Troubleshooting that work for me: * check system -> routerBOARD and make sure your current firmware matches the upgrade firmware. Otherwise update and reboot * make sure you format with MBR Partition Table unchecked * if you get error when trying pull container, disk name is now "slot". Make sure you are using that for your mount, container config, and root dir paths and not label. * open files while extracting and you should see data loading into the "pull" directory * be patient - extracting can take a while
I'm anxiously awaiting the support for RAMdisk on all devices (not only those with 16MB flash) so I can put a container in RAMdisk and find a useful use for the gigabyte of RAM in my 4011 router... Of course I know that it will be lost on reboot then, but powerfails are very rare here, and for a small "settings" space I can mount a directory on the flash. Uploading the container after every reboot would be doable.
At 5:39 one can also specify the architecture of the image to pull using `--platform` option. Should work with a more or less recent version of Docker client.
If a two containers using the same registry image name, are they use double storage space in Router OS? In other words, do we have layered fs working there? So we save a space by sharing the same images data between containers.
That was very informative. I managed to make it work on Ac3. Maybe it's a bit underpowered for that purpose, but it works. One RPI less for powering. Waiting for availability of AX3.
@Mikrotik, one question, how and what should I modify to get proper stat for Client stat? Right now it shows only one IP - Dockers Bridge IP Gateway... Some additional NAT rules or ...?
wooooot !!! nice video i like too (stephen) the dual conf term/winbox and wait your next video :) but do you think that a python/docker session can run on mk ?
I was all psyched to implement pihole or adguard on my RB4011, and was following through this process -- until I got to the point of configuring the container temp directory used for the docker image pull. The video shows it as "disk1/pull", but I don't have a disk1. Aha!, you've mounted an external drive on yours. But the RB4011 doesn't have a USB port for adding external storage, unfortunately. And apparently RouterOS doesn't yet support mounting a network share?! Even though I have about 400MB free on my internal drive, I don't think I'd want pihole or adguard frequently writing to it. The internal drive is a NAND flash drive and would burn out pretty pretty quickly, I fear. So now I'm trying to figure out what Mikrotik devices support adding external storage, at a reasonable price. The only one I see is the RB3011, which has a USB port but in other respects seems like a downgrade from my RB4011. And when might RouterOS support mounting a network share? Crazy in this day and age that it doesn't.
did you ever find an answer to this? I had a rpi3 with pihole hooked up to one of the ethernet ports, but for some reason would always get corrupted every 3 -5 months. So I wanted to try pihole on the rb4011, but am in the same situation as yourself. Can we do a network share drive? Cheers
You can mount external drive using a new package in v7.8 help.mikrotik.com/docs/display/ROS/ROSE-storage And for many containers, you don't need external drive, if the internal storage is enough.
You set the subnet /24, so the reason is assign an ip address to each one. If that's true, why you need to use the gateway to access the containers, and not the container ip or a host URL? My question is about two container using the same port (80 for instance), How can you identify each container using NAT?
Thanks for the very helpful videos. Did you do something to isolate the 172.17.0.x and the 192.168.88.x networks? I think the device is routing between those two networks. I can directly access the 172.17.0.x deceives from clients on the 192 network. This is on a factory reset hap.
I cannot find info on containers and VLANS. What if I have 3 vlans. Should I put the container on its own VLAN. These cookie cutter examples great for loading a container but almost useless for actually applying pihole or any other functionality, in a slightly more complex but very common single bridge multiple vlan household. Would be great for video #4
You configured 172.17.0.1/24 for the interface "dockers". So this /24 subnet must be enough to offer IPs to the upcoming dockers right? And 1-IP per 1-Docker is enough, right? Thanks for the great work, but if you keep the background music a little lower could be even better i think.
Hi guys, i am experiencing a problem when im trying to import the pihole either remotely or locally. I followed all the steps even with armv7 digest but keep getting "error: could not find image manifest in archive" both on remote and local import. Any ideas? I am using hap ac3 ros 7.5
I followed the instructions, but my router IP doesn't end up listening on 53. Do I need to add another dst-nat? I already had pihole running on a VM in my network, so my RB5009 doesn't hand out its IP for DNS in the DHCP config, but I used nslookup and set the server to the gateway IP and it doesn't respond. Also, will it ever be possible to get a list of USB devices and pass them to containers? I'd love to use this to host my Zigbee and Z-Wave dongles and pass them to Zigbee2mqtt.
Hi, I've just wanted to try your recommended guide but I ended up with an error which I cannot find any helpful information about what could be wrong. My device is: MikroTik hAP ac3 Architecture: arm Packages versions: 7.7 I use an external USB stick (8GB) for the container storage, File System=fat32, Formated on a Mikrotik router. I pretty much followed all of your steps, the only difference is that I used the USB stick as the 'src' and 'mount' The log from this is: container,info,debug getting layer sha256:330ad28688ae3fa5f3b241fef3efd076299bec9874e0597b1c16dcf8a165a53d container,info,debug layer sha256:330ad28688ae3fa5f3b241fef3efd076299bec9874e0597b1c16dcf8a165a53d downloaded container,info,debug failed to extract layer container,info,debug was unable to import, container 54752d2d-d6ad-4b91-b99d-c1c60d3cdf2d Could you please help me understand what could I have done wrong? Thank you so much in advance.
"Wrong token! Please re-login on the Pi-hole dashboard"... I followed this video, and I get the admin page, but whenever I try and do anything in the admin console, I just see this error. Google seems to think the fix is to clear the browser cache, but that doesn't work, and besides, it's the first time I've visited the page!
I've realised that it has to do with the dst-nat step described in the video... if I access the IP directly rather than by dst-nat, it works as expected...
hey @MikroTik I have set up also ng proxy manager container all good but none of my reverse proxy paths are working. Could you please make a video how to properly setup a reverse proxy container? also I noticed that if I setup the absolutely same container on another hw on my lan then all the local paths start to work all the redirects and port forwards which makes me think that it's just a misconfiguration of my router in the first case
Struggling to see where this is useful outside of home networking. Would much rather have seen more robust metarouter support in ROS7. So much horsepower in the new ARM based CCR and nothing to to use it.
Great tutorial. I followed it and got myself a Pi-hole. However I than upgraded to cbcrowe/pihole-unbound to make my own recursive DNS server. Now I have 2 instances of Pi-hole + Unbound and would like to set up gravity sync. For this I need SSH access to both instances. Is it possible to access Docker container on MikroTik via SSH? I tried and failed.
Can I ask you, how we can update running containers? For example: on the Linux docker environment we have a containrrr/watchtower but it requires interaction with docker (-v /var/run/docker.sock:/var/run/docker.sock)
@@mikrotikas far as I understand the container image is downloaded when creating it in the container section. so to download it agai it has to be removed and recreated? I don't see any command or button to download an exinsting container
I absolutely love this CLI / GUI side by side view.
Nice video, I like how you show the dual terminal/winbox config.
Troubleshooting that work for me:
* check system -> routerBOARD and make sure your current firmware matches the upgrade firmware. Otherwise update and reboot
* make sure you format with MBR Partition Table unchecked
* if you get error when trying pull container, disk name is now "slot". Make sure you are using that for your mount, container config, and root dir paths and not label.
* open files while extracting and you should see data loading into the "pull" directory
* be patient - extracting can take a while
it helps
Since RouterOS ver7.8, because of the changes made in the USB management, instead of disk1, I recommend using usb1-part1.
Классное решение - одновременно показывать настройку в консоли и графике!
Nice presentation on both CLI / GUI option. Thanks for sharing!
getting excited for my new hAP ax3 to arrive! thanks for the primer on making great use of it
Have fun!
I'm anxiously awaiting the support for RAMdisk on all devices (not only those with 16MB flash) so I can put a container in RAMdisk and find a useful use for the gigabyte of RAM in my 4011 router...
Of course I know that it will be lost on reboot then, but powerfails are very rare here, and for a small "settings" space I can mount a directory on the flash. Uploading the container after every reboot would be doable.
We are actually considering this
Nice and easy. I'll translate this setup to pt-br in a live tonight for Brazilian users.
I've just configured it on my hAP ac3 - works great!
Mikrotik ❤️
At 5:39 one can also specify the architecture of the image to pull using `--platform` option. Should work with a more or less recent version of Docker client.
It would also be good to run Docker Bench or Snyk, to check your container security :)
If a two containers using the same registry image name, are they use double storage space in Router OS?
In other words, do we have layered fs working there? So we save a space by sharing the same images data between containers.
That was very informative. I managed to make it work on Ac3. Maybe it's a bit underpowered for that purpose, but it works. One RPI less for powering.
Waiting for availability of AX3.
im waiting for AX3 too but.... WiFi 7 is about to get out.... mybe just skip WiFi6 and get Wifi7 ?
1. How much resources will take pi-hole?
2. Good to use Portainer for managing your containers.
@Mikrotik, one question, how and what should I modify to get proper stat for Client stat? Right now it shows only one IP - Dockers Bridge IP Gateway... Some additional NAT rules or ...?
Can we get access to the terminal inside the containers? Thank you MT, great work!
Yes, you can watch the third video in the series.
wooooot !!! nice video i like too (stephen) the dual conf term/winbox and wait your next video :) but do you think that a python/docker session can run on mk ?
I was all psyched to implement pihole or adguard on my RB4011, and was following through this process -- until I got to the point of configuring the container temp directory used for the docker image pull. The video shows it as "disk1/pull", but I don't have a disk1. Aha!, you've mounted an external drive on yours.
But the RB4011 doesn't have a USB port for adding external storage, unfortunately. And apparently RouterOS doesn't yet support mounting a network share?! Even though I have about 400MB free on my internal drive, I don't think I'd want pihole or adguard frequently writing to it. The internal drive is a NAND flash drive and would burn out pretty pretty quickly, I fear.
So now I'm trying to figure out what Mikrotik devices support adding external storage, at a reasonable price. The only one I see is the RB3011, which has a USB port but in other respects seems like a downgrade from my RB4011. And when might RouterOS support mounting a network share? Crazy in this day and age that it doesn't.
did you ever find an answer to this? I had a rpi3 with pihole hooked up to one of the ethernet ports, but for some reason would always get corrupted every 3 -5 months. So I wanted to try pihole on the rb4011, but am in the same situation as yourself. Can we do a network share drive? Cheers
You can mount external drive using a new package in v7.8 help.mikrotik.com/docs/display/ROS/ROSE-storage
And for many containers, you don't need external drive, if the internal storage is enough.
Nice video but can you show who I to handle ipv6 for the bridge with prefix delegation?
You set the subnet /24, so the reason is assign an ip address to each one. If that's true, why you need to use the gateway to access the containers, and not the container ip or a host URL? My question is about two container using the same port (80 for instance), How can you identify each container using NAT?
Awesome!
Thanks for the very helpful videos. Did you do something to isolate the 172.17.0.x and the 192.168.88.x networks? I think the device is routing between those two networks. I can directly access the 172.17.0.x deceives from clients on the 192 network. This is on a factory reset hap.
How to check the resource requirements? Can my HAP AC3 run pihole container? I'll add the drive, vut still not sure about cpu and ram.
will it run on
Hex S?
I cannot find info on containers and VLANS. What if I have 3 vlans. Should I put the container on its own VLAN.
These cookie cutter examples great for loading a container but almost useless for actually applying pihole or any other functionality, in a slightly more complex but very common single bridge multiple vlan household. Would be great for video #4
does vlan also filter by pihole?
I have a problem, if the router (AX3) is powered off by unpluggion the power adapter, all my active VETHs will disappear.
You configured 172.17.0.1/24 for the interface "dockers". So this /24 subnet must be enough to offer IPs to the upcoming dockers right? And 1-IP per 1-Docker is enough, right?
Thanks for the great work, but if you keep the background music a little lower could be even better i think.
Is the Docker swarm or kubernetis applicable? that is what we are looking for!!!!
Hi guys, i am experiencing a problem when im trying to import the pihole either remotely or locally. I followed all the steps even with armv7 digest but keep getting "error: could not find image manifest in archive" both on remote and local import. Any ideas? I am using hap ac3 ros 7.5
You've prob fixed this by now, but I would check that the RB firmware is upto date. This is separate from the RoSv7 firmware.
i have this problems
unexpected response from container registry: ERROR parsing http: there was no content-length or transfer-encoding, help please
I followed the instructions, but my router IP doesn't end up listening on 53. Do I need to add another dst-nat? I already had pihole running on a VM in my network, so my RB5009 doesn't hand out its IP for DNS in the DHCP config, but I used nslookup and set the server to the gateway IP and it doesn't respond.
Also, will it ever be possible to get a list of USB devices and pass them to containers? I'd love to use this to host my Zigbee and Z-Wave dongles and pass them to Zigbee2mqtt.
After following this guide i get a 403 error when navigating to the pihole url
I have the same too( Did you resolve this problem? ROS v7.8
I did it! Open browser page ip:port/admin
@@alexant Thanks! :)
¿Se puede ejecutar apache, PHP y MySQL?
Hi,
I've just wanted to try your recommended guide but I ended up with an error which I cannot find any helpful information about what could be wrong.
My device is: MikroTik hAP ac3
Architecture: arm
Packages versions: 7.7
I use an external USB stick (8GB) for the container storage, File System=fat32, Formated on a Mikrotik router.
I pretty much followed all of your steps, the only difference is that I used the USB stick as the 'src' and 'mount'
The log from this is:
container,info,debug getting layer sha256:330ad28688ae3fa5f3b241fef3efd076299bec9874e0597b1c16dcf8a165a53d
container,info,debug layer sha256:330ad28688ae3fa5f3b241fef3efd076299bec9874e0597b1c16dcf8a165a53d downloaded
container,info,debug failed to extract layer
container,info,debug was unable to import, container 54752d2d-d6ad-4b91-b99d-c1c60d3cdf2d
Could you please help me understand what could I have done wrong?
Thank you so much in advance.
I had the same error, if you go in ip->dns.
Add 8.8.8.8 to your servers and you should be all good!
@@danickmarleau Thank you very much! i had the same issue
MikroTik jūs esat pārspējuši paši sevi. Beidzot ir pienācis laiks nomainīt savu desmitgadīgo RB2011... līdz ko hAP ax sērija parādīsies noliktavās. 👍
Unfortunately none of my Mikrotik devices have ARM CPU (
Hi . Can I run OPENWRT on MikroTik on container?
Yes, you can
"Wrong token! Please re-login on the Pi-hole dashboard"...
I followed this video, and I get the admin page, but whenever I try and do anything in the admin console, I just see this error. Google seems to think the fix is to clear the browser cache, but that doesn't work, and besides, it's the first time I've visited the page!
I've realised that it has to do with the dst-nat step described in the video... if I access the IP directly rather than by dst-nat, it works as expected...
hey one question how do you set a container to autostart after reboot like pihole for example?
start-on-boot=yes
is it possible to run containers at CHR hosted at ex-debian VDS?
containers run on chr, yes
will you please make a video on how to update the pihole container?
Can you just copy the container and have it re-pull latest?
@@mdobro7594 i dont know how to do that lol
If i would like to show someone how to make good tutorial video i would just send him this as a reference.
Hi,
this means that the HEx series cannot execute container due to architecture, right?
yes
Unfortunately. :( Bad news and I don't think this will change.
hey @MikroTik I have set up also ng proxy manager container all good but none of my reverse proxy paths are working. Could you please make a video how to properly setup a reverse proxy container? also I noticed that if I setup the absolutely same container on another hw on my lan then all the local paths start to work all the redirects and port forwards which makes me think that it's just a misconfiguration of my router in the first case
Hello! Can you tell how you do that? Maybe text information?
@@gakasio what do you mean?
@@johnr9243 I mean how you realized that?
@@johnr9243 any help
Struggling to see where this is useful outside of home networking.
Would much rather have seen more robust metarouter support in ROS7. So much horsepower in the new ARM based CCR and nothing to to use it.
Status error
what is the password to access pihole. the one I entered in evns shows that it is wrong
root@pihole:/# pihole -up
Function not supported in Docker images
root@pihole:/#
:(
uz 7.6 hap ac3 nemaina paroli netieku klāt! pie web interfeisa!
Use the MikroTik mobile app, not web interface
status:error :(
Great tutorial. I followed it and got myself a Pi-hole. However I than upgraded to cbcrowe/pihole-unbound to make my own recursive DNS server. Now I have 2 instances of Pi-hole + Unbound and would like to set up gravity sync. For this I need SSH access to both instances. Is it possible to access Docker container on MikroTik via SSH? I tried and failed.
Can I ask you, how we can update running containers? For example: on the Linux docker environment we have a containrrr/watchtower but it requires interaction with docker (-v /var/run/docker.sock:/var/run/docker.sock)
You must download the container again. All your config and data will be on the external directory, so you will not lose anything
@@mikrotikas far as I understand the container image is downloaded when creating it in the container section. so to download it agai it has to be removed and recreated? I don't see any command or button to download an exinsting container