: uBlock filters – Resource abuse
id: 1587659749
- enabled: true
url: https://raw.githubusercontent.com/Yhonay/antipopads/master/popads.txt
name: Anti popads.net
id: 1587659750
- enabled: true
url: https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjxlist.txt
name: CJX's EasyList Lite
id: 1587659752
- enabled: true
url: https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt
name: CJX's Annoyance List
id: 1587659753
- enabled: true
url: https://280blocker.net/files/280blocker_adblock.txt
name: 280blocker for japanese mobile site
id: 1587659754
- enabled: true
url: https://raw.githubusercontent.com/jspenguin2017/uBlockProtector/master/uBlockProtectorList.txt
name: uBlockProtectorList
id: 1587659756
- enabled: true
url: https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-easylist.txt
name: anti-ad-easylist
id: 1587659757
- enabled: true
url: https://futaguard.github.io/FutaFilter/hosts.txt
name: FutaFilter_Hosts
id: 1589653537
- enabled: true
url: https://futaguard.github.io/FutaFilter/filter.txt
name: Make futa great again!
id: 1589653538
- enabled: true
url: https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt
name: Block access to LAN
id: 1590951368
- enabled: true
url: https://filter.futa.gg/nofarm_hosts.txt
name: nofarm_hosts
id: 1590951369
- enabled: true
url: https://filter.futa.gg/removeparam.txt
name: removeparam
id: 1615659718
- enabled: true
url: https://filter.futa.gg/experimental.txt
name: experimental
id: 1615659719
- enabled: true
url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/skyrules.txt
name: skyrules
id: 1618162488
- enabled: true
url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/all.txt
name: BlueSkyXN
id: 1618162489
- enabled: true
url: https://filter.futa.gg/hide_farm_from_search.txt
name: hide_farm_from_search
id: 1618162490
- enabled: true
url: https://anti-ad.net/easylist.txt
name: 'CHN: anti-AD'
id: 1618162491
- enabled: true
url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
name: filter_17_TrackParam
id: 1618162492
- enabled: true
url: https://pvecli.xuan2host.com/Filter/Xuan2host_Filter.txt
name: Xuan2host_Filter
id: 1623523461
- enabled: true
url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
name: LegitimateURLShortener
id: 1640829606
- enabled: true
url: http://sub.adtchrome.com/adt-chinalist-easylist.txt
name: ChinaList+EasyList
id: 1649868744
- enabled: true
url: https://easylist-downloads.adblockplus.org/easylistchina.txt
name: EasyList China 中文補充規則
id: 1649868745
- enabled: true
url: https://gitee.com/xinggsf/Adblock-Rule/raw/master/rule.txt
name: xinggsf乘風廣告過濾規則
id: 1649868746
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: false
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
schema_version: 10
THE END