硬體配置:
1c 256M 4g 即可(開高我也沒意見)
安裝方式:
到 Github 選擇對應 OS 安裝包 下載 解壓縮執行安裝即可
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.101.0/AdGuardHome_linux_amd64.tar.gz
tar zxvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome/
sudo ./AdGuardHome -s install
IP:3000 進入網頁設定(預設值即可)
一般設置
DNS設置
上游的 DNS 伺服器:
https://dns.cloudflare.com/dns-query
1.1.1.2
168.95.192.1
https://dns.google/dns-query
勾選同時查詢 DNS
RBL清單:
預設內建可以全勾之後,以下可以參考新增:
#NeoHost
https://cdn.jsdelivr.net/gh/neoFelhz/[email protected]/127.0.0.1/full/hosts
#CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts
#StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
#CHEF-KOCH NASBlocklist
https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS/HOSTS
#ABP
https://bestpika.github.io/abp/yui.txt
https://gist.github.com/bestpika/5e414a4f60b2a996a6fb31ec592a56b4/raw/hide.txt
https://filters.adtidy.org/extension/ublock/filters/3.txt
https://filters.adtidy.org/extension/ublock/filters/15.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/badware.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resource-abuse.txt
https://raw.githubusercontent.com/Yhonay/antipopads/master/popads.txt
https://raw.githubusercontent.com/NanoAdblocker/NanoFilters/master/NanoFilters/NanoTimer.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjxlist.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt
https://280blocker.net/files/280blocker_adblock.txt
https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-easylist.txt
#AAK
https://easylist-downloads.adblockplus.org/antiadblockfilters.txt
https://raw.githubusercontent.com/jspenguin2017/uBlockProtector/master/uBlockProtectorList.txt
#Other
https://filter.futa.gg/filter.txt
https://filter.futa.gg/hosts.txt
https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt
https://filter.futa.gg/nofarm_hosts.txt
Let’s Encrypt:
先利用其他域名證書讓 nginx -t 檢查通過之後 CF DNS 直通 Let’s Encrypt 簽發證書回傳:
server
{
listen 80;
server_name agh.yourdomain;
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl http2;
server_name agh.yourdomain;
root /dev/null;
ssl_certificate /etc/letsencrypt/live/agh.yourdomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/agh.yourdomain/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
location / {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://10.0.1.191;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf|css|js)$ {
proxy_pass https://10.0.1.191;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /dns-query {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://10.0.1.191:443/dns-query;
}
}
然後利用 proxy 取得的 ssl 證書拷貝至 AdGuard Home 加密頁面, 填寫相同域名,不勾選 HTTP to HTTPS 之後,生效收工。
如果不小心開啟安全搜尋請先關閉之後進入 Youtube 將嚴格篩選模式關閉:
驗證 DoT 以及 DoH >> https://github.com/ameshkov/dnslookup
apt install golang
git clone https://github.com/ameshkov/dnslookup
cd dnslookup
make
./dnslookup www.google.com https://adg.yourdomain/dns-query
or 使用此測試:
time nslookup www.google.com agh.yourdomain
其他封鎖清單: