Hosts: Block the bullshit web V2
Advertisements, tracking scripts and other countless lines of code downloaded on to your machine to spam and monitor you whenever you connect to the internet.
Host is a project to block advertisements, tracking scripts and other websites including pornographic content using this host file.
We will use Pi-Hole as our DNS resolver which will be tunnelled via OpenVPN. Both the applications will be hosted on Oracle Cloud.
Thanks to r/pihole community for their love and support.
Step-by-step guide
Caution: We will enable the root access for convenience, which is strongly discouraged. If you are familiar with SSH, then I recommend you to use that approach. Proceed with caution.
Instructions:
Only change configuration mentioned here, leave the rest as untouched/recommended/system default.
This guide is written from Windows OS perspective.
If you are a Linux user, you would be familiar with setting up a VM and accessing files.
If you are a Mac user, use FileZilla as an alternative for WinSCP.
Create an account with Oracle Cloud free tier: https://www.oracle.com/cloud/free
Setup a VM instance
Switch the OS from Oracle Linux to Ubuntu
Upload your own public key (this key can be generated via PuTTY)
Note down Public IP and Private IP
Log in to Shell and switch to root: sudo su - root
Change root password: passwd root
[Note: The common practice is not to do this. Here the use case is security vs. convenience, where this approach is convenient but may be risky to permit remote access via root. This is used later in step 15]
Install and configure OpenVPN server using the following script: https://github.com/angristan/openvpn-install
Select Port: 1194
Create a default client after installation and download it [Step 25]
Install and configure Pi-Hole: https://github.com/pi-hole/pi-hole/#one-step-automated-install
Select interface: tun0
Change the Pi-Hole password: sudo pihole -a -p
Install nano text editor (or your favourite alternative): sudo apt install nano -y
Edit the SSH config file: sudo nano /etc/ssh/sshd_config
Change following entries
PasswordAuthentication no > PasswordAuthentication yes
PermitRootLogin prohibit-password > PermitRootLogin yes
[Note: As mentioned earlier, do this at your own risk - this method allows you to easily connect to VM and grab any file from anywhere but this may pose a security risk]
Restart sshd: sudo systemctl restart sshd
Login to WinSCP
Host: <Public IP>
Username: root
Password: <root password set in step 4>
Navigate to: /etc/openvpn/server.conf
Change push "dhcp-option DNS <pihole private ip goes here>"
Search Internet on Oracle web GUI
Navigate to > Internet Gateway vcn-XXXXXXXX-XXXX
Left column > Navigate to > Security Lists
Navigate to > Default Security List for vcn-XXXXXXXX-XXXX
Add Ingress Rules
Source CIDR: 0.0.0.0/0
IP Protocol: UDP
Destination Port Range: 1194 [Step 6]
Restart the VM from the Console
To add/revoke OpenVPN client certificates [Execute this via root, for which follow step 3]: ./openvpn-install.sh
After creating a new client certificate, to download the certificate
scp ubuntu@<public IP>:/root/CLIENT.ovpn C:\Users\<username>\Desktop [If you encounter permission denied error then try second option]
Login to WinSCP [Refer step 15] and navigate to /root and download the client certificates to local
Load the client certificate in OpenVPN app on your device, connect to the VPN and enjoy [OpenVPN client for your device: https://openvpn.net/vpn-client]
Access Pi-Hole web interface/dashboard
Connect to OpenVPN [Client certificate as per step 24]
Open your web browser and navigate to: https://<private ip>/admin/index.php [Password as per step 10]
Configure the OISD block list, which covers almost every sub-list known to humankind: https://oisd.nl/ [follow instructions on the website and pick on need basis]
Use following commands for periodic updates
Ubuntu: apt update && apt upgrade && apt dist-upgrade
OpenVPN: apt update && apt upgrade
Pi-Hole: pihole -up
Pi-Hole Gravity (adblock lists): pihole -g
Restart after update: reboot
One of the feedbacks out of many.
Credits
Angristan for the brilliant script
Hosts file by OISD block list
Huge shout-out to my dear friend, Karlis K 🇱🇻 for helping me through this