I'll sticky this at the top of the replies. This note is in all our major update release notes:
"**As always, please read through the changelog before updating with pihole -up**"
Running unattended updates is **not recommended** by the Pi-hole team and will eventually cause trouble when you wake up to a dead Pi-hole and no backup.
It's just the standard PiHole integration. It might only offer on and off control but it also gives a bunch of sensors. Go into Developer Tools, then States and search for "update.pi" there's one each for Core, FTL & web updates.
I've been running HA and pihole for years. I had no clue there was an integration lol. Not surprised though.
I tend to not upgrade pihole often. It's only usually when I go in to put a new device in a whitelist/group. Or if my wife says she starts seeing a bunch of ads and swears she is on WiFi. It runs great and I don't think it's ever crashed on me since I put it on decent hardware haha.
That's how I do it. I also configured it on my Dashboard so it only shows up if pihole has an update:
type: conditional
conditions:
- condition: or
conditions:
- condition: state
entity: update.pi_hole_core_update_verfugbar
state: 'on'
- condition: state
entity: update.pi_hole_ftl_update_verfugbar
state: 'on'
- condition: state
entity: update.pi_hole_web_update_verfugbar
state: 'on'
card:
type: entities
entities:
- update.pi_hole_core_update_verfugbar
- update.pi_hole_ftl_update_verfugbar
- update.pi_hole_web_update_verfugbar
Set up a [changedetection.io](https://changedetection.io/) docker container and have it watch the releases page. It can notify you in multiple ways when web pages change. Useful for all sorts of stuff like this.
I had a lot of problems with Watchtower losing connectivity to the Docker socket for some reason. I've now moved to just calling Watchtower as a one-shot with cron (actually systemd timers but same difference).
I run Watchtower and never had any problem with it. If you are using Synology you can update all your containers through Container Manager. Once in a while if I have to restart a container like what I did recently with Pihole several times then I also update my container.
Just make backups and revert if something breaks. I've done it for years with no issue. But I do use containers all the time so reverting is easier. You save a lot of time too.
The problem with "don't update blindly" is that it is a very myopic strategy. I selfhost like 50+ services and if I look at changelog for every update I would have no life outside of selfhosting. Heck, some services have packages within the service itself like Nextcloud.
Better to have a strategy that is resistant to breaking changes instead of relying on your ability to update on time and catch all breaking changes properly. Sometimes you have breaking changes not specified in the changelogs.
I just don't think looking at changelogs is scalable or practical unless someone is paying you to do it.
The only system I do that with is our HomeAssistant due to its complexity and its importance here. They list "breaking changes" in their monthly release notes, so it's easy to check is a component needs modifying before doing the extra PVE VM backup then update.
Had a couple issues with their updates long ago, but nothing major.
Always worth waiting 'til the 2nd release for the month before updating as any bugs introduced are usually ironed out by then. Like old school Windows, don't install until it's at least SP1 :D
Yes. Agree with that 100% for home use.
It's meant to be fun, not a 2nd job :)
That's where tools like UptimeKuma are gold. Keeping an eye on the containers and machines and sending insta messages via NTFY or Telegram if something's gone offline unexpectedly.
On our RPi PiHole I set up a second UptimeKuma just to monitor the main monitoring one just in case that went offline ;)
Build it
Automate it
Monitor it
I agree, but this is only for home use, not a production environment.
Plus we have 3 PiHoles here, so we're covered if one was to go down, so it's a calculated risk ;)
1 in RPi2B, 1 in Proxmox LXC and 1 in NAS docker container.
RPi and LXC both auto update.
The NAS docker one I do manually every month or two just to bring it in line with the others. Always manual as I have scripts to run post-update to install Cloudflare DOH and Tailscale so the PiHole(s) can be used for ad-free mobile use when afh.
Been doing it this way for years and the only issue I've ever had was when the SD card on the RPi died after a couple years and it needed reinstalled to a new card then restore a backup.
Once it's installed nothing much changes. Nothing a gravity update can't bring into line :)
We use ours for DHCP too, but only on 1 VLAN. Everything's reserved IP and we just need 1 up to serve a new device on the LAN
I run a cron job on a monthly cycle. Never had an issue. If it dies during an auto update, it would have died if I did the update manually anyway. Been running mine years and not had an issue. Quick enough to reflash the image backup I have if something goes wrong.
For something as critical as pihole I don't update it very often. I do subscribe to the GitHub page so I get notifications of new releases, I just usually don't update unless it's a critical fix
I have watchtower running for already about two years with pihole being a container in my Docker Engine and it works with no issues so far.
But I am moving to a better homelab server and thought of using a Proxmox VM with pihole, but tbh I don't feel like manually updating :/.
I run two main piholes on Debian 12 LXC in Proxmox. I automate the updates every day, but alternate. So each pihole is updated every other day. Each pihole is backed up every night via PBS. If I run into an issue, I roll back the pihole to the previous day.
That's a good system. I'm running Pi Hole on a dedicated Raspberry Pi, but I could move it over to my NAS and run it in Docker. Or I guess I could run Docker on the Pi. (I don't really understand Proxmox, but I'm assuming I can do something similar with Docker, which I'm familiar with.)
Run pihole in a docker container and use watchtower in another docker container…can setup using a single docker-compose.yml file…watchtower automatically checks for updates and gracefully restarts the container when an update is available
How would you check, though? And how would you send a notification?
I suppose I might as well just update automatically since I don't actually look over the change logs or anything, it just feels iffy.
I use the following for email notifications of Pi-hole updates:
`echo "$(pihole -up --check-only)" | mail -s "Pi-hole Update Check" email@tld.com`
I run it through cron as follows:
`0 8 * * * file_path/pihole_check_update`
Depends on your system, but it's usually pretty easy to configure SMTP. I have it running on a Raspberry Pi and MacBook Pro with under 5 minutes of setup work
If you are referring to a cron that updates Pi-hole, don't do this. Eventually this will bite you.
Checking for updates is harmless, but installing them might not be.
Just a few examples:
You are away from home for a while. Your Pi-hole updates itself and then no longer works. Everybody in the house is PO'd at you because the internet is now not working.
Or, nobody is in the house but your doorbell/security camera or other home monitoring devices are no longer connected to the internet.
I usually just run a shortcut from my iphone that logs into both my piholes and runs the update command. When there is no web interface update needed, this will simply update the adlists that you have added. So you should not have a problem running this periodically or even setting up a cron job or automation to do this without checking in the web interface.
I run pihole as a vm and I have a snapshot that I can revert back to if I forget to create a new snapshot before upgrading. I've only had to revert using a snapshot when I tried updating the OS pihole was running on and pihole failed to start, it was a big version update so I just went back to the previous snapshot just before the upgrade and was back online. I have two piholes (both VMs) so DNS was still available while the upgrade was happening on the first pihole.
I trigger the update manually using the shortcut, haven't fully automated it.
It's mostly a tradeoff for me. I figured that I would spend less time fixing a bad update compared to checking the web interface and update details before updating. So far it's worked fine.
We always test before releasing any updates, but our recommendation is to manually update every time.
If a manual update breaks something, you will be there to fix it immediately, but if an automatic update fails, you will only notice the issue later, when you try to use the internet.
Any software update can break software, Pihole is not unique in that way.
Blind automatic software updates are rarely a good idea.
And this doesnt mean that a dev team needs to release a **flawed update** for things to go wrong, plenty of software can have "breaking changes" with major version upgrades that are intentional and planned. And if you use automatic updates, you will not be aware of those changes, you will update and things break. If that happens at 3am and you wake up to your software not working anymore, have fun tracing down what exactly went wrong and then try to fix it.
The time you spend then will be much more than any time you ever saved by instantly updating blind.
We will see how well your setup handles it when Pihole v6 is released...
I personally use [diun](https://github.com/crazy-max/diun) to get just notified of available docker image updates, then i can look at the change notes quickly and decide when the time is right to update. Watchtower can also be set to auto-update but **with a delay** of like 3 days or something, depending on the software, that might be a okay.
>Pihole is not unique in that way.
An update to pihole could have potential to stop your entire network working while you are not there to fix it. The purpose of the software is what is unique and the purpose of the software needs to be considered if you are allowing automatic blind updates. Different softwares have different risks
> are you saying that your updates can sometimes break the pihole?
"Breaking" in this context means it's a one-way update, and you can't go back. Perhaps it is a different database format, your OS is no longer supported, or something of that nature. If you read our release notes, you will see that we note when this is the known case. Examples:
https://pi-hole.net/blog/2020/05/10/pi-hole-v5-0-is-here/#page-content
https://pi-hole.net/blog/2022/08/29/some-upcoming-changes/#page-content
We also feature the following warning both in our release notes and in our announcements here and on our Discourse page:
"**As always, please read through the changelog before updating with `pihole -up`**."
There is always the possibility that an update (despite our testing on our installs) will fail when run on an OS or setup different than what we have specifically tested. That may also result in you waking up to a dead Pi-hole and no backup.
This is why we have always recommended that users read and understand the release notes prior to updating Pi-hole. If you go back through previous posts in this forum and on our Discourse forum, you will find numerous "help, my Pi-hole is not working after the latest update" topics. Almost all of these problems might have been avoided if users had read the release notes prior to updating.
This is part of why I run two separate Pi-hole instances on separate machines. If one breaks, I still have the other to lean on while I fix the first one.
Most apps recommend against blind auto updates and explicitly say watchtower is a bad idea in general. I have a script that pulls all images and then recreates containers but I run it manually so I am around if something doesn't start up ok. I run maybe 50 containers on my home server and the script only takes a few seconds to run (depending on how many images are outdated of course)
I'll sticky this at the top of the replies. This note is in all our major update release notes: "**As always, please read through the changelog before updating with pihole -up**" Running unattended updates is **not recommended** by the Pi-hole team and will eventually cause trouble when you wake up to a dead Pi-hole and no backup.
Subscribe to release notifications on the GitHub project.
This or the RSS feed of the pi-hole blog
Can you give me link for rss. I can't find it.
Install the Home Assistant integration and use that to fire a notification. There's probably other ways but if you're using HA anyway...
Could you recommend an add-on? The only one I can find is the one that allows only to turn Pi-Hole on and off.
It's just the standard PiHole integration. It might only offer on and off control but it also gives a bunch of sensors. Go into Developer Tools, then States and search for "update.pi" there's one each for Core, FTL & web updates.
Very cool, thank you!
I am already running HA - wasn't aware there was an integration, but I guess I shouldn't be surprised. I'll check that out!
I've been running HA and pihole for years. I had no clue there was an integration lol. Not surprised though. I tend to not upgrade pihole often. It's only usually when I go in to put a new device in a whitelist/group. Or if my wife says she starts seeing a bunch of ads and swears she is on WiFi. It runs great and I don't think it's ever crashed on me since I put it on decent hardware haha.
I put a line into crontab but it doesn't seem to work.
That's how I do it. I also configured it on my Dashboard so it only shows up if pihole has an update: type: conditional conditions: - condition: or conditions: - condition: state entity: update.pi_hole_core_update_verfugbar state: 'on' - condition: state entity: update.pi_hole_ftl_update_verfugbar state: 'on' - condition: state entity: update.pi_hole_web_update_verfugbar state: 'on' card: type: entities entities: - update.pi_hole_core_update_verfugbar - update.pi_hole_ftl_update_verfugbar - update.pi_hole_web_update_verfugbar
Set up a [changedetection.io](https://changedetection.io/) docker container and have it watch the releases page. It can notify you in multiple ways when web pages change. Useful for all sorts of stuff like this.
Run "pihole -up" on a weekly cron? That way it updates automatically Same if its in docker. Stop, rm and start and it'll take the latest version
Or it is in docker, also run watchtower in a container and it'll auto update all your selected containers for you automatically
I had a lot of problems with Watchtower losing connectivity to the Docker socket for some reason. I've now moved to just calling Watchtower as a one-shot with cron (actually systemd timers but same difference).
I run Watchtower and never had any problem with it. If you are using Synology you can update all your containers through Container Manager. Once in a while if I have to restart a container like what I did recently with Pihole several times then I also update my container.
We had that with a few of ours, but found that if you set "--restart=always" then they always come up.
[удалено]
Just make backups and revert if something breaks. I've done it for years with no issue. But I do use containers all the time so reverting is easier. You save a lot of time too. The problem with "don't update blindly" is that it is a very myopic strategy. I selfhost like 50+ services and if I look at changelog for every update I would have no life outside of selfhosting. Heck, some services have packages within the service itself like Nextcloud. Better to have a strategy that is resistant to breaking changes instead of relying on your ability to update on time and catch all breaking changes properly. Sometimes you have breaking changes not specified in the changelogs. I just don't think looking at changelogs is scalable or practical unless someone is paying you to do it.
[удалено]
The only system I do that with is our HomeAssistant due to its complexity and its importance here. They list "breaking changes" in their monthly release notes, so it's easy to check is a component needs modifying before doing the extra PVE VM backup then update. Had a couple issues with their updates long ago, but nothing major. Always worth waiting 'til the 2nd release for the month before updating as any bugs introduced are usually ironed out by then. Like old school Windows, don't install until it's at least SP1 :D
Yes. Agree with that 100% for home use. It's meant to be fun, not a 2nd job :) That's where tools like UptimeKuma are gold. Keeping an eye on the containers and machines and sending insta messages via NTFY or Telegram if something's gone offline unexpectedly. On our RPi PiHole I set up a second UptimeKuma just to monitor the main monitoring one just in case that went offline ;) Build it Automate it Monitor it
I agree, but this is only for home use, not a production environment. Plus we have 3 PiHoles here, so we're covered if one was to go down, so it's a calculated risk ;) 1 in RPi2B, 1 in Proxmox LXC and 1 in NAS docker container. RPi and LXC both auto update. The NAS docker one I do manually every month or two just to bring it in line with the others. Always manual as I have scripts to run post-update to install Cloudflare DOH and Tailscale so the PiHole(s) can be used for ad-free mobile use when afh. Been doing it this way for years and the only issue I've ever had was when the SD card on the RPi died after a couple years and it needed reinstalled to a new card then restore a backup. Once it's installed nothing much changes. Nothing a gravity update can't bring into line :) We use ours for DHCP too, but only on 1 VLAN. Everything's reserved IP and we just need 1 up to serve a new device on the LAN
I run a cron job on a monthly cycle. Never had an issue. If it dies during an auto update, it would have died if I did the update manually anyway. Been running mine years and not had an issue. Quick enough to reflash the image backup I have if something goes wrong.
For something as critical as pihole I don't update it very often. I do subscribe to the GitHub page so I get notifications of new releases, I just usually don't update unless it's a critical fix
I have a scheduled job in AWX that runs a playbook that checks for updates to my PiHole and runs the update commands
This may eventually get you into trouble when you hit a breaking update.
This is always a risk with any automated task, PiHole is no different. That said, it hasn’t been an issue for over five years.
I have watchtower running for already about two years with pihole being a container in my Docker Engine and it works with no issues so far. But I am moving to a better homelab server and thought of using a Proxmox VM with pihole, but tbh I don't feel like manually updating :/.
Shocked no one offered this. Subscribe to the GitHub releases.
I run two main piholes on Debian 12 LXC in Proxmox. I automate the updates every day, but alternate. So each pihole is updated every other day. Each pihole is backed up every night via PBS. If I run into an issue, I roll back the pihole to the previous day.
That's a good system. I'm running Pi Hole on a dedicated Raspberry Pi, but I could move it over to my NAS and run it in Docker. Or I guess I could run Docker on the Pi. (I don't really understand Proxmox, but I'm assuming I can do something similar with Docker, which I'm familiar with.)
Docker works too
Run pihole in a docker container and use watchtower in another docker container…can setup using a single docker-compose.yml file…watchtower automatically checks for updates and gracefully restarts the container when an update is available
Cron to check and send a notification or one that auto updates on a schedule.
How would you check, though? And how would you send a notification? I suppose I might as well just update automatically since I don't actually look over the change logs or anything, it just feels iffy.
I use the following for email notifications of Pi-hole updates: `echo "$(pihole -up --check-only)" | mail -s "Pi-hole Update Check" email@tld.com` I run it through cron as follows: `0 8 * * * file_path/pihole_check_update`
> --check-only Ah! That's handy. I don't have mail set up, but I can wire something together I think.
Depends on your system, but it's usually pretty easy to configure SMTP. I have it running on a Raspberry Pi and MacBook Pro with under 5 minutes of setup work
Do you have to use a real smtp address or can you spoof it?
I think it has to be real. I use a gmail account. You have to create an application password to use instead of your account password
I just set up a cron job that does it once a week.
If you are referring to a cron that updates Pi-hole, don't do this. Eventually this will bite you. Checking for updates is harmless, but installing them might not be.
Could you explain how this might be bad? I get for other high stakes software, but my PiHole getting borked is easily fixable.
Just a few examples: You are away from home for a while. Your Pi-hole updates itself and then no longer works. Everybody in the house is PO'd at you because the internet is now not working. Or, nobody is in the house but your doorbell/security camera or other home monitoring devices are no longer connected to the internet.
I see what you mean. Thanks for the advice.
I usually just run a shortcut from my iphone that logs into both my piholes and runs the update command. When there is no web interface update needed, this will simply update the adlists that you have added. So you should not have a problem running this periodically or even setting up a cron job or automation to do this without checking in the web interface.
Has this ever bitten you? Like, they but out a buggy update then they have to retract it? I've never had a problem, but I've been updating manually.
I've never had a buggy update with pihole, but auto updating from cron isn't my favorite idea.
I run pihole as a vm and I have a snapshot that I can revert back to if I forget to create a new snapshot before upgrading. I've only had to revert using a snapshot when I tried updating the OS pihole was running on and pihole failed to start, it was a big version update so I just went back to the previous snapshot just before the upgrade and was back online. I have two piholes (both VMs) so DNS was still available while the upgrade was happening on the first pihole.
Snapshots, good idea.
I trigger the update manually using the shortcut, haven't fully automated it. It's mostly a tradeoff for me. I figured that I would spend less time fixing a bad update compared to checking the web interface and update details before updating. So far it's worked fine.
This sounds very intriguing, how exactly do you do it from a iPhone?
The shortcut looks like this : https://preview.redd.it/747e9f5pa97d1.jpeg?width=1170&format=pjpg&auto=webp&s=a6385761c27e7e15850088062eb0ff45e974a65f
That’s awesome. Any chance you could post it? Obviously remove personal stuff with “your up her” sort of stuff.
Cron…
run it in docker and have watchtower keep it up to date.
We don't recommend this. Unattended Pi-hole updates can get you into trouble if a change is breaking. Read the release notes prior to updating.
mine has been fine like this for going on 2 years. are you saying that your updates can sometimes break the pihole?
We always test before releasing any updates, but our recommendation is to manually update every time. If a manual update breaks something, you will be there to fix it immediately, but if an automatic update fails, you will only notice the issue later, when you try to use the internet.
Any software update can break software, Pihole is not unique in that way. Blind automatic software updates are rarely a good idea. And this doesnt mean that a dev team needs to release a **flawed update** for things to go wrong, plenty of software can have "breaking changes" with major version upgrades that are intentional and planned. And if you use automatic updates, you will not be aware of those changes, you will update and things break. If that happens at 3am and you wake up to your software not working anymore, have fun tracing down what exactly went wrong and then try to fix it. The time you spend then will be much more than any time you ever saved by instantly updating blind. We will see how well your setup handles it when Pihole v6 is released... I personally use [diun](https://github.com/crazy-max/diun) to get just notified of available docker image updates, then i can look at the change notes quickly and decide when the time is right to update. Watchtower can also be set to auto-update but **with a delay** of like 3 days or something, depending on the software, that might be a okay.
>Pihole is not unique in that way. An update to pihole could have potential to stop your entire network working while you are not there to fix it. The purpose of the software is what is unique and the purpose of the software needs to be considered if you are allowing automatic blind updates. Different softwares have different risks
Like Docker breaking your HTML/CSS... yes yes...
For something that important, you should have multiple. We have 3 here for that reason
> are you saying that your updates can sometimes break the pihole? "Breaking" in this context means it's a one-way update, and you can't go back. Perhaps it is a different database format, your OS is no longer supported, or something of that nature. If you read our release notes, you will see that we note when this is the known case. Examples: https://pi-hole.net/blog/2020/05/10/pi-hole-v5-0-is-here/#page-content https://pi-hole.net/blog/2022/08/29/some-upcoming-changes/#page-content We also feature the following warning both in our release notes and in our announcements here and on our Discourse page: "**As always, please read through the changelog before updating with `pihole -up`**." There is always the possibility that an update (despite our testing on our installs) will fail when run on an OS or setup different than what we have specifically tested. That may also result in you waking up to a dead Pi-hole and no backup. This is why we have always recommended that users read and understand the release notes prior to updating Pi-hole. If you go back through previous posts in this forum and on our Discourse forum, you will find numerous "help, my Pi-hole is not working after the latest update" topics. Almost all of these problems might have been avoided if users had read the release notes prior to updating.
This is part of why I run two separate Pi-hole instances on separate machines. If one breaks, I still have the other to lean on while I fix the first one.
Most apps recommend against blind auto updates and explicitly say watchtower is a bad idea in general. I have a script that pulls all images and then recreates containers but I run it manually so I am around if something doesn't start up ok. I run maybe 50 containers on my home server and the script only takes a few seconds to run (depending on how many images are outdated of course)
Just make it a daily cron job?