AdGuard Home with Docker - Part 4: Advanced Features & Maintenance

In this final part, we’ll explore advanced AdGuard Home features, learn how to maintain your installation, and troubleshoot common issues.

Table of Contents

1. Advanced Configuration
2. Maintenance Commands
3. Troubleshooting
4. Performance Tips
5. Final Checklist
6. Summary

Advanced Configuration

Enable HTTPS for Admin Panel

Secure your admin panel with HTTPS:

1. In AdGuard Home dashboard, go to Settings → Encryption
2. Enable HTTPS
3. Choose your certificate method:
   • Let’s Encrypt: Automatic free certificates (requires domain name and port forwarding)
   • Upload certificates: Use your own SSL certificates

When to use HTTPS:

• If accessing AdGuard Home from outside your network
• For maximum security (even on local network)
• Not required for basic home use

Add Custom Blocklists

Beyond the recommended defaults from Part 3, you can add specialized blocklists:

1. Go to Filters → DNS blocklists
2. Click “Add blocklist”
3. Popular additional lists:
   • AdAway Default Blocklist - Mobile ad blocking
   • Steven Black’s Unified Hosts - Malware and adware
   • HaGeZi’s DNS Blocklists - Threat Intelligence feeds

Remember: Start with the recommended 2 lists from Part 3. Only add more if you notice specific ads getting through.

Setup Alternative Upstream DNS Servers

You configured upstream DNS in Part 3, but here are additional privacy-focused options:

Where: Settings → DNS settings → Upstream DNS servers

Additional Options:

• NextDNS: Create account at https://nextdns.io (customizable filtering)
• AdGuard DNS: 94.140.14.14 and 94.140.15.15 (built by AdGuard team)
• OpenDNS: 208.67.222.222 and 208.67.220.220 (includes web filtering)

DNS-over-HTTPS (DoH) Options:

• Cloudflare: https://dns.cloudflare.com/dns-query
• Google: https://dns.google/dns-query
• Quad9: https://dns.quad9.net/dns-query

Enable Query Logging (Already Recommended in Part 3)

If you skipped it earlier:

1. Settings → DNS settings
2. Enable “Query log”
3. Set retention period: 24 hours (recommended)

Why it’s useful:

• See what domains your devices are accessing
• Troubleshoot blocked sites
• Monitor network activity
• Identify suspicious behavior

Advanced Usage Ideas

Optional - For users wanting to explore beyond basic ad blocking

Once you have AdGuard Home running, you can do so much more:

Security & Privacy:

• DNS-over-HTTPS (DoH) - Encrypt your DNS queries so your ISP can’t see what sites you visit
• DNS-over-TLS (DoT) - Another encrypted DNS option for privacy-conscious users
• Upstream DNS Providers - Use privacy-focused DNS like Quad9, Cloudflare, or NextDNS
• Custom Blocklists - Add specialized lists for malware, phishing, cryptominers, or specific content

Network Monitoring:

• See What Your Devices Are Doing - Query logs show every DNS request on your network
• Identify Suspicious Activity - Spot devices phoning home or malware attempting to connect
• Track Smart Home Devices - See what data your IoT devices are trying to send

Advanced Filtering:

• Parental Controls - Block adult content, gambling sites, or social media
• Whitelist Mode - Only allow specific domains (extreme lockdown for kids’ devices)
• Per-Client Settings - Different filtering rules for different devices
• Regex Filtering - Create powerful custom rules using regular expressions

Power User Features:

• Rewrites & Custom DNS - Point specific domains to local servers (great for home labs)
• Safe Search Enforcement - Force safe search on Google, Bing, YouTube
• DHCP Server - Replace your router’s DHCP (advanced users only)
• API Access - Integrate with Home Assistant, Grafana, or custom scripts

Performance Optimization:

• Response Caching - Speed up DNS lookups by caching common queries (enabled by default)
• Bootstrap DNS - Optimize upstream DNS resolution
• Parallel Queries - Query multiple upstream servers simultaneously (enabled in recommended defaults)

To learn more: Visit the AdGuard Home Wiki for detailed guides on these advanced features.

Maintenance Commands

View Logs

Check what AdGuard Home is doing:

# View all logs
docker logs adguardhome

# Follow logs in real-time (press Ctrl+C to exit)
docker logs -f adguardhome

# View last 50 lines
docker logs --tail 50 adguardhome

When to check logs:

• Troubleshooting issues
• Verifying DNS queries are being processed
• Checking for errors

Backup Configuration

Important: Back up your configuration before updates or major changes.

# For docker-compose method (recommended)
cp -r ~/adguardhome/conf ~/adguardhome/conf-backup-$(date +%Y%m%d)

# For docker run method
sudo cp -r /opt/adguardhome/conf /opt/adguardhome/conf-backup-$(date +%Y%m%d)

What gets backed up:

• Settings and configuration
• Blocklists and filters
• Custom rules
• Query statistics

What doesn’t get backed up:

• Query logs (these are temporary)
• Container itself (easily recreated)

Pro Tip: Set up a monthly reminder to back up your config!

Restart Container

Restart AdGuard Home without losing configuration:

docker restart adguardhome

When to restart:

• After configuration changes (sometimes needed)
• If dashboard becomes unresponsive
• After system updates

Stop and Start Container

# Stop container
docker stop adguardhome

# Start container
docker start adguardhome

When to stop:

• Performing system maintenance
• Troubleshooting network issues
• Freeing up resources temporarily

Update AdGuard Home

Keep AdGuard Home up to date for security and new features:

Using docker-compose method (recommended):

cd ~/adguardhome
docker-compose pull
docker-compose up -d

Using docker run method:

docker stop adguardhome
docker rm adguardhome
# Then run your original docker run command again (from Part 3)

How often to update:

• Check for updates monthly
• Update immediately for security patches
• Read release notes before updating: https://github.com/AdguardTeam/AdGuardHome/releases

Backup before updating: Always create a backup before running updates!

Check Container Status

# List running containers
docker ps

# Check container resource usage
docker stats adguardhome

# View container details
docker inspect adguardhome

Troubleshooting

Port Conflicts (80, 3000, or Other Ports)

What does this mean? When you try to start AdGuard Home, you get an error like:

Error: bind: address already in use
Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use

This means: Another program is using the port you’re trying to use.

Quick Fix: Use Custom Ports

Solution: Use the custom ports configuration from Part 3.

1. Stop AdGuard Home:

   docker-compose down
   

2. Edit your docker-compose.yml:

   vim docker-compose.yml
   

3. Change the port mappings to use custom ports:

   ports:
     - '53:53/tcp' # Keep this as-is (DNS needs port 53)
     - '53:53/udp' # Keep this as-is (DNS needs port 53)
     - '8080:80/tcp' # Changed from "80:80" to "8080:80"
     - '3001:3000/tcp' # Changed from "3000:3000" to "3001:3000"
   

4. Save and restart:

   docker-compose up -d
   

5. Access with new ports:

   • Dashboard: http://YOUR_IP:8080
   • Setup: http://YOUR_IP:3001

Finding What’s Using a Port

Want to know what’s using your port?

# Check port 80
sudo lsof -i :80

# Check port 3000
sudo lsof -i :3000

# Or use netstat
sudo netstat -tulpn | grep :80

Common culprits:

• Port 80: Apache, Nginx, other web servers, other Docker containers
• Port 3000: Node.js apps, development servers, other containers
• Port 53: systemd-resolved, dnsmasq, other DNS services

Stopping Conflicting Services

If you want to free up the port instead:

For web servers:

# Apache
sudo systemctl stop apache2
sudo systemctl disable apache2  # Prevent auto-start

# Nginx
sudo systemctl stop nginx
sudo systemctl disable nginx

For other Docker containers:

# List all running containers
docker ps

# Stop the conflicting container
docker stop CONTAINER_NAME

Recommendation: Use custom ports instead of stopping other services - it’s safer and more flexible!

Port 53 Already in Use

What does this mean? Port 53 is used for DNS. Sometimes another program is already using it.

How to fix it (Ubuntu/Debian):

1. Stop the conflicting service:

   sudo systemctl stop systemd-resolved
   sudo systemctl disable systemd-resolved
   

2. Edit the DNS configuration file:

   sudo vim /etc/resolv.conf
   

3. Edit the file:

   • Find the line that says nameserver something
   • Change it to: nameserver 1.1.1.1
   • Save: Press Ctrl+X, then Y, then Enter (or :wq in vim)

4. Restart AdGuard Home:

   docker restart adguardhome
   

Can’t Access Web Interface

Symptoms: Can’t open http://YOUR_IP or http://YOUR_IP:3000 in browser

Solutions:

1. Check if container is running:

   docker ps
   

   • If you don’t see adguardhome listed, start it: docker start adguardhome

2. Check container logs for errors:

   docker logs adguardhome
   

3. Verify correct IP address:

   hostname -I
   

4. Check if firewall is active (optional):

   Raspberry Pi OS doesn’t have a firewall enabled by default, so this is usually not necessary.

   If you installed UFW, check its status:

   sudo ufw status
   

   If UFW is active and blocking ports, allow traffic:

   sudo ufw allow 3000
   sudo ufw allow 53
   sudo ufw allow 80
   

   Note: Most Raspberry Pi users don’t need firewall configuration for home networks.

5. Try accessing from the device itself:

   curl http://localhost:3000
   

6. Restart the container:

   docker restart adguardhome
   

AdGuard Home Not Blocking Ads

Symptoms: Ads still appear on websites, ad blocking seems ineffective

Solutions:

1. Verify DNS is set correctly:

   • Check router DNS settings (should point to AdGuard Home IP)
   • Or check individual device DNS settings

2. Test DNS resolution:

   # Replace YOUR_ADGUARD_IP with your AdGuard Home IP
   nslookup google.com YOUR_ADGUARD_IP
   

3. Check Query Log:

   • Open AdGuard Home dashboard
   • Go to “Query Log”
   • Browse a website on your device
   • Verify queries are appearing in the log

4. Verify blocklists are enabled:

   • Dashboard → Filters → DNS blocklists
   • Make sure lists are enabled (green toggle)
   • Click “Update” to refresh lists

5. Test with a known ad domain:

   nslookup doubleclick.net YOUR_ADGUARD_IP
   

   • Should return 0.0.0.0 if blocking is working

6. Clear device DNS cache:

   • Windows: ipconfig /flushdns
   • Mac: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
   • Linux: sudo systemd-resolve --flush-caches
   • iOS/Android: Toggle WiFi off/on or restart device

Container Won’t Start After Reboot

Symptoms: AdGuard Home stops working after system restart

Solutions:

1. Check Docker service:

   sudo systemctl status docker
   

2. Start Docker if stopped:

   sudo systemctl start docker
   sudo systemctl enable docker
   

3. Manually start container:

   docker start adguardhome
   

4. Check container restart policy:

   docker inspect adguardhome | grep -i restart
   

   • Should show: "RestartPolicy": { "Name": "unless-stopped" }

5. Recreate container with restart policy:

   cd ~/adguardhome
   docker-compose up -d
   

Slow DNS Resolution

Symptoms: Websites load slowly, DNS queries take time

Solutions:

1. Check upstream DNS servers:

   • Use fast, reliable DNS (Cloudflare 1.1.1.1, Quad9 9.9.9.9)
   • Test upstream DNS: nslookup google.com 1.1.1.1

2. Enable parallel queries:

   • Settings → DNS settings → Enable parallel queries

3. Increase cache size:

   • Settings → DNS settings → Cache configuration
   • Default is usually fine for home use

4. Reduce blocklists:

   • Too many blocklists slow down DNS
   • Stick to 2-3 high-quality lists

5. Check system resources:

   docker stats adguardhome
   

   • Make sure CPU/Memory usage is normal

Performance Tips

1. Use Ethernet Over WiFi

   • More stable connection
   • Lower latency
   • More reliable for DNS server

2. Use SSD Over SD Card (if possible)

   • Faster read/write speeds
   • More reliable
   • Longer lifespan
   • Note: If using Raspberry Pi with SD card, use a quality card (SanDisk, Samsung)

3. Limit Query Log Retention

   • Settings → DNS settings → Query log retention
   • 24 hours is sufficient for most users
   • Reduce to 12 hours on low-spec hardware (Pi 3B with 1GB RAM)

4. Don’t Over-Subscribe to Blocklists

   • More lists = slower DNS lookups
   • Start with 2-3 quality lists
   • Only add more if specific ads get through

5. Enable Response Caching (Default)

   • Settings → DNS settings → Cache configuration
   • Default cache size is fine for home use
   • Speeds up repeated DNS queries

6. Use Parallel Queries (Recommended Default)

   • Settings → DNS settings → Enable parallel queries
   • Queries multiple upstream DNS servers simultaneously
   • Faster overall response time

7. Monitor Resource Usage

   docker stats adguardhome
   

   • Normal CPU: 1-5%
   • Normal Memory: 50-150MB
   • If higher, reduce query logging or blocklists

8. Regular Updates

   • Update AdGuard Home monthly
   • Update blocklists automatically (default: every 7 days)
   • Update system packages: sudo apt update && sudo apt upgrade

Final Checklist: Is Your AdGuard Home Working?

Use this checklist to verify everything is configured correctly:

• Container is running: docker ps shows adguardhome container as “Up”
• Static IP is set: Device IP hasn’t changed after reboot
• Dashboard is accessible: Can open http://YOUR_IP in browser and log in
• Router DNS is configured: Router’s primary DNS points to AdGuard Home IP
• Devices are using AdGuard: Query log shows DNS requests from your devices
• Ads are blocked: Visit a test site (e.g., canyoublockit.com) - ads should be blocked
• Internet works: Can browse normally, no broken websites

All checked? Congratulations! Your network-wide ad blocker is live.

Something not working? Review the Troubleshooting section above or check the AdGuard Home community forums.

Summary

You now have AdGuard Home running in a Docker container! Here’s what you accomplished across this 4-part series:

Part 1: Prerequisites

• Understood why network-level ad blocking matters
• Compared AdGuard Home vs Pi-hole
• Learned about Docker benefits
• Prepared hardware and software

Part 2: System Setup

• Set up SSH for remote access
• Installed Docker
• Configured a static IP address

Part 3: Installation

• Deployed AdGuard Home container
• Completed initial setup wizard
• Configured recommended defaults
• Connected your network devices

Part 4: Advanced & Maintenance

• Explored advanced features
• Learned maintenance commands
• Troubleshot common issues
• Optimized performance

What You’ve Gained

Your entire network is now protected from ads and trackers. Every device connected to your WiFi benefits from:

• Faster browsing - Ads and trackers are blocked before they load
• Better privacy - No tracking scripts following you around
• Cleaner experience - No pop-ups, banners, or video ads
• Network insights - See what your devices are really doing
• 24/7 protection - Works automatically on all devices

Next Steps

Now that you have a working AdGuard Home installation:

1. Monitor for a week - Check the Query Log to see what’s being blocked
2. Fine-tune if needed - Whitelist sites that break, add specific blocklists
3. Set up regular backups - Schedule monthly configuration backups
4. Explore advanced features - Try DNS-over-HTTPS, parental controls, or custom rules
5. Share your experience - Help others set up their own ad blocking!

Additional Resources

• Official Documentation: AdGuard Home Wiki
• Source Code: AdGuard Home GitHub
• Community Support: AdGuard Home Discussions
• Docker Documentation: Docker Docs
• Blocklist Resources:
  • Firebog - Curated blocklist collection
  • OISD - Comprehensive blocklist

Questions or Issues? Visit the AdGuard Home community forums or check the troubleshooting section above.

Sometimes the best projects come from frustration with existing solutions. This guide series is my attempt to make network-wide ad blocking accessible to everyone, not just those who already know their way around Linux and Docker.

Just block the ads. Block the trackers. Take back control of your network.

Series Navigation: ← Part 3: Installation | Part 4 of 4

Start from the beginning: Part 1: Introduction & Prerequisites