silence

Signed-off-by: Adam Warner <me@adamwarner.co.uk>

.editorconfig

@@ -1,4 +1,4 @@
-# EditorConfig is awesome: http://EditorConfig.org
+# EditorConfig is awesome: https://editorconfig.org/
 
 # top-most EditorConfig file
 root = true

.github/ISSUE_TEMPLATE.md

@@ -1,37 +0,0 @@
-**In raising this issue, I confirm the following:** `{please fill the checkboxes, e.g: [X]}`
-
-- [] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md).
-- [] The issue I am reporting can be *replicated*.
-- [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pi-hole/pi-hole/wiki/FAQs), [closed issues](https://github.com/pi-hole/pi-hole/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), and [open issues](https://github.com/pi-hole/pi-hole/issues)).
-
-**How familiar are you with the the source code relevant to this issue?:**
-
-`{Replace this with a number from 1 to 10. 1 being not familiar, and 10 being very familiar}`
-
----
-**Expected behaviour:**
-
-`{A detailed description of what you expect to see}`
-
-**Actual behaviour:**
-
-`{A detailed description and/or screenshots of what you do see}`
-
-**Steps to reproduce:**
-
-`{Detailed steps of how we can reproduce this}`
-
-**Debug token provided by [uploading `pihole -d` log](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#debug):**
-
-`{Alphanumeric token}`
-
-**Troubleshooting undertaken, and/or other relevant information:**
-
-`{Steps of what you have done to fix this}`
-
-> * `{Please delete this quoted section when opening your issue}`
-> * You must follow the template instructions. Failure to do so will result in your issue being closed.
-> * Please [submit any feature requests here](https://discourse.pi-hole.net/c/feature-requests), so it is votable and trackable by the community.
-> * Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.
-> * Detail helps us understand and resolve an issue quicker, but please ensure it's relevant.
-> * _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,31 +0,0 @@
-**By submitting this pull request, I confirm the following:** 
-*please fill any appropriate checkboxes, e.g: [X]*
-
-- [ ] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template.
-- [ ] I have made only one major change in my proposed changes.
-- [ ] I have commented my proposed changes within the code.
-- [ ] I have tested my proposed changes, and have included unit tests where possible.
-- [ ] I am willing to help maintain this change if there are issues with it later.
-- [ ] I give this submission freely and claim no ownership.
-- [ ] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
-- [ ] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
-
-Please make sure you [Sign Off](https://github.com/pi-hole/pi-hole/wiki/How-to-signoff-your-commits.) all commits. Pi-hole enforces the [DCO](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project).
-
----
-**What does this PR aim to accomplish?:**
-*A detailed description, screenshots (if necessary), as well as links to any relevant GitHub issues*
-
-
-**How does this PR accomplish the above?:**
-*A detailed description (such as a changelog) and screenshots (if necessary) of the implemented fix*
-
-
-**What documentation changes (if any) are needed to support this PR?:**
-*A detailed list of any necessary changes*
-
-
----
-* You must follow the template instructions. Failure to do so will result in your pull request being closed.
-* Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.
-

.gitignore

@@ -15,7 +15,7 @@ __pycache__
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
-# All idea files, with execptions
+# All idea files, with exceptions
 .idea
 !.idea/codeStyles/*
 !.idea/codeStyleSettings.xml

.stickler.yml

@@ -2,5 +2,4 @@ linters:
   shellcheck:
     shell: bash
   phpcs:
-  csslint:
   flake8:

.travis.yml

@@ -1,12 +1,5 @@
-sudo: required
-services:
-  - docker
-language: python
-python:
-  - "2.7"
-install:
-  - pip install -r requirements.txt
-
-script:
-  # tox.ini handles setup, ordering of docker build first, and then run tests
-  - tox
+import:
+  - source: pi-hole/.github:/build-configs/core.yml@main
+    if: branch = master
+  - source: pi-hole/.github:/build-configs/core.yml@latest
+    if: branch != master

CONTRIBUTING.md

@@ -32,7 +32,7 @@ When requesting or submitting new features, first consider whether it might be u
 
 - Submit Pull Requests to the **development branch only**.
 - Before Submitting your Pull Request, merge `development` with your new branch and fix any conflicts. (Make sure you don't break anything in development!)
-- Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles. 
+- Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles.
 - Commit Unix line endings.
 - Please use the Pi-hole brand: **Pi-hole** (Take a special look at the capitalized 'P' and a low 'h' with a hyphen)
 - (Optional fun) keep to the theme of Star Trek/black holes/gravity.

README.md

@@ -1,14 +1,22 @@
+<!-- markdownlint-configure-file { "MD004": { "style": "consistent" } } -->
+<!-- markdownlint-disable MD033 -->
 <p align="center">
-<a href="https://pi-hole.net"><img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png" width="150" height="255" alt="Pi-hole"></a><br/>
-<b>Network-wide ad blocking via your own Linux hardware</b><br/>
+    <a href="https://pi-hole.net/">
+        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
+    </a>
+    <br>
+    <strong>Network-wide ad blocking via your own Linux hardware</strong>
 </p>
+<!-- markdownlint-enable MD033 -->
 
-The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
+#
 
-- **Easy-to-install**: our versatile installer walks you through the process, and [takes less than ten minutes](https://www.youtube.com/watch?v=vKWjx1AQYgs)
+The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
+
+- **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes
 - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs
 - **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries
-- **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://discourse.pi-hole.net/t/hardware-software-requirements/273)
+- **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/)
 - **Robust**: a command line interface that is quality assured for interoperability
 - **Insightful**: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
 - **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically
@@ -17,32 +25,35 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a
 - **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy
 
 -----
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238)](https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade)
-[![Build Status](https://travis-ci.org/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.org/pi-hole/pi-hole)
-[![BountySource](https://www.bountysource.com/badge/tracker?tracker_id=3011939)](https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE)
+
+Master [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=master)](https://travis-ci.com/pi-hole/pi-hole) Development [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.com/pi-hole/pi-hole)
 
 ## One-Step Automated Install
+
 Those who want to get started quickly and conveniently may install Pi-hole using the following command:
 
-#### `curl -sSL https://install.pi-hole.net | bash`
+### `curl -sSL https://install.pi-hole.net | bash`
 
 ## Alternative Install Methods
-[Piping to `bash` is controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash), as it prevents you from [reading code that is about to run](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) on your system. Therefore, we provide these alternative installation methods which allow code review before installation:
+
+Piping to `bash` is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash), as it prevents you from [reading code that is about to run](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) on your system. Therefore, we provide these alternative installation methods which allow code review before installation:
 
 ### Method 1: Clone our repository and run
-```
+
+```bash
 git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
 cd "Pi-hole/automated install/"
 sudo bash basic-install.sh
 ```
 
 ### Method 2: Manually download the installer and run
-```
+
+```bash
 wget -O basic-install.sh https://install.pi-hole.net
 sudo bash basic-install.sh
 ```
 
-## Post-install: Make your network take advantage of Pi-hole
+## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
 
 Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.
 
@@ -53,161 +64,102 @@ As a last resort, you can always manually set each device to use Pi-hole as thei
 -----
 
 ## Pi-hole is free, but powered by your support
+
 There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
 
 Make no mistake: **your support is absolutely vital to help keep us innovating!**
 
-### Donations
-Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses:
+### [Donations](https://pi-hole.net/donate)
 
-- <img src="https://pi-hole.github.io/graphics/Badges/paypal-badge-black.svg" width="24" height="24" alt="PP"/> <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY">Donate via PayPal</a><br/>
-- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin, Bitcoin Cash, Ethereum, Litecoin](https://commerce.coinbase.com/checkout/dd304d04-f324-4a77-931b-0db61c77a41b)
+Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses:
 
 ### Alternative support
-If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
+
+If you'd rather not donate (_which is okay!_), there are other ways you can help support us:
+
 - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
-- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
+- [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
 - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
-- [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
 - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
-- [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
-- [Vultr](http://www.vultr.com/?ref=7190426) _affiliate link_
 - Spreading the word about our software, and how you have benefited from it
 
 ### Contributing via GitHub
+
 We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests.
 
 If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.
 
 You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
 
-### Presentations about Pi-hole
-Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people.
-
-If you are going to be presenting Pi-hole at a conference, meetup or even a school project, [get in touch with us](https://pi-hole.net/2017/05/17/giving-a-presentation-on-pi-hole-contact-us-first-for-some-goodies-and-support/) so we can hook you up with free swag to hand out to your audience!
-
 -----
 
 ## Getting in touch with us
-While we are primarily reachable on our <a href="https://discourse.pi-hole.net/">Discourse User Forum</a>, we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance.
 
-<ul>
-  <li><a href="https://discourse.pi-hole.net/c/faqs">Frequently Asked Questions</a></li>
-  <li><a href="https://github.com/pi-hole/pi-hole/wiki">Pi-hole Wiki</a></li>
-  <li><a href="https://discourse.pi-hole.net/c/feature-requests?order=votes">Feature Requests</a></li>
-  <li><a href="https://discourse.pi-hole.net/">Discourse User Forum</a></li>
-  <li><a href="https://www.reddit.com/r/pihole/">Reddit</a></li>
-  <li><a href="https://gitter.im/pi-hole/pi-hole">Gitter</a> (Real-time chat)</li>
-  <li><a href="https://twitter.com/The_Pi_Hole">Twitter</a></li>
-  <li><a href="https://www.youtube.com/channel/UCT5kq9w0wSjogzJb81C9U0w">YouTube</a></li>
-  <li><a href="https://www.facebook.com/ThePiHole/">Facebook</a></li>
-</ul>
+While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance.
+
+- [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs)
+- [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes)
+- [Reddit](https://www.reddit.com/r/pihole/)
+- [Twitter](https://twitter.com/The_Pi_hole)
 
 -----
 
 ## Breakdown of Features
-### The Command Line Interface
-The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
 
-<a href="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif"><img src="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif" alt="Pi-hole Blacklist Demo"/></a>
+### The Command Line Interface
+
+The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
+
+![Pi-hole Blacklist Demo](https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif)
 
 Some notable features include:
-* [Whitelisting, Blacklisting and Wildcards](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#whitelisting-blacklisting-and-wildcards)
-* [Debugging utility](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#debugger)
-* [Viewing the live log file](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#tail)
-* [Real-time Statistics via `ssh`](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#chronometer) or [your TFT LCD screen](http://www.amazon.com/exec/obidos/ASIN/B00ID39LM4/pihole09-20)
-* [Updating Ad Lists](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#gravity)
-* [Querying Ad Lists for blocked domains](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#query)
-* [Enabling and Disabling Pi-hole](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown#enable--disable)
-* ... and *many* more!
 
-You can read our [Core Feature Breakdown](https://github.com/pi-hole/pi-hole/wiki/Core-Function-Breakdown), as well as read up on [example usage](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) for more information.
+- [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
+- [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger)
+- [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail)
+- [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
+- [Querying Ad Lists for blocked domains](https://docs.pi-hole.net/core/pihole-command/#query)
+- [Enabling and Disabling Pi-hole](https://docs.pi-hole.net/core/pihole-command/#enable-disable)
+- ... and *many* more!
+
+You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-command/#pi-hole-core) for more information.
 
 ### The Web Interface Dashboard
+
 This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve!
 
-<img src="https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png"  alt="Pi-hole Dashboard"/></a>
+![Pi-hole Dashboard](https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png)
 
 Some notable features include:
-* Mobile friendly interface
-* Password protection
-* Detailed graphs and doughnut charts
-* Top lists of domains and clients
-* A filterable and sortable query log
-* Long Term Statistics to view data over user-defined time ranges
-* The ability to easily manage and configure Pi-hole features
-* ... and all the main features of the Command Line Interface!
+
+- Mobile friendly interface
+- Password protection
+- Detailed graphs and doughnut charts
+- Top lists of domains and clients
+- A filterable and sortable query log
+- Long Term Statistics to view data over user-defined time ranges
+- The ability to easily manage and configure Pi-hole features
+- ... and all the main features of the Command Line Interface!
 
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):
 
-1. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
-2. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
+1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
+2. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
 3. `http://pi.hole/` (when using Pi-hole as your DNS server)
 
 ## Faster-than-light Engine
+
 FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
 
 Some of the statistics you can integrate include:
-* Total number of domains being blocked
-* Total number of DNS queries today
-* Total number of ads blocked today
-* Percentage of ads blocked
-* Unique domains
-* Queries forwarded (to your chosen upstream DNS server)
-* Queries cached
-* Unique clients
 
-The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can out find [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
+- Total number of domains being blocked
+- Total number of DNS queries today
+- Total number of ads blocked today
+- Percentage of ads blocked
+- Unique domains
+- Queries forwarded (to your chosen upstream DNS server)
+- Queries cached
+- Unique clients
 
------
-
-## The Origin Of Pi-hole
-Pi-hole being an **advertising-aware DNS/Web server**, makes use of the following technologies:
-
-* [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server
-* [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax
-* [`lighttpd`](https://www.lighttpd.net) - web server designed and optimized for high performance
-* [`php`](https://secure.php.net) - a popular general-purpose web scripting language
-* [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x
-
-While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
-
------
-
-## Coverage
-- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) (February, 2015)
-- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) (March, 2015)
-- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) (September, 2015)
-- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) (October, 2015)
-- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) (December, 2015)
-- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) (December, 2015)
-- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) (December, 2015)
-- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) (December, 2015)
-- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) (December, 2015)
-- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) (January, 2016)
-- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) (March, 2016)
-- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) (March, 2016)
-- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) (June, 2016)
-- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) (December, 2016)
-- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) (July, 2017)
-- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) (August, 2017)
-- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) (October, 2017)
-- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) (November, 2017)
-- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) (November, 2017)
-- [Hobohouse: Block Advertising on your Network with Pi-hole and Raspberry Pi](https://hobo.house/2018/02/27/block-advertising-with-pi-hole-and-raspberry-pi/) (March, 2018)
-- [Scott Helme: Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) (April, 2018)
-- [Scott Helme: Catching and dealing with naughty devices on my home network](https://scotthelme.co.uk/catching-naughty-devices-on-my-home-network/) (April, 2018)
-- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) (May, 2018)
-- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018)
-- [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018)
-- [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018)
-- [PEBKAK Podcast: Interview With Jacob Salmela](https://www.jerseystudios.net/2018/10/11/150-pi-hole/) (October, 2018)
-
------
-
-## Pi-hole Projects
-- [The Big Blocklist Collection](https://wally3k.github.io)
-- [Pie in the Sky-Hole](https://dlaa.me/blog/post/skyhole)
-- [Copernicus: Windows Tray Application](https://github.com/goldbattle/copernicus)
-- [Magic Mirror with DNS Filtering](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware)
-- [Windows DNS Swapper](https://github.com/roots84/DNS-Swapper)
+The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).

advanced/01-pihole.conf

@@ -37,7 +37,7 @@ interface=@INT@
 cache-size=10000
 
 log-queries
-log-facility=/var/log/pihole.log
+log-facility=/var/log/pihole/pihole.log
 
 local-ttl=2
 

advanced/Scripts/COL_TABLE

@@ -1,7 +1,7 @@
-# Determine if terminal is capable of showing colours
+# Determine if terminal is capable of showing colors
 if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then
   # Bold and underline may not show up on all clients
-  # If something MUST be emphasised, use both
+  # If something MUST be emphasized, use both
   COL_BOLD=''
   COL_ULINE=''
 

advanced/Scripts/chronometer.sh

@@ -13,7 +13,7 @@ LC_NUMERIC=C
 
 # Retrieve stats from FTL engine
 pihole-FTL() {
-    ftl_port=$(cat /var/run/pihole-FTL.port 2> /dev/null)
+    ftl_port=$(cat /run/pihole-FTL.port 2> /dev/null)
     if [[ -n "$ftl_port" ]]; then
         # Open connection to FTL
         exec 3<>"/dev/tcp/127.0.0.1/$ftl_port"
@@ -72,7 +72,7 @@ printFunc() {
 
     # Remove excess characters from main text
     if [[ "$text_main_len" -gt "$text_main_max_len" ]]; then
-        # Trim text without colours
+        # Trim text without colors
         text_main_trim="${text_main_nocol:0:$text_main_max_len}"
         # Replace with trimmed text
         text_main="${text_main/$text_main_nocol/$text_main_trim}"
@@ -88,7 +88,7 @@ printFunc() {
 
     [[ "$spc_num" -le 0 ]] && spc_num="0"
     spc=$(printf "%${spc_num}s")
-    #spc="${spc// /.}" # Debug: Visualise spaces
+    #spc="${spc// /.}" # Debug: Visualize spaces
 
     printf "%s%s$spc" "$title" "$text_main"
 
@@ -131,7 +131,7 @@ get_init_stats() {
         printf "%s%02d:%02d:%02d\\n" "$days" "$hrs" "$mins" "$secs"
     }
 
-    # Set Colour Codes
+    # Set Color Codes
     coltable="/opt/pihole/COL_TABLE"
     if [[ -f "${coltable}" ]]; then
         source ${coltable}
@@ -153,7 +153,7 @@ get_init_stats() {
 
         sys_throttle_raw=$(vgt=$(sudo vcgencmd get_throttled); echo "${vgt##*x}")
 
-        # Active Throttle Notice: http://bit.ly/2gnunOo
+        # Active Throttle Notice: https://bit.ly/2gnunOo
         if [[ "$sys_throttle_raw" != "0" ]]; then
             case "$sys_throttle_raw" in
                 *0001) thr_type="${COL_YELLOW}Under Voltage";;
@@ -236,7 +236,7 @@ get_sys_stats() {
 
         sys_name=$(hostname)
 
-        [[ -n "$TEMPERATUREUNIT" ]] && temp_unit="$TEMPERATUREUNIT" || temp_unit="c"
+        [[ -n "$TEMPERATUREUNIT" ]] && temp_unit="${TEMPERATUREUNIT^^}" || temp_unit="C"
 
         # Get storage stats for partition mounted on /
         read -r -a disk_raw <<< "$(df -B1 / 2> /dev/null | awk 'END{ print $3,$2,$5 }')"
@@ -269,7 +269,7 @@ get_sys_stats() {
     scr_lines="${scr_size[0]}"
     scr_cols="${scr_size[1]}"
 
-    # Determine Chronometer size behaviour
+    # Determine Chronometer size behavior
     if [[ "$scr_cols" -ge 58 ]]; then
         chrono_width="large"
     elif [[ "$scr_cols" -gt 40 ]]; then
@@ -308,7 +308,7 @@ get_sys_stats() {
         [[ "${cpu_freq}" == *".0"* ]] && cpu_freq="${cpu_freq/.0/}"
     fi
 
-    # Determine colour for temperature
+    # Determine color for temperature
     if [[ -n "$temp_file" ]]; then
         if [[ "$temp_unit" == "C" ]]; then
             cpu_temp=$(printf "%.0fc\\n" "$(calcFunc "$(< $temp_file) / 1000")")

advanced/Scripts/pihole-reenable.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2020 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+#
+#
+# The pihole disable command has the option to set a specified time before
+# blocking is automatically re-enabled.
+#
+# Present script is responsible for the sleep & re-enable part of the job and
+# is automatically terminated if it is still running when pihole is enabled by
+# other means.
+#
+# This ensures that pihole ends up in the correct state after a sequence of
+# commands suchs as: `pihole disable 30s; pihole enable; pihole disable`
+
+readonly PI_HOLE_BIN_DIR="/usr/local/bin"
+
+sleep "${1}"
+"${PI_HOLE_BIN_DIR}"/pihole enable

advanced/Scripts/piholeCheckout.sh

@@ -3,7 +3,7 @@
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
-# Switch Pi-hole subsystems to a different Github branch.
+# Switch Pi-hole subsystems to a different GitHub branch.
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
@@ -36,7 +36,7 @@ warning1() {
             return 0
             ;;
         *)
-            echo -e "\\n  ${INFO} Branch change has been cancelled"
+            echo -e "\\n  ${INFO} Branch change has been canceled"
             return 1
             ;;
     esac
@@ -84,7 +84,7 @@ checkout() {
         echo -e "  ${INFO} Shortcut \"dev\" detected - checking out development / devel branches..."
         echo ""
         echo -e "  ${INFO} Pi-hole Core"
-        fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "development" || { echo "  ${CROSS} Unable to pull Core developement branch"; exit 1; }
+        fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "development" || { echo "  ${CROSS} Unable to pull Core development branch"; exit 1; }
         if [[ "${INSTALL_WEB_INTERFACE}" == "true" ]]; then
             echo ""
             echo -e "  ${INFO} Web interface"

advanced/Scripts/piholeDebug.sh

@@ -46,8 +46,8 @@ OBFUSCATED_PLACEHOLDER="<DOMAIN OBFUSCATED>"
 # FAQ URLs for use in showing the debug log
 FAQ_UPDATE_PI_HOLE="${COL_CYAN}https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249${COL_NC}"
 FAQ_CHECKOUT_COMMAND="${COL_CYAN}https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#checkout${COL_NC}"
-FAQ_HARDWARE_REQUIREMENTS="${COL_CYAN}https://discourse.pi-hole.net/t/hardware-software-requirements/273${COL_NC}"
-FAQ_HARDWARE_REQUIREMENTS_PORTS="${COL_CYAN}https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports${COL_NC}"
+FAQ_HARDWARE_REQUIREMENTS="${COL_CYAN}https://docs.pi-hole.net/main/prerequisites/${COL_NC}"
+FAQ_HARDWARE_REQUIREMENTS_PORTS="${COL_CYAN}https://docs.pi-hole.net/main/prerequisites/#ports${COL_NC}"
 FAQ_GATEWAY="${COL_CYAN}https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546${COL_NC}"
 FAQ_ULA="${COL_CYAN}https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127${COL_NC}"
 FAQ_FTL_COMPATIBILITY="${COL_CYAN}https://github.com/pi-hole/FTL#compatibility-list${COL_NC}"
@@ -70,7 +70,7 @@ PIHOLE_DIRECTORY="/etc/pihole"
 PIHOLE_SCRIPTS_DIRECTORY="/opt/pihole"
 BIN_DIRECTORY="/usr/local/bin"
 RUN_DIRECTORY="/run"
-LOG_DIRECTORY="/var/log"
+LOG_DIRECTORY="/var/log/pihole"
 WEB_SERVER_LOG_DIRECTORY="${LOG_DIRECTORY}/lighttpd"
 WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
@@ -87,7 +87,7 @@ PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf"
 PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf"
 
 WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf"
-#WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf"
+WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf"
 
 PIHOLE_INSTALL_LOG_FILE="${PIHOLE_DIRECTORY}/install.log"
 PIHOLE_RAW_BLOCKLIST_FILES="${PIHOLE_DIRECTORY}/list.*"
@@ -138,7 +138,7 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log"
 PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
 PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
 
-# An array of operating system "pretty names" that we officialy support
+# An array of operating system "pretty names" that we officially support
 # We can loop through the array at any time to see if it matches a value
 #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
 
@@ -166,11 +166,13 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${PIHOLE_DHCP_CONFIG_FILE}"
 "${PIHOLE_WILDCARD_CONFIG_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
+"${WEB_SERVER_CUSTOM_CONFIG_FILE}"
 "${PIHOLE_INSTALL_LOG_FILE}"
 "${PIHOLE_RAW_BLOCKLIST_FILES}"
 "${PIHOLE_LOCAL_HOSTS_FILE}"
 "${PIHOLE_LOGROTATE_FILE}"
 "${PIHOLE_SETUP_VARS_FILE}"
+"${PIHOLE_FTL_CONF_FILE}"
 "${PIHOLE_COMMAND}"
 "${PIHOLE_COLTABLE_FILE}"
 "${FTL_PID}"
@@ -296,11 +298,15 @@ compare_local_version_to_git_version() {
                 log_write "${INFO} ${pihole_component}: ${COL_YELLOW}${remote_version:-Untagged}${COL_NC} (${FAQ_UPDATE_PI_HOLE})"
             fi
 
+            # Print the repo upstreams
+            remotes=$(git remote -v)
+            log_write "${INFO} Remotes: ${remotes//$'\n'/'\n             '}"
+
             # If the repo is on the master branch, they are on the stable codebase
             if [[ "${remote_branch}" == "master" ]]; then
                 # so the color of the text is green
                 log_write "${INFO} Branch: ${COL_GREEN}${remote_branch}${COL_NC}"
-            # If it is any other branch, they are in a developement branch
+            # If it is any other branch, they are in a development branch
             else
                 # So show that in yellow, signifying it's something to take a look at, but not a critical error
                 log_write "${INFO} Branch: ${COL_YELLOW}${remote_branch:-Detached}${COL_NC} (${FAQ_CHECKOUT_COMMAND})"
@@ -309,7 +315,7 @@ compare_local_version_to_git_version() {
             log_write "${INFO} Commit: ${remote_commit}"
             # if `local_status` is non-null, then the repo is not clean, display details here
             if [[ ${local_status} ]]; then
-              #Replace new lines in the status with 12 spaces to make the output cleaner
+              # Replace new lines in the status with 12 spaces to make the output cleaner
               log_write "${INFO} Status: ${local_status//$'\n'/'\n            '}"
               local local_diff
               local_diff=$(git diff)
@@ -357,7 +363,7 @@ check_component_versions() {
 
 get_program_version() {
     local program_name="${1}"
-    # Create a loval variable so this function can be safely reused
+    # Create a local variable so this function can be safely reused
     local program_version
     echo_current_diagnostic "${program_name} version"
     # Evalutate the program we are checking, if it is any of the ones below, show the version
@@ -387,53 +393,58 @@ check_critical_program_versions() {
     get_program_version "php"
 }
 
-is_os_supported() {
-    local os_to_check="${1}"
-    # Strip just the base name of the system using sed
-    # shellcheck disable=SC2001
-    the_os=$(echo "${os_to_check}" | sed 's/ .*//')
-    # If the variable is one of our supported OSes,
-    case "${the_os}" in
-        # Print it in green
-        "Raspbian") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";;
-        "Ubuntu") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";;
-        "Fedora") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";;
-        "Debian") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";;
-        "CentOS") log_write "${TICK} ${COL_GREEN}${os_to_check}${COL_NC}";;
-        # If not, show it in red and link to our software requirements page
-        *) log_write "${CROSS} ${COL_RED}${os_to_check}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})";
-    esac
-}
+os_check() {
+    # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
+    # and determines whether or not the script is running on one of those systems
+    local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response
+    remote_os_domain="versions.pi-hole.net"
 
-get_distro_attributes() {
-    # Put the current Internal Field Separator into another variable so it can be restored later
-    OLD_IFS="$IFS"
-    # Store the distro info in an array and make it global since the OS won't change,
-    # but we'll keep it within the function for better unit testing
-    local distro_info
-    #shellcheck disable=SC2016
-    IFS=$'\r\n' command eval 'distro_info=( $(cat /etc/*release) )'
+    detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
+    detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
 
-    # Set a named variable for better readability
-    local distro_attribute
-    # For each line found in an /etc/*release file,
-    for distro_attribute in "${distro_info[@]}"; do
-        # store the key in a variable
-        local pretty_name_key
-        pretty_name_key=$(echo "${distro_attribute}" | grep "PRETTY_NAME" | cut -d '=' -f1)
-        # we need just the OS PRETTY_NAME,
-        if [[ "${pretty_name_key}" == "PRETTY_NAME" ]]; then
-            # so save in in a variable when we find it
-            PRETTY_NAME_VALUE=$(echo "${distro_attribute}" | grep "PRETTY_NAME" | cut -d '=' -f2- | tr -d '"')
-            # then pass it as an argument that checks if the OS is supported
-            is_os_supported "${PRETTY_NAME_VALUE}"
-        else
-            # Since we only need the pretty name, we can just skip over anything that is not a match
-            :
+    cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)"
+    #Get the return code of the previous command (last line)
+    digReturnCode="${cmdResult##*$'\n'}"
+
+    # Extract dig response
+    response="${cmdResult%%$'\n'*}"
+
+    IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"')
+    for distro_and_versions in "${supportedOS[@]}"
+    do
+        distro_part="${distro_and_versions%%=*}"
+        versions_part="${distro_and_versions##*=}"
+
+        if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then
+            valid_os=true
+            IFS="," read -r -a supportedVer <<<"${versions_part}"
+            for version in "${supportedVer[@]}"
+            do
+                if [[ "${detected_version}" =~ $version ]]; then
+                    valid_version=true
+                    break
+                fi
+            done
+            break
         fi
     done
-    # Set the IFS back to what it was
-    IFS="$OLD_IFS"
+
+    log_write "${INFO} dig return code:  ${digReturnCode}"
+    log_write "${INFO} dig response:  ${response}"
+
+    if [ "$valid_os" = true ]; then
+        log_write "${TICK} Distro:  ${COL_GREEN}${detected_os^}${COL_NC}"
+
+        if [ "$valid_version" = true ]; then
+            log_write "${TICK} Version: ${COL_GREEN}${detected_version}${COL_NC}"
+        else
+            log_write "${CROSS} Version: ${COL_RED}${detected_version}${COL_NC}"
+            log_write "${CROSS} Error: ${COL_RED}${detected_os^} is supported but version ${detected_version} is currently unsupported (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}"
+        fi
+    else
+        log_write "${CROSS} Distro:  ${COL_RED}${detected_os^}${COL_NC}"
+        log_write "${CROSS} Error: ${COL_RED}${detected_os^} is not a supported distro (${FAQ_HARDWARE_REQUIREMENTS})${COL_NC}"
+    fi
 }
 
 diagnose_operating_system() {
@@ -445,7 +456,7 @@ diagnose_operating_system() {
     # If there is a /etc/*release file, it's probably a supported operating system, so we can
     if ls /etc/*release 1> /dev/null 2>&1; then
         # display the attributes to the user from the function made earlier
-        get_distro_attributes
+        os_check
     else
         # If it doesn't exist, it's not a system we currently support and link to FAQ
         log_write "${CROSS} ${COL_RED}${error_msg}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS})"
@@ -747,7 +758,7 @@ check_x_headers() {
     # Do it for the dashboard as well, as the header is different than above
     local dashboard
     dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r')
-    # Store what the X-Header shoud be in variables for comparision later
+    # Store what the X-Header shoud be in variables for comparison later
     local block_page_working
     block_page_working="X-Pi-hole: A black hole for Internet advertisements."
     local dashboard_working
@@ -818,7 +829,7 @@ dig_at() {
 
     # First, do a dig on localhost to see if Pi-hole can use itself to block a domain
     if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then
-        # If it can, show sucess
+        # If it can, show success
         log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})"
     else
         # Otherwise, show a failure
@@ -969,7 +980,7 @@ check_name_resolution() {
 # This function can check a directory exists
 # Pi-hole has files in several places, so we will reuse this function
 dir_check() {
-    # Set the first argument passed to tihs function as a named variable for better readability
+    # Set the first argument passed to this function as a named variable for better readability
     local directory="${1}"
     # Display the current test that is running
     echo_current_diagnostic "contents of ${COL_CYAN}${directory}${COL_NC}"
@@ -987,14 +998,14 @@ dir_check() {
 }
 
 list_files_in_dir() {
-    # Set the first argument passed to tihs function as a named variable for better readability
+    # Set the first argument passed to this function as a named variable for better readability
     local dir_to_parse="${1}"
     # Store the files found in an array
     mapfile -t files_found < <(ls "${dir_to_parse}")
     # For each file in the array,
     for each_file in "${files_found[@]}"; do
         if [[ -d "${dir_to_parse}/${each_file}" ]]; then
-            # If it's a directoy, do nothing
+            # If it's a directory, do nothing
             :
         elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
             [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
@@ -1187,7 +1198,7 @@ analyze_pihole_log() {
                 # So first check if there are domains in the log that should be obfuscated
                 if [[ -n ${line_to_obfuscate} ]]; then
                     # If there are, we need to use awk to replace only the domain name (the 6th field in the log)
-                    # so we substitue the domain for the placeholder value
+                    # so we substitute the domain for the placeholder value
                     obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}')
                     log_write "   ${obfuscated_line}"
                 else
@@ -1209,6 +1220,11 @@ tricorder_use_nc_or_curl() {
         log_write "    * Using ${COL_GREEN}curl${COL_NC} for transmission."
         # transmit he log via TLS and store the token returned in a variable
         tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER})
+        if [ -z "${tricorder_token}" ]; then
+         # curl failed, fallback to nc
+         log_write "    * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission."
+         tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
+        fi
     # Otherwise,
     else
         # use net cat
@@ -1235,7 +1251,7 @@ upload_to_tricorder() {
     log_write "    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only."
     log_write "    * For more information, see: ${TRICORDER_CONTEST}"
     log_write "    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat."
-    # If pihole -d is running automatically (usually throught the dashboard)
+    # If pihole -d is running automatically (usually through the dashboard)
     if [[ "${AUTOMATED}" ]]; then
         # let the user know
         log_write "${INFO} Debug script running in automated mode"
@@ -1251,7 +1267,7 @@ upload_to_tricorder() {
             # If they say yes, run our function for uploading the log
             [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;;
             # If they choose no, just exit out of the script
-            *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.";exit;
+            *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n    * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit;
         esac
     fi
     # Check if tricorder.pi-hole.net is reachable and provide token

advanced/Scripts/piholeLogFlush.sh

@@ -26,7 +26,7 @@ if [ -z "$DBFILE" ]; then
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole.log ..."
+    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
 fi
 if [[ "$@" == *"once"* ]]; then
     # Nightly logrotation
@@ -39,9 +39,9 @@ if [[ "$@" == *"once"* ]]; then
         # Note that moving the file is not an option, as
         # dnsmasq would happily continue writing into the
         # moved file (it will have the same file handler)
-        cp -p /var/log/pihole.log /var/log/pihole.log.1
-        echo " " > /var/log/pihole.log
-        chmod 644 /var/log/pihole.log
+        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        chmod 644 /var/log/pihole/pihole.log
     fi
 else
     # Manual flushing
@@ -51,10 +51,10 @@ else
         /usr/sbin/logrotate --force /etc/pihole/logrotate
     else
         # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole.log
-        if [ -f /var/log/pihole.log.1 ]; then
-            echo " " > /var/log/pihole.log.1
-            chmod 644 /var/log/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        if [ -f /var/log/pihole/pihole.log.1 ]; then
+            echo " " > /var/log/pihole/pihole.log.1
+            chmod 644 /var/log/pihole/pihole.log.1
         fi
     fi
     # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
@@ -65,6 +65,6 @@ else
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole.log"
+    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
     echo -e "  ${TICK} Deleted ${deleted} queries from database"
 fi

advanced/Scripts/query.sh

@@ -29,7 +29,7 @@ scanList(){
     # Prevent grep from printing file path
     cd "$piholeDir" || exit 1
 
-    # Prevent grep -i matching slowly: http://bit.ly/2xFXtUX
+    # Prevent grep -i matching slowly: https://bit.ly/2xFXtUX
     export LC_CTYPE=C
 
     # /dev/null forces filename to be printed when only one list has been generated

advanced/Scripts/setupLCD.sh

@@ -20,7 +20,7 @@ getInitSys() {
     elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then
         SYSTEMD=0
     else
-        echo "Unrecognised init system"
+        echo "Unrecognized init system"
         return 1
     fi
 }
@@ -70,5 +70,5 @@ setupcon
 reboot
 
 # Start showing the stats on the screen by running the command on another tty:
-# http://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty
+# https://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty
 #setsid sh -c 'exec /usr/local/bin/chronometer.sh <> /dev/tty1 >&0 2>&1'

advanced/Scripts/version.sh

@@ -88,7 +88,7 @@ getRemoteVersion(){
     local arrCache
     cachedVersions="/etc/pihole/GitHubVersions"
 
-    #If the above file exists, then we can read from that. Prevents overuse of Github API
+    #If the above file exists, then we can read from that. Prevents overuse of GitHub API
     if [[ -f "$cachedVersions" ]]; then
         IFS=' ' read -r -a arrCache < "$cachedVersions"
         case $daemon in
@@ -203,7 +203,7 @@ Repositories:
 Options:
   -c, --current        Return the current version
   -l, --latest         Return the latest version
-  --hash               Return the Github hash from your local repositories
+  --hash               Return the GitHub hash from your local repositories
   -h, --help           Show this help dialog"
   exit 0
 }

advanced/Scripts/webpage.sh

@@ -10,17 +10,22 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-readonly setupVars="/etc/pihole/setupVars.conf"
 readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
 readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
 readonly FTLconf="/etc/pihole/pihole-FTL.conf"
 # 03 -> wildcards
 readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
-readonly PI_HOLE_BIN_DIR="/usr/local/bin"
 readonly dnscustomfile="/etc/pihole/custom.list"
+readonly dnscustomcnamefile="/etc/dnsmasq.d/05-pihole-custom-cname.conf"
 
 readonly gravityDBfile="/etc/pihole/gravity.db"
 
+# Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
+readonly PI_HOLE_FILES_DIR="/etc/.pihole"
+# shellcheck disable=SC2034  # used in basic-install
+PH_TEST="true"
+source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
+
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
     source ${coltable}
@@ -209,8 +214,34 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
     fi
 
     if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
-        add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_DOMAIN}/${CONDITIONAL_FORWARDING_IP}"
-        add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_REVERSE}/${CONDITIONAL_FORWARDING_IP}"
+        # Convert legacy "conditional forwarding" to rev-server configuration
+        REV_SERVER=true
+        add_setting "REV_SERVER" "true"
+
+        REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}"
+        add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
+
+        REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
+        add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
+
+        # Remove obsolete settings from setupVars.conf
+        delete_setting "CONDITIONAL_FORWARDING"
+        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
+        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
+        delete_setting "CONDITIONAL_FORWARDING_IP"
+
+        # Convert existing input to /24 subnet (preserves legacy behavior)
+        # This sed converts "192.168.1.2" to "192.168.1.0/24"
+        # shellcheck disable=2001
+        REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
+        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
+    fi
+
+    if [[ "${REV_SERVER}" == true ]]; then
+        add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
+        if [ -n "${REV_SERVER_DOMAIN}" ]; then
+            add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
+        fi
     fi
 
     # Prevent Firefox from automatically switching over to DNS-over-HTTPS
@@ -225,7 +256,16 @@ SetDNSServers() {
     IFS=',' read -r -a array <<< "${args[2]}"
     for index in "${!array[@]}"
     do
-        add_setting "PIHOLE_DNS_$((index+1))" "${array[index]}"
+        # Replace possible "\#" by "#". This fixes AdminLTE#1427
+        local ip
+        ip="${array[index]//\\#/#}"
+
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            add_setting "PIHOLE_DNS_$((index+1))" "${ip}"
+        else
+            echo -e "  ${CROSS} Invalid IP has been passed"
+            exit 1
+        fi
     done
 
     if [[ "${args[3]}" == "domain-needed" ]]; then
@@ -246,16 +286,13 @@ SetDNSServers() {
         change_setting "DNSSEC" "false"
     fi
 
-    if [[ "${args[6]}" == "conditional_forwarding" ]]; then
-        change_setting "CONDITIONAL_FORWARDING" "true"
-        change_setting "CONDITIONAL_FORWARDING_IP" "${args[7]}"
-        change_setting "CONDITIONAL_FORWARDING_DOMAIN" "${args[8]}"
-        change_setting "CONDITIONAL_FORWARDING_REVERSE" "${args[9]}"
+    if [[ "${args[6]}" == "rev-server" ]]; then
+        change_setting "REV_SERVER" "true"
+        change_setting "REV_SERVER_CIDR" "${args[7]}"
+        change_setting "REV_SERVER_TARGET" "${args[8]}"
+        change_setting "REV_SERVER_DOMAIN" "${args[9]}"
     else
-        change_setting "CONDITIONAL_FORWARDING" "false"
-        delete_setting "CONDITIONAL_FORWARDING_IP"
-        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
-        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
+        change_setting "REV_SERVER" "false"
     fi
 
     ProcessDNSSettings
@@ -400,6 +437,10 @@ SetWebUILayout() {
     change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
 }
 
+SetWebUITheme() {
+    change_setting "WEBTHEME" "${args[2]}"
+}
+
 CheckUrl(){
     local regex
     # Check for characters NOT allowed in URLs
@@ -595,6 +636,7 @@ SetPrivacyLevel() {
     # Set privacy level. Minimum is 0, maximum is 4
     if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then
         changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
+        pihole restartdns reload-lists
     fi
 }
 
@@ -620,6 +662,28 @@ RemoveCustomDNSAddress() {
     RestartDNS
 }
 
+AddCustomCNAMERecord() {
+    echo -e "  ${TICK} Adding custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    echo "cname=${domain},${target}" >> "${dnscustomcnamefile}"
+
+    # Restart dnsmasq to load new custom CNAME records
+    RestartDNS
+}
+
+RemoveCustomCNAMERecord() {
+    echo -e "  ${TICK} Removing custom CNAME record..."
+
+    domain="${args[2]}"
+    target="${args[3]}"
+    sed -i "/cname=${domain},${target}/d" "${dnscustomcnamefile}"
+
+    # Restart dnsmasq to update removed custom CNAME records
+    RestartDNS
+}
+
 main() {
     args=("$@")
 
@@ -638,6 +702,7 @@ main() {
         "enabledhcp"          ) EnableDHCP;;
         "disabledhcp"         ) DisableDHCP;;
         "layout"              ) SetWebUILayout;;
+        "theme"               ) SetWebUITheme;;
         "-h" | "--help"       ) helpFunc;;
         "privacymode"         ) SetPrivacyMode;;
         "resolve"             ) ResolutionSettings;;
@@ -652,6 +717,8 @@ main() {
         "-l" | "privacylevel" ) SetPrivacyLevel;;
         "addcustomdns"        ) AddCustomDNSAddress;;
         "removecustomdns"     ) RemoveCustomDNSAddress;;
+        "addcustomcname"      ) AddCustomCNAMERecord;;
+        "removecustomcname"   ) RemoveCustomCNAMERecord;;
         *                     ) helpFunc;;
     esac
 

advanced/Templates/gravity.db.sql

@@ -16,11 +16,12 @@ CREATE TABLE domainlist
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	type INTEGER NOT NULL DEFAULT 0,
-	domain TEXT UNIQUE NOT NULL,
+	domain TEXT NOT NULL,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT
+	comment TEXT,
+	UNIQUE(domain, type)
 );
 
 CREATE TABLE adlist

advanced/Templates/logrotate

@@ -1,4 +1,4 @@
-/var/log/pihole.log {
+/var/log/pihole/pihole.log {
 	# su #
 	daily
 	copytruncate
@@ -9,7 +9,7 @@
 	nomail
 }
 
-/var/log/pihole-FTL.log {
+/var/log/pihole/pihole-FTL.log {
 	# su #
 	weekly
 	copytruncate

advanced/Templates/pihole-FTL.service

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 ### BEGIN INIT INFO
 # Provides:          pihole-FTL
-# Required-Start:    $remote_fs $syslog
-# Required-Stop:     $remote_fs $syslog
+# Required-Start:    $remote_fs $syslog $network
+# Required-Stop:     $remote_fs $syslog $network
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: pihole-FTL daemon
@@ -10,21 +10,10 @@
 ### END INIT INFO
 
 FTLUSER=pihole
-PIDFILE=/var/run/pihole-FTL.pid
-
-get_pid() {
-    # First, try to obtain PID from PIDFILE
-    if [ -s "${PIDFILE}" ]; then
-        cat "${PIDFILE}"
-        return
-    fi
-
-    # If the PIDFILE is empty or not available, obtain the PID using pidof
-    pidof "pihole-FTL" | awk '{print $(NF)}'
-}
+PIDFILE=/run/pihole-FTL.pid
 
 is_running() {
-    ps "$(get_pid)" > /dev/null 2>&1
+    pgrep -o "pihole-FTL" > /dev/null 2>&1
 }
 
 
@@ -34,23 +23,23 @@ start() {
     echo "pihole-FTL is already running"
   else
     # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    touch /var/log/pihole-FTL.log /var/log/pihole.log
+    touch /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log
     touch /run/pihole-FTL.pid /run/pihole-FTL.port
     touch /etc/pihole/dhcp.leases
-    mkdir -p /var/run/pihole
+    mkdir -p /run/pihole
     mkdir -p /var/log/pihole
-    chown pihole:pihole /var/run/pihole /var/log/pihole
+    chown pihole:pihole /run/pihole /var/log/pihole
     # Remove possible leftovers from previous pihole-FTL processes
     rm -f /dev/shm/FTL-* 2> /dev/null
-    rm /var/run/pihole/FTL.sock 2> /dev/null
+    rm /run/pihole/FTL.sock 2> /dev/null
     # Ensure that permissions are set so that pihole-FTL can edit all necessary files
     chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
     chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    chown pihole:pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log
+    chmod 0644 /var/log/pihole/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole/pihole.log
     # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
     chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null
-    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then
+    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then
       su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
     else
       echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
@@ -63,7 +52,7 @@ start() {
 # Stop the service
 stop() {
   if is_running; then
-    kill "$(get_pid)"
+    pkill -o pihole-FTL
     for i in {1..5}; do
       if ! is_running; then
         break
@@ -76,7 +65,7 @@ stop() {
 
     if is_running; then
       echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      kill -9 "$(get_pid)"
+      pkill -o -9 pihole-FTL
       exit 1
     else
       echo "Stopped"

advanced/Templates/pihole.cron

@@ -10,7 +10,7 @@
 #
 #
 # This file is under source-control of the Pi-hole installation and update
-# scripts, any changes made to this file will be overwritten when the softare
+# scripts, any changes made to this file will be overwritten when the software
 # is updated or re-installed. Please make any changes to the appropriate crontab
 # or other cron file snippets.
 
@@ -18,19 +18,19 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log
 
 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
 #          parameter "once": logrotate only once (default is twice)
 #          parameter "quiet": don't print messages
-00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet
+00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
 
 @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
 
 # Pi-hole: Grab local version and branch every 10 minutes
-*/10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
+*/10 *  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
 
 # Pi-hole: Grab remote version every 24 hours
-59 17  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
-@reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot
+59 17  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote
+@reboot root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote reboot

advanced/blockingpage.css

@@ -6,45 +6,46 @@
 *  Please see LICENSE file for your rights under this license. */
 
 /* Text Customisation Options ======> */
-.title:before { content: "Website Blocked"; }
-.altBtn:before { content: "Why am I here?"; }
-.linkPH:before { content: "About Pi-hole"; }
-.linkEmail:before { content: "Contact Admin"; }
+.title::before { content: "Website Blocked"; }
+.altBtn::before { content: "Why am I here?"; }
+.linkPH::before { content: "About Pi-hole"; }
+.linkEmail::before { content: "Contact Admin"; }
 
-#bpOutput.add:before { content: "Info"; }
-#bpOutput.add:after { content: "The domain is being whitelisted..."; }
-#bpOutput.error:before, .unhandled:before { content: "Error"; }
-#bpOutput.unhandled:after { content: "An unhandled exception occured. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; }
-#bpOutput.success:before { content: "Success"; }
-#bpOutput.success:after { content: "Website has been whitelisted! You may need to flush your DNS cache"; }
+#bpOutput.add::before { content: "Info"; }
+#bpOutput.add::after { content: "The domain is being whitelisted..."; }
+#bpOutput.error::before, .unhandled::before { content: "Error"; }
+#bpOutput.unhandled::after { content: "An unhandled exception occurred. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; }
+#bpOutput.success::before { content: "Success"; }
+#bpOutput.success::after { content: "Website has been whitelisted! You may need to flush your DNS cache"; }
 
-.recentwl:before { content: "This site has been whitelisted. Please flush your DNS cache and/or restart your browser."; }
-.unknown:before { content: "This website is not found in any of Pi-hole's blacklists. The reason you have arrived here is unknown."; }
-.cname:before { content: "This site is an alias for "; } /* <a href="http://cname.com">cname.com</a> */
-.cname:after { content: ", which may be blocked by Pi-hole."; }
+.recentwl::before { content: "This site has been whitelisted. Please flush your DNS cache and/or restart your browser."; }
+.unknown::before { content: "This website is not found in any of Pi-hole's blacklists. The reason you have arrived here is unknown."; }
+.cname::before { content: "This site is an alias for "; } /* <a href="http://cname.com">cname.com</a> */
+.cname::after { content: ", which may be blocked by Pi-hole."; }
 
-.blacklist:before { content: "Manually Blacklisted"; }
-.wildcard:before { content: "Manually Blacklisted by Wildcard"; }
-.noblock:before { content: "Not found on any Blacklist"; }
+.blacklist::before { content: "Manually Blacklisted"; }
+.wildcard::before { content: "Manually Blacklisted by Wildcard"; }
+.noblock::before { content: "Not found on any Blacklist"; }
 
-#bpBlock:before { content: "Access to the following website has been denied:"; }
-#bpFlag:before { content: "This is primarily due to being flagged as:"; }
+#bpBlock::before { content: "Access to the following website has been denied:"; }
+#bpFlag::before { content: "This is primarily due to being flagged as:"; }
 
-#bpHelpTxt:before { content: "If you have an ongoing use for this website, please "; }
-#bpHelpTxt a:before, #bpHelpTxt span:before { content: "ask the administrator"; }
-#bpHelpTxt:after{ content: " of the Pi-hole on this network to have it whitelisted"; }
+#bpHelpTxt::before { content: "If you have an ongoing use for this website, please "; }
+#bpHelpTxt a::before, #bpHelpTxt span::before { content: "ask the administrator"; }
+#bpHelpTxt::after{ content: " of the Pi-hole on this network to have it whitelisted"; }
 
-#bpBack:before { content: "Back to safety"; }
-#bpInfo:before { content: "Technical Info"; }
-#bpFoundIn:before { content: "This site is found in "; }
-#bpFoundIn span:after { content: " of "; }
-#bpFoundIn:after { content: " lists:"; }
-#bpWhitelist:before { content: "Whitelist"; }
+#bpBack::before { content: "Back to safety"; }
+#bpInfo::before { content: "Technical Info"; }
+#bpFoundIn::before { content: "This site is found in "; }
+#bpFoundIn span::after { content: " of "; }
+#bpFoundIn::after { content: " lists:"; }
+#bpWhitelist::before { content: "Whitelist"; }
 
-footer span:before { content: "Page generated on "; }
+footer span::before { content: "Page generated on "; }
 
 /* Hide whitelisting form entirely */
 /* #bpWLButtons { display: none; } */
+
 /* Text Customisation Options <=============================== */
 
 /* http://necolas.github.io/normalize.css ======> */
@@ -98,7 +99,7 @@ html { font-size: 62.5%; }
 
 a { color: #3c8dbc; text-decoration: none; }
 a:hover { color: #72afda; text-decoration: underline; }
-b { color: rgb(68,68,68); }
+b { color: rgb(68, 68, 68); }
 p { margin: 0; }
 
 label, .buttons a {
@@ -111,7 +112,7 @@ label, .buttons a {
 label, .buttons *:not([disabled]) { cursor: pointer; }
 
 /* Touch device dark tap highlight */
-header h1 a, label, .buttons * { -webkit-tap-highlight-color: transparent; } 
+header h1 a, label, .buttons * { -webkit-tap-highlight-color: transparent; }
 
 /* Webkit Focus Glow */
 textarea, input, button { outline: none; }
@@ -120,14 +121,20 @@ textarea, input, button { outline: none; }
   font-family: "Source Sans Pro";
   font-style: normal;
   font-weight: 400;
-  src: local("Source Sans Pro"), local("SourceSansPro-Regular"), url("/admin/style/vendor/SourceSansPro/SourceSansPro-Regular.ttf") format("truetype");
+  font-display: swap;
+  src: local("Source Sans Pro Regular"), local("SourceSansPro-Regular"),
+       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2") format("woff2"),
+       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff") format("woff");
 }
 
 @font-face {
   font-family: "Source Sans Pro";
   font-style: normal;
   font-weight: 700;
-  src: local("Source Sans Pro Bold"), local("SourceSansPro-Bold"), url("/admin/style/vendor/SourceSansPro/SourceSansPro-Bold.ttf") format("truetype");
+  font-display: swap;
+  src: local("Source Sans Pro Bold"), local("SourceSansPro-Bold"),
+       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2") format("woff2"),
+       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff") format("woff");
 }
 
 body {
@@ -138,14 +145,14 @@ body {
 }
 
 /* User is greeted with a splash page when browsing to Pi-hole IP address */
-#splashpage { background: #222; color: rgba(255,255,255,0.7); text-align: center; }
+#splashpage { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
 #splashpage img { margin: 5px; width: 256px; }
 #splashpage b { color: inherit; }
 
 #bpWrapper {
   margin: 0 auto;
   max-width: 1250px;
-  box-shadow: 0 0 8px rgba(0,0,0,0.5);
+  box-shadow: 0 0 8px rgba(0, 0, 0, 0.5);
 }
 
 header {
@@ -164,15 +171,15 @@ header h1, header h1 a, header .spc, header #bpAlt label {
 }
 
 h1 a {
-  background-color: rgba(0,0,0,0.1);
-  font-family: "Helvetica Neue", Helvetica, Arial ,sans-serif;
+  background-color: rgba(0, 0, 0, 0.1);
+  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
   font-size: 2rem;
-  font-weight: normal;
+  font-weight: 400;
   min-width: 230px;
-  text-align: center;  
+  text-align: center;
 }
 
-h1 a:hover, header #bpAlt:hover { background-color: rgba(0,0,0,0.12); color: inherit; text-decoration: none; }
+h1 a:hover, header #bpAlt:hover { background-color: rgba(0, 0, 0, 0.12); color: inherit; text-decoration: none; }
 
 header .spc { width: 100%; }
 
@@ -180,13 +187,14 @@ header #bpAlt label {
   background: url("/admin/img/logo.svg") no-repeat center left 15px;
   background-size: 15px 23px;
   padding: 0 15px;
-  text-indent: 30px; 
+  text-indent: 30px;
 }
 
-[type=checkbox][id$="Toggle"] { display: none; }
-[type=checkbox][id$="Toggle"]:checked ~ #bpAbout,
-[type=checkbox][id$="Toggle"]:checked ~ #bpMoreInfo {
-  display: block; }
+[type="checkbox"][id$="Toggle"] { display: none; }
+[type="checkbox"][id$="Toggle"]:checked ~ #bpAbout,
+[type="checkbox"][id$="Toggle"]:checked ~ #bpMoreInfo {
+  display: block;
+}
 
 /* Click anywhere else on screen to hide #bpAbout */
 #bpAboutToggle:checked {
@@ -197,28 +205,28 @@ header #bpAlt label {
   top: 0;
   opacity: 0;
   position: absolute;
-  width: 100%;  
+  width: 100%;
 }
 
 #bpAbout {
   background: #3c8dbc;
   border-bottom-left-radius: 5px;
-  border: 1px solid #FFF;
+  border: 1px solid #fff;
   border-right-width: 0;
-  box-shadow: -1px 1px 1px rgba(0,0,0,0.12);
+  box-shadow: -1px 1px 1px rgba(0, 0, 0, 0.12);
   box-sizing: border-box;
   display: none;
   font-size: 1.7rem;
   top: 50px;
   position: absolute;
   right: 0;
-  width: 280px;  
+  width: 280px;
   z-index: 1;
 }
 
 .aboutPH {
   box-sizing: border-box;
-  color: rgba(255,255,255,0.8);
+  color: rgba(255, 255, 255, 0.8);
   display: block;
   padding: 10px;
   width: 100%;
@@ -237,7 +245,7 @@ header #bpAlt label {
 .aboutPH p { margin: 10px 0; }
 .aboutPH small { display: block; font-size: 1.2rem; }
 
-.aboutLink { 
+.aboutLink {
   background: #fff;
   border-top: 1px solid #ddd;
   display: table;
@@ -261,16 +269,16 @@ main {
 #bpOutput {
   background: #00c0ef;
   border-radius: 3px;
-  border: 1px solid rgba(0,0,0,0.1);  
+  border: 1px solid rgba(0, 0, 0, 0.1);
   color: #fff;
   font-size: 1.4rem;
   margin-bottom: 10px;
   margin-top: 5px;
-  padding: 15px;  
+  padding: 15px;
 }
 
-#bpOutput:before {
-  background: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='7' height='14' viewBox='0 0 7 14'%3E%3Cpath fill='%23fff' d='M6,11a1.371,1.371,0,0,1,1,1v1a1.371,1.371,0,0,1-1,1H1a1.371,1.371,0,0,1-1-1V12a1.371,1.371,0,0,1,1-1H2V8H1A1.371,1.371,0,0,1,0,7V6A1.371,1.371,0,0,1,1,5H4A1.371,1.371,0,0,1,5,6v5H6ZM3.5,0A1.5,1.5,0,1,1,2,1.5,1.5,1.5,0,0,1,3.5,0Z'/%3E%3C/svg%3E") no-repeat center left;
+#bpOutput::before {
+  background: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='7' height='14' viewBox='0 0 7 14'%3E%3Cpath fill='%23fff' d='M6 11a1.371 1.371 0 011 1v1a1.371 1.371 0 01-1 1H1a1.371 1.371 0 01-1-1v-1a1.371 1.371 0 011-1h1V8H1a1.371 1.371 0 01-1-1V6a1.371 1.371 0 011-1h3a1.371 1.371 0 011 1v5h1zM3.5 0A1.5 1.5 0 112 1.5 1.5 1.5 0 013.5 0z'/%3E%3C/svg%3E") no-repeat center left;
   display: block;
   font-size: 1.8rem;
   text-indent: 15px;
@@ -281,8 +289,8 @@ main {
 #bpOutput.error { background: #dd4b39; }
 
 .blockMsg, .flagMsg {
-  font: bold 1.8rem Consolas, Courier, monospace;
-  padding: 5px 10px 10px 10px;
+  font: 700 1.8rem Consolas, Courier, monospace;
+  padding: 5px 10px 10px;
   text-indent: 15px;
 }
 
@@ -298,7 +306,7 @@ main {
   -moz-appearance: none;
   -webkit-appearance: none;
   border-radius: 3px;
-  border: 1px solid rgba(0,0,0,0.1);
+  border: 1px solid rgba(0, 0, 0, 0.1);
   box-sizing: content-box;
   display: table-cell;
   font-size: 1.65rem;
@@ -309,46 +317,48 @@ main {
   text-align: center;
   vertical-align: top;
   white-space: nowrap;
-  width: auto;  
+  width: auto;
 }
 
 .buttons a:hover { text-decoration: none; }
 
 /* Button hover dark overlay */
 .buttons *:not(input):not([disabled]):hover {
-  background-image: linear-gradient(to bottom, rgba(0,0,0,0.1), rgba(0,0,0,0.1));
-  color: #FFF;
+  background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.1), rgba(0, 0, 0, 0.1));
+  color: #fff;
 }
 
 /* Button active shadow inset */
 .buttons *:not([disabled]):not(input):active {
-  box-shadow: inset 0 3px 5px rgba(0,0,0,0.125);
+  box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
 }
 
-/* Input border colour */
+/* Input border color */
 .buttons *:not([disabled]):hover, .buttons input:focus {
-  border-color: rgba(0,0,0,0.25);
+  border-color: rgba(0, 0, 0, 0.25);
 }
 
-#bpButtons * { width: 50%; color: #FFF; }
-#bpBack           { background-color: #00a65a; }
-#bpInfo           { background-color: #3c8dbc;  }
+#bpButtons *  { width: 50%; color: #fff; }
+#bpBack       { background-color: #00a65a; }
+#bpInfo       { background-color: #3c8dbc; }
 #bpWhitelist  { background-color: #dd4b39; }
 
-#blockpage .buttons [type=password][disabled] { color: rgba(0,0,0,1); }
-#blockpage .buttons [disabled] { color: rgba(0,0,0,0.55); background-color: #e3e3e3; }
-#blockpage .buttons [type=password]:-ms-input-placeholder { color: rgba(51,51,51,0.8); }
+#blockpage .buttons [type="password"][disabled] { color: rgba(0, 0, 0, 1); }
+#blockpage .buttons [disabled] { color: rgba(0, 0, 0, 0.55); background-color: #e3e3e3; }
+#blockpage .buttons [type="password"]:-ms-input-placeholder { color: rgba(51, 51, 51, 0.8); }
 
-input[type=password] { font-size: 1.5rem; }
+input[type="password"] { font-size: 1.5rem; }
+
+@-webkit-keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
 
 @keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-#bpMoreToggle:checked ~ #bpMoreInfo { display: block; margin-top: 8px; animation: slidein 0.05s linear; }
+#bpMoreToggle:checked ~ #bpMoreInfo { display: block; margin-top: 8px; -webkit-animation: slidein 0.05s linear; animation: slidein 0.05s linear; }
 #bpMoreInfo { display: none; margin-top: 10px; }
 
 #bpQueryOutput {
   font-size: 1.2rem;
   line-height: 1.65rem;
-  margin: 5px 0 0 0;
+  margin: 5px 0 0;
   overflow: auto;
   padding: 0 5px;
   -webkit-overflow-scrolling: touch;
@@ -367,13 +377,13 @@ footer {
   border-top: 1px solid #d2d6de;
   color: #444;
   font: 1.2rem Consolas, Courier, monospace;
-  padding: 8px;  
+  padding: 8px;
 }
 
 /* Responsive Content */
 @media only screen and (max-width: 500px) {
   h1 a { font-size: 1.8rem; min-width: 170px; }
-  footer span:before { content: "Generated "; }
+  footer span::before { content: "Generated "; }
   footer span { display: block; }
 }
 

advanced/dnsmasq.conf.original

@@ -46,7 +46,7 @@
 #resolv-file=
 
 # By  default,  dnsmasq  will  send queries to any of the upstream
-# servers it knows about and tries to favour servers to are  known
+# servers it knows about and tries to favor servers to are  known
 # to  be  up.  Uncommenting this forces dnsmasq to try each query
 # with  each  server  strictly  in  the  order  they   appear   in
 # /etc/resolv.conf
@@ -189,7 +189,7 @@
 # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
 # hosts. Use the DHCPv4 lease to derive the name, network segment and
 # MAC address and assume that the host will also have an
-# IPv6 address calculated using the SLAAC alogrithm.
+# IPv6 address calculated using the SLAAC algorithm.
 #dhcp-range=1234::, ra-names
 
 # Do Router Advertisements, BUT NOT DHCP for this subnet.
@@ -210,7 +210,7 @@
 #dhcp-range=1234::, ra-stateless, ra-names
 
 # Do router advertisements for all subnets where we're doing DHCPv6
-# Unless overriden by ra-stateless, ra-names, et al, the router
+# Unless overridden by ra-stateless, ra-names, et al, the router
 # advertisements will have the M and O bits set, so that the clients
 # get addresses and configuration from DHCPv6, and the A bit reset, so the
 # clients don't use SLAAC addresses.
@@ -281,7 +281,7 @@
 # Give a fixed IPv6 address and name to client with
 # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
-# Note also the they [] around the IPv6 address are obilgatory.
+# Note also the they [] around the IPv6 address are obligatory.
 #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
 
 # Ignore any clients which are not specified in dhcp-host lines
@@ -404,14 +404,14 @@
 #dhcp-option=vendor:MSFT,2,1i
 
 # Send the Encapsulated-vendor-class ID needed by some configurations of
-# Etherboot to allow is to recognise the DHCP server.
+# Etherboot to allow is to recognize the DHCP server.
 #dhcp-option=vendor:Etherboot,60,"Etherboot"
 
 # Send options to PXELinux. Note that we need to send the options even
 # though they don't appear in the parameter request list, so we need
 # to use dhcp-option-force here.
 # See http://syslinux.zytor.com/pxe.php#special for details.
-# Magic number - needed before anything else is recognised
+# Magic number - needed before anything else is recognized
 #dhcp-option-force=208,f1:00:74:7e
 # Configuration file name
 #dhcp-option-force=209,configs/common

advanced/index.php

@@ -41,7 +41,7 @@ $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
 $currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
 
 // Set mobile friendly viewport
-$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>';
+$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1">';
 
 // Set response header
 function setHeader($type = "x") {
@@ -57,16 +57,21 @@ if ($serverName === "pi.hole"
 } elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
     // Set Splash Page output
     $splashPage = "
-    <html>
-      <head>
-        $viewPort
-        <link rel='stylesheet' href='pihole/blockingpage.css' type='text/css'/>
-      </head>
-      <body id='splashpage'>
-        <img src='admin/img/logo.svg'/><br/>
-        Pi-<b>hole</b>: Your black hole for Internet advertisements<br/>
-        <a href='/admin'>Did you mean to go to the admin panel?</a>
-      </body>
+    <!doctype html>
+    <html lang='en'>
+        <head>
+            <meta charset='utf-8'>
+            $viewPort
+            <title>● $serverName</title>
+            <link rel='stylesheet' href='pihole/blockingpage.css'>
+            <link rel='shortcut icon' href='admin/img/favicons/favicon.ico' type='image/x-icon'>
+        </head>
+        <body id='splashpage'>
+            <img src='admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
+            <br>
+            <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
+            <a href='/admin'>Did you mean to go to the admin panel?</a>
+        </body>
     </html>
     ";
 
@@ -79,22 +84,39 @@ if ($serverName === "pi.hole"
     // Render splash/landing page when directly browsing via IP or authorized hostname
     exit($renderPage);
 } elseif ($currentUrlExt === "js") {
-    // Serve Pi-hole Javascript for blocked domains requesting JS
+    // Serve Pi-hole JavaScript for blocked domains requesting JS
     exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
 } elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
     // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
     // e.g: An iframe of a blocked domain
-    exit(setHeader().'<html>
-        <head><script>window.close();</script></head>
-        <body><img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs="></body>
+    exit(setHeader().'<!doctype html>
+    <html lang="en">
+        <head>
+            <meta charset="utf-8"><script>window.close();</script>
+        </head>
+        <body>
+            <img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=">
+        </body>
     </html>');
 } elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
     // Serve SVG upon receiving non $validExtTypes URL extension or query string
     // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
     // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
-    $blockImg = '<a href="/"><svg xmlns="http://www.w3.org/2000/svg" width="110" height="16"><defs><style>a {text-decoration: none;} circle {stroke: rgba(152,2,2,0.5); fill: none; stroke-width: 2;} rect {fill: rgba(152,2,2,0.5);} text {opacity: 0.3; font: 11px Arial;}</style></defs><circle cx="8" cy="8" r="7"/><rect x="10.3" y="-6" width="2" height="12" transform="rotate(45)"/><text x="19.3" y="12">Blocked by Pi-hole</text></svg></a>';
-    exit(setHeader()."<html>
-        <head>$viewPort</head>
+    $blockImg = '<a href="/">
+    <svg xmlns="http://www.w3.org/2000/svg" width="110" height="16">
+      <circle cx="8" cy="8" r="7" fill="none" stroke="rgba(152,2,2,.5)" stroke-width="2"/>
+      <path fill="rgba(152,2,2,.5)" d="M11.526 3.04l1.414 1.415-8.485 8.485-1.414-1.414z"/>
+      <text x="19.3" y="12" opacity=".3" style="font:11px Arial">
+        Blocked by Pi-hole
+      </text>
+    </svg>
+    </a>';
+    exit(setHeader()."<!doctype html>
+    <html lang='en'>
+        <head>
+            <meta charset='utf-8'>
+            $viewPort
+        </head>
         <body>$blockImg</body>
     </html>");
 }
@@ -227,7 +249,7 @@ if (explode("-", $phVersion)[1] != "0")
 
 setHeader();
 ?>
-<!DOCTYPE html>
+<!doctype html>
 <!-- Pi-hole: A black hole for Internet advertisements
 *  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 *  Network-wide ad blocking via your own hardware.
@@ -235,12 +257,12 @@ setHeader();
 *  This file is copyright under the latest version of the EUPL. -->
 <html>
 <head>
-  <meta charset="UTF-8">
+  <meta charset="utf-8">
   <?=$viewPort ?>
-  <meta name="robots" content="noindex,nofollow"/>
+  <meta name="robots" content="noindex,nofollow">
   <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="shortcut icon" href="admin/img/favicon.png" type="image/x-icon"/>
-  <link rel="stylesheet" href="pihole/blockingpage.css" type="text/css"/>
+  <link rel="stylesheet" href="pihole/blockingpage.css">
+  <link rel="shortcut icon" href="admin/img/favicons/favicon.ico" type="image/x-icon">
   <title>● <?=$serverName ?></title>
   <script src="admin/scripts/vendor/jquery.min.js"></script>
   <script>
@@ -274,16 +296,16 @@ setHeader();
   </h1>
   <div class="spc"></div>
 
-  <input id="bpAboutToggle" type="checkbox"/>
+  <input id="bpAboutToggle" type="checkbox">
   <div id="bpAbout">
     <div class="aboutPH">
-      <div class="aboutImg"/></div>
+      <div class="aboutImg"></div>
       <p>Open Source Ad Blocker
         <small>Designed for Raspberry Pi</small>
       </p>
     </div>
     <div class="aboutLink">
-      <a class="linkPH" href="https://github.com/pi-hole/pi-hole/wiki/What-is-Pi-hole%3F-A-simple-explanation"><?php //About PH ?></a>
+      <a class="linkPH" href="https://docs.pi-hole.net/"><?php //About PH ?></a>
       <?php if (!empty($svEmail)) echo '<a class="linkEmail" href="mailto:'.$svEmail.'"></a>'; ?>
     </div>
   </div>
@@ -314,8 +336,9 @@ setHeader();
     <pre id='bpQueryOutput'><?php if ($featuredTotal > 0) foreach ($queryResults as $num => $value) { echo "<span>[$num]:</span>$adlistsUrls[$num]\n"; } ?></pre>
 
     <form id="bpWLButtons" class="buttons">
-      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled/>
-      <input id="bpWLPassword" type="password" placeholder="Javascript disabled" disabled/><button id="bpWhitelist" type="button" disabled></button>
+      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled>
+      <input id="bpWLPassword" type="password" placeholder="JavaScript disabled" disabled>
+      <button id="bpWhitelist" type="button" disabled></button>
     </form>
   </div>
 </main>

advanced/lighttpd.conf.debian

@@ -16,21 +16,21 @@
 ###############################################################################
 
 server.modules = (
-	"mod_access",
-	"mod_accesslog",
-	"mod_auth",
-	"mod_expire",
-	"mod_compress",
-	"mod_redirect",
-	"mod_setenv",
-	"mod_rewrite"
+    "mod_access",
+    "mod_accesslog",
+    "mod_auth",
+    "mod_expire",
+    "mod_compress",
+    "mod_redirect",
+    "mod_setenv",
+    "mod_rewrite"
 )
 
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/var/run/lighttpd.pid"
+server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
 server.port                 = 80
@@ -41,18 +41,45 @@ index-file.names            = ( "index.php", "index.html", "index.lighttpd.html"
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
-compress.cache-dir          = "/var/cache/lighttpd/compress/"
-compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
+compress.cache-dir = "/var/cache/lighttpd/compress/"
+compress.filetype  = (
+    "application/json",
+    "application/vnd.ms-fontobject",
+    "application/xml",
+    "font/eot",
+    "font/opentype",
+    "font/otf",
+    "font/ttf",
+    "image/bmp",
+    "image/svg+xml",
+    "image/vnd.microsoft.icon",
+    "image/x-icon",
+    "text/css",
+    "text/html",
+    "text/javascript",
+    "text/plain",
+    "text/xml"
+)
 
-mimetype.assign   = ( ".png"  => "image/png",
-                      ".jpg"  => "image/jpeg",
-                      ".jpeg" => "image/jpeg",
-                      ".html" => "text/html",
-                      ".css" => "text/css; charset=utf-8",
-                      ".js" => "application/javascript",
-                      ".json" => "application/json",
-                      ".txt"  => "text/plain",
-                      ".svg"  => "image/svg+xml" )
+mimetype.assign = (
+    ".ico"   => "image/x-icon",
+    ".jpeg"  => "image/jpeg",
+    ".jpg"   => "image/jpeg",
+    ".png"   => "image/png",
+    ".svg"   => "image/svg+xml",
+    ".css"   => "text/css; charset=utf-8",
+    ".html"  => "text/html; charset=utf-8",
+    ".js"    => "text/javascript; charset=utf-8",
+    ".json"  => "application/json; charset=utf-8",
+    ".map"   => "application/json; charset=utf-8",
+    ".txt"   => "text/plain; charset=utf-8",
+    ".eot"   => "application/vnd.ms-fontobject",
+    ".otf"   => "font/otf",
+    ".ttc"   => "font/collection",
+    ".ttf"   => "font/ttf",
+    ".woff"  => "font/woff",
+    ".woff2" => "font/woff2"
+)
 
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
@@ -69,7 +96,7 @@ $HTTP["url"] =~ "^/admin/" {
         "X-Frame-Options" => "DENY"
     )
 
-    $HTTP["url"] =~ ".ttf$" {
+    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
         # Allow Block Page access to local fonts
         setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
     }
@@ -77,9 +104,12 @@ $HTTP["url"] =~ "^/admin/" {
 
 # Block . files from being served, such as .git, .github, .gitignore
 $HTTP["url"] =~ "^/admin/\.(.*)" {
-     url.access-deny = ("")
+    url.access-deny = ("")
 }
 
+# Default expire header
+expire.url = ( "" => "access plus 0 seconds" )
+
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"

advanced/lighttpd.conf.fedora

@@ -2,7 +2,7 @@
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
-# lighttpd config for Pi-hole
+# Lighttpd config for Pi-hole
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
@@ -16,69 +16,95 @@
 ###############################################################################
 
 server.modules = (
-	"mod_access",
-	"mod_auth",
-	"mod_fastcgi",
-	"mod_accesslog",
-	"mod_expire",
-	"mod_compress",
-	"mod_redirect",
-	"mod_setenv",
-	"mod_rewrite"
+    "mod_access",
+    "mod_auth",
+    "mod_expire",
+    "mod_fastcgi",
+    "mod_accesslog",
+    "mod_compress",
+    "mod_redirect",
+    "mod_setenv",
+    "mod_rewrite"
 )
 
 server.document-root        = "/var/www/html"
 server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/var/run/lighttpd.pid"
+server.pid-file             = "/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
 server.port                 = 80
 accesslog.filename          = "/var/log/lighttpd/access.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
-
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
-compress.cache-dir          = "/var/cache/lighttpd/compress/"
-compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
+compress.cache-dir = "/var/cache/lighttpd/compress/"
+compress.filetype  = (
+    "application/json",
+    "application/vnd.ms-fontobject",
+    "application/xml",
+    "font/eot",
+    "font/opentype",
+    "font/otf",
+    "font/ttf",
+    "image/bmp",
+    "image/svg+xml",
+    "image/vnd.microsoft.icon",
+    "image/x-icon",
+    "text/css",
+    "text/html",
+    "text/javascript",
+    "text/plain",
+    "text/xml"
+)
 
-mimetype.assign   = ( ".png"  => "image/png",
-                      ".jpg"  => "image/jpeg",
-                      ".jpeg" => "image/jpeg",
-                      ".html" => "text/html",
-                      ".css" => "text/css; charset=utf-8",
-                      ".js" => "application/javascript",
-                      ".json" => "application/json",
-                      ".txt"  => "text/plain",
-                      ".svg"  => "image/svg+xml" )
+mimetype.assign = (
+    ".ico"   => "image/x-icon",
+    ".jpeg"  => "image/jpeg",
+    ".jpg"   => "image/jpeg",
+    ".png"   => "image/png",
+    ".svg"   => "image/svg+xml",
+    ".css"   => "text/css; charset=utf-8",
+    ".html"  => "text/html; charset=utf-8",
+    ".js"    => "text/javascript; charset=utf-8",
+    ".json"  => "application/json; charset=utf-8",
+    ".map"   => "application/json; charset=utf-8",
+    ".txt"   => "text/plain; charset=utf-8",
+    ".eot"   => "application/vnd.ms-fontobject",
+    ".otf"   => "font/otf",
+    ".ttc"   => "font/collection",
+    ".ttf"   => "font/ttf",
+    ".woff"  => "font/woff",
+    ".woff2" => "font/woff2"
+)
 
 # default listening port for IPv6 falls back to the IPv4 port
 #include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 #include_shell "/usr/share/lighttpd/create-mime.assign.pl"
 #include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 
-fastcgi.server = ( ".php" =>
-                   ( "localhost" =>
-                     (
-                       "socket" => "/tmp/php-fastcgi.socket",
-                       "bin-path" => "/usr/bin/php-cgi"
-                     )
-                   )
-                 )
+fastcgi.server = (
+    ".php" => (
+        "localhost" => (
+            "socket" => "/tmp/php-fastcgi.socket",
+            "bin-path" => "/usr/bin/php-cgi"
+        )
+    )
+)
 
 # If the URL starts with /admin, it is the Web interface
 $HTTP["url"] =~ "^/admin/" {
-	  # Create a response header for debugging using curl -I
+    # Create a response header for debugging using curl -I
     setenv.add-response-header = (
         "X-Pi-hole" => "The Pi-hole Web interface is working!",
         "X-Frame-Options" => "DENY"
     )
 
-    $HTTP["url"] =~ ".ttf$" {
+    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
         # Allow Block Page access to local fonts
         setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
     }
@@ -86,9 +112,12 @@ $HTTP["url"] =~ "^/admin/" {
 
 # Block . files from being served, such as .git, .github, .gitignore
 $HTTP["url"] =~ "^/admin/\.(.*)" {
-     url.access-deny = ("")
+    url.access-deny = ("")
 }
 
+# Default expire header
+expire.url = ( "" => "access plus 0 seconds" )
+
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"

automated install/basic-install.sh

@@ -21,6 +21,10 @@
 # instead of continuing the installation with something broken
 set -e
 
+# Set PATH to a usual default to assure that all basic commands are available.
+# When using "su" an uncomplete PATH could be passed: https://github.com/pi-hole/pi-hole/issues/3209
+export PATH+=':/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+
 ######## VARIABLES #########
 # For better maintainability, we store as much information that can change in variables
 # This allows us to make a change in one place that can propagate to all instances of the variable
@@ -72,8 +76,8 @@ useUpdateVars=false
 adlistFile="/etc/pihole/adlists.list"
 # Pi-hole needs an IP address; to begin, these variables are empty since we don't know what the IP is until
 # this script can run
-IPV4_ADDRESS=""
-IPV6_ADDRESS=""
+IPV4_ADDRESS=${IPV4_ADDRESS}
+IPV6_ADDRESS=${IPV6_ADDRESS}
 # By default, query logging is enabled and the dashboard is set to be installed
 QUERY_LOGGING=true
 INSTALL_WEB_INTERFACE=true
@@ -174,6 +178,99 @@ is_command() {
     command -v "${check_command}" >/dev/null 2>&1
 }
 
+os_check() {
+    if [ "$PIHOLE_SKIP_OS_CHECK" != true ]; then
+        # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
+        # and determines whether or not the script is running on one of those systems
+        local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response
+        remote_os_domain="versions.pi-hole.net"
+
+        detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
+        detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
+
+        cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)"
+        #Get the return code of the previous command (last line)
+        digReturnCode="${cmdResult##*$'\n'}"
+
+        if [ ! "${digReturnCode}" == "0" ]; then
+            valid_response=false
+        else
+            # Dig returned 0 code, so get the actual response, and loop through it to determine if the detected variables above are valid
+            response="${cmdResult%%$'\n'*}"
+            # If the value of ${result} is a single 0, then this is the return code, not the response. Response is blank
+            if [ "${response}" == 0 ]; then
+                valid_response=false
+            fi
+
+            IFS=" " read -r -a supportedOS < <(echo "${response}" | tr -d '"')
+            for distro_and_versions in "${supportedOS[@]}"
+            do
+                distro_part="${distro_and_versions%%=*}"
+                versions_part="${distro_and_versions##*=}"
+
+                if [[ "${detected_os^^}" =~ ${distro_part^^} ]]; then
+                    valid_os=true
+                    IFS="," read -r -a supportedVer <<<"${versions_part}"
+                    for version in "${supportedVer[@]}"
+                    do
+                        if [[ "${detected_version}" =~ $version ]]; then
+                            valid_version=true
+                            break
+                        fi
+                    done
+                    break
+                fi
+            done
+        fi
+
+        if [ "$valid_os" = true ] && [ "$valid_version" = true ] && [ ! "$valid_response" = false ]; then
+            display_warning=false
+        fi
+
+        if [ "$display_warning" != false ]; then
+            if [ "$valid_response" = false ]; then
+
+                if [ "${digReturnCode}" -eq 0 ]; then
+                    errStr="dig succeeded, but response was blank. Please contact support"
+                else
+                    errStr="dig failed with return code ${digReturnCode}"
+                fi
+                printf "  %b %bRetrieval of supported OS list failed. %s. %b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${errStr}" "${COL_NC}"
+                printf "      %bUnable to determine if the detected OS (%s %s) is supported%b\\n" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}"
+                printf "      Possible causes for this include:\\n"
+                printf "        - Firewall blocking certain DNS lookups from Pi-hole device\\n"
+                printf "        - ns1.pi-hole.net being blocked (required to obtain TXT record from versions.pi-hole.net containing supported operating systems)\\n"
+                printf "        - Other internet connectivity issues\\n"
+            else
+                printf "  %b %bUnsupported OS detected: %s %s%b\\n" "${CROSS}" "${COL_LIGHT_RED}" "${detected_os^}" "${detected_version}" "${COL_NC}"
+                printf "      If you are seeing this message and you do have a supported OS, please contact support.\\n"
+            fi
+            printf "\\n"
+            printf "      %bhttps://docs.pi-hole.net/main/prerequesites/#supported-operating-systems%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
+            printf "\\n"
+            printf "      If you wish to attempt to continue anyway, you can try one of the following commands to skip this check:\\n"
+            printf "\\n"
+            printf "      e.g: If you are seeing this message on a fresh install, you can run:\\n"
+            printf "             %bcurl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
+            printf "\\n"
+            printf "           If you are seeing this message after having run pihole -up:\\n"
+            printf "             %bPIHOLE_SKIP_OS_CHECK=true sudo -E pihole -r%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
+            printf "           (In this case, your previous run of pihole -up will have already updated the local repository)\\n"
+            printf "\\n"
+            printf "      It is possible that the installation will still fail at this stage due to an unsupported configuration.\\n"
+            printf "      If that is the case, you can feel free to ask the community on Discourse with the %bCommunity Help%b category:\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+            printf "      %bhttps://discourse.pi-hole.net/c/bugs-problems-issues/community-help/%b\\n" "${COL_LIGHT_GREEN}" "${COL_NC}"
+            printf "\\n"
+            exit 1
+
+        else
+            printf "  %b %bSupported OS detected%b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${COL_NC}"
+        fi
+    else
+        printf "  %b %bPIHOLE_SKIP_OS_CHECK env variable set to true - installer will continue%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
+    fi
+}
+
 # Compatibility
 distro_check() {
 # If apt-get is installed, then we know it's part of the Debian family
@@ -184,7 +281,7 @@ if is_command apt-get ; then
     # A variable to store the command used to update the package cache
     UPDATE_PKG_CACHE="${PKG_MANAGER} update"
     # An array for something...
-    PKG_INSTALL=("${PKG_MANAGER}" --yes --no-install-recommends install)
+    PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install)
     # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
     PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
     # Some distros vary slightly so these fixes for dependencies may apply
@@ -192,8 +289,8 @@ if is_command apt-get ; then
     APT_SOURCES="/etc/apt/sources.list"
     if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then
         if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5" "${r}" "${c}"; then
-            printf "  %b Aborting installation: dependencies could not be installed.\\n" "${CROSS}"
-            exit # exit the installer
+            printf "  %b Aborting installation: Dependencies could not be installed.\\n" "${CROSS}"
+            exit 1 # exit the installer
         else
             printf "  %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}"
             cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
@@ -202,14 +299,18 @@ if is_command apt-get ; then
             printf "  %b Enabled %s\\n" "${TICK}" "'universe' repository"
         fi
     fi
-    # Debian 7 doesn't have iproute2 so if the dry run install is successful,
-    if "${PKG_MANAGER}" install --dry-run iproute2 > /dev/null 2>&1; then
-        # we can install it
+    # Update package cache. This is required already here to assure apt-cache calls have package lists available.
+    update_package_cache || exit 1
+    # Debian 7 doesn't have iproute2 so check if it's available first
+    if apt-cache show iproute2 > /dev/null 2>&1; then
         iproute_pkg="iproute2"
-    # Otherwise,
-    else
-        # use iproute
+    # Otherwise, check if iproute is available
+    elif apt-cache show iproute > /dev/null 2>&1; then
         iproute_pkg="iproute"
+    # Else print error and exit
+    else
+        printf "  %b Aborting installation: iproute2 and iproute packages were not found in APT repository.\\n" "${CROSS}"
+        exit 1
     fi
     # Check for and determine version number (major and minor) of current php install
     if is_command php ; then
@@ -224,30 +325,37 @@ if is_command apt-get ; then
     # Check if installed php is v 7.0, or newer to determine packages to install
     if [[ "$phpInsNewer" != true ]]; then
         # Prefer the php metapackage if it's there
-        if "${PKG_MANAGER}" install --dry-run php > /dev/null 2>&1; then
+        if apt-cache show php > /dev/null 2>&1; then
             phpVer="php"
-        # fall back on the php5 packages
-        else
+        # Else fall back on the php5 package if it's there
+        elif apt-cache show php5 > /dev/null 2>&1; then
             phpVer="php5"
+        # Else print error and exit
+        else
+            printf "  %b Aborting installation: No PHP packages were found in APT repository.\\n" "${CROSS}"
+            exit 1
         fi
     else
         # Newer php is installed, its common, cgi & sqlite counterparts are deps
         phpVer="php$phpInsMajor.$phpInsMinor"
     fi
     # We also need the correct version for `php-sqlite` (which differs across distros)
-    if "${PKG_MANAGER}" install --dry-run "${phpVer}-sqlite3" > /dev/null 2>&1; then
+    if apt-cache show "${phpVer}-sqlite3" > /dev/null 2>&1; then
         phpSqlite="sqlite3"
-    else
+    elif apt-cache show "${phpVer}-sqlite" > /dev/null 2>&1; then
         phpSqlite="sqlite"
+    else
+        printf "  %b Aborting installation: No SQLite PHP module was found in APT repository.\\n" "${CROSS}"
+        exit 1
     fi
     # Since our install script is so large, we need several other programs to successfully get a machine provisioned
     # These programs are stored in an array so they can be looped through later
-    INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail)
+    INSTALLER_DEPS=(dhcpcd5 git "${iproute_pkg}" whiptail dnsutils)
     # Pi-hole itself has several dependencies that also need to be installed
-    PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2)
+    PIHOLE_DEPS=(cron curl iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2)
     # The Web dashboard has some that also need to be installed
     # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
-    PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "php-intl")
+    PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-${phpSqlite}" "${phpVer}-xml" "${phpVer}-intl")
     # The Web server user,
     LIGHTTPD_USER="www-data"
     # group,
@@ -281,12 +389,10 @@ elif is_command rpm ; then
         PKG_MANAGER="yum"
     fi
 
-    # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
-    UPDATE_PKG_CACHE=":"
     PKG_INSTALL=("${PKG_MANAGER}" install -y)
     PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
-    INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig)
-    PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap)
+    INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig bind-utils)
+    PIHOLE_DEPS=(cronie curl findutils nmap-ncat sudo unzip libidn2 psmisc sqlite libcap)
     PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl)
     LIGHTTPD_USER="lighttpd"
     LIGHTTPD_GROUP="lighttpd"
@@ -426,11 +532,9 @@ make_repo() {
     fi
     # Clone the repo and return the return code from this command
     git clone -q --depth 20 "${remoteRepo}" "${directory}" &> /dev/null || return $?
-    # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
-    chmod -R a+rX "${directory}"
     # Move into the directory that was passed as an argument
     pushd "${directory}" &> /dev/null || return 1
-    # Check current branch. If it is master, then reset to the latest availible tag.
+    # Check current branch. If it is master, then reset to the latest available tag.
     # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks)
     curBranch=$(git rev-parse --abbrev-ref HEAD)
     if [[ "${curBranch}" == "master" ]]; then #If we're calling make_repo() then it should always be master, we may not need to check.
@@ -438,7 +542,8 @@ make_repo() {
     fi
     # Show a colored message showing it's status
     printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
-
+    # Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
+    chmod -R a+rX "${directory}"
     # Move back into the original directory
     popd &> /dev/null || return 1
     return 0
@@ -466,7 +571,7 @@ update_repo() {
     git clean --quiet --force -d || true # Okay for already clean directory
     # Pull the latest commits
     git pull --quiet &> /dev/null || return $?
-    # Check current branch. If it is master, then reset to the latest availible tag.
+    # Check current branch. If it is master, then reset to the latest available tag.
     # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks)
     curBranch=$(git rev-parse --abbrev-ref HEAD)
     if [[ "${curBranch}" == "master" ]]; then
@@ -573,7 +678,7 @@ welcomeDialogs() {
     whiptail --msgbox --backtitle "Welcome" --title "Pi-hole automated installer" "\\n\\nThis installer will transform your device into a network-wide ad blocker!" "${r}" "${c}"
 
     # Request that users donate if they enjoy the software since we all work on it in our free time
-    whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations:  http://pi-hole.net/donate" "${r}" "${c}"
+    whiptail --msgbox --backtitle "Plea" --title "Free and open source" "\\n\\nThe Pi-hole is free, but powered by your donations:  https://pi-hole.net/donate/" "${r}" "${c}"
 
     # Explain the need for a static address
     whiptail --msgbox --backtitle "Initiating network interface" --title "Static IP Needed" "\\n\\nThe Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
@@ -600,7 +705,7 @@ verifyFreeDiskSpace() {
         printf "      We were unable to determine available free disk space on this system.\\n"
         printf "      You may override this check, however, it is not recommended.\\n"
         printf "      The option '%b--i_do_not_follow_recommendations%b' can override this.\\n" "${COL_LIGHT_RED}" "${COL_NC}"
-        printf "      e.g: curl -L https://install.pi-hole.net | bash /dev/stdin %b<option>%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "      e.g: curl -sSL https://install.pi-hole.net | bash /dev/stdin %b<option>%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
         # exit with an error code
         exit 1
     # If there is insufficient free disk space,
@@ -615,7 +720,7 @@ verifyFreeDiskSpace() {
             printf "      If this is a new install you may need to expand your disk\\n"
             printf "      Run 'sudo raspi-config', and choose the 'expand file system' option\\n"
             printf "      After rebooting, run this installation again\\n"
-            printf "      e.g: curl -L https://install.pi-hole.net | bash\\n"
+            printf "      e.g: curl -sSL https://install.pi-hole.net | bash\\n"
         fi
         # Show there is not enough free space
         printf "\\n      %bInsufficient free space, exiting...%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
@@ -665,7 +770,7 @@ chooseInterface() {
         # Feed the available interfaces into this while loop
         done <<< "${availableInterfaces}"
         # The whiptail command that will be run, stored in a variable
-        chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)" "${r}" "${c}" "${interfaceCount}")
+        chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to toggle selection)" "${r}" "${c}" "${interfaceCount}")
         # Now run the command using the interfaces saved into the array
         chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty) || \
         # If the user chooses Cancel, exit
@@ -755,8 +860,8 @@ use4andor6() {
     # Named local variables
     local useIPv4
     local useIPv6
-    # Let use select IPv4 and/or IPv6 via a checklist
-    cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)" "${r}" "${c}" 2)
+    # Let user choose IPv4 and/or IPv6 via a checklist
+    cmd=(whiptail --separate-output --checklist "Select Protocols (press space to toggle selection)" "${r}" "${c}" 2)
     # In an array, show the options available:
     # IPv4 (on by default)
     options=(IPv4 "Block ads over IPv4" on
@@ -819,13 +924,13 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
 
         # Ask for the IPv4 address
         IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" "${r}" "${c}" "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \
-        # Cancelling IPv4 settings window
+        # Canceling IPv4 settings window
         { ipSettingsCorrect=False; echo -e "  ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; }
         printf "  %b Your static IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}"
 
         # Ask for the gateway
         IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" "${r}" "${c}" "${IPv4gw}" 3>&1 1>&2 2>&3) || \
-        # Cancelling gateway settings window
+        # Canceling gateway settings window
         { ipSettingsCorrect=False; echo -e "  ${COL_LIGHT_RED}Cancel was selected, exiting installer${COL_NC}"; exit 1; }
         printf "  %b Your static IPv4 gateway: %s\\n" "${INFO}" "${IPv4gw}"
 
@@ -954,22 +1059,36 @@ valid_ip() {
     local ip=${1}
     local stat=1
 
-    # If the IP matches the format xxx.xxx.xxx.xxx,
-    if [[ "${ip}" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-        # Save the old Internal Field Separator in a variable
-        OIFS=$IFS
-        # and set the new one to a dot (period)
-        IFS='.'
-        # Put the IP into an array
-        read -r -a ip <<< "${ip}"
-        # Restore the IFS to what it was
-        IFS=${OIFS}
-        ## Evaluate each octet by checking if it's less than or equal to 255 (the max for each octet)
-        [[ "${ip[0]}" -le 255 && "${ip[1]}" -le 255 \
-        && "${ip[2]}" -le 255 && "${ip[3]}" -le 255 ]]
-        # Save the exit code
-        stat=$?
-    fi
+    # One IPv4 element is 8bit: 0 - 256
+    local ipv4elem="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?|0)";
+    # optional port number starting '#' with range of 1-65536
+    local portelem="(#([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6]))?"
+    # build a full regex string from the above parts
+    local regex="^${ipv4elem}\.${ipv4elem}\.${ipv4elem}\.${ipv4elem}${portelem}$"
+
+    [[ $ip =~ ${regex} ]]
+
+    stat=$?
+    # Return the exit code
+    return "${stat}"
+}
+
+valid_ip6() {
+    local ip=${1}
+    local stat=1
+
+    # One IPv6 element is 16bit: 0000 - FFFF
+    local ipv6elem="[0-9a-fA-F]{1,4}"
+    # CIDR for IPv6 is 1- 128 bit
+    local v6cidr="(\\/([1-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])){0,1}"
+    # optional port number starting '#' with range of 1-65536
+    local portelem="(#([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6]))?"
+    # build a full regex string from the above parts
+    local regex="^(((${ipv6elem}))*((:${ipv6elem}))*::((${ipv6elem}))*((:${ipv6elem}))*|((${ipv6elem}))((:${ipv6elem})){7})${v6cidr}${portelem}$"
+
+    [[ ${ip} =~ ${regex} ]]
+
+    stat=$?
     # Return the exit code
     return "${stat}"
 }
@@ -1209,9 +1328,7 @@ chooseBlocklists() {
     cmd=(whiptail --separate-output --checklist "Pi-hole relies on third party lists in order to block ads.\\n\\nYou can use the suggestions below, and/or add your own after installation\\n\\nTo deselect any list, use the arrow keys and spacebar" "${r}" "${c}" 5)
     # In an array, show the options available (all off by default):
     options=(StevenBlack "StevenBlack's Unified Hosts List" on
-        MalwareDom "MalwareDomains" on
-        DisconTrack "Disconnect.me Tracking" on
-        DisconAd "Disconnect.me Ads" on)
+        MalwareDom "MalwareDomains" on)
 
     # In a variable, show the choices available; exit if Cancel is selected
     choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { printf "  %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; rm "${adlistFile}" ;exit 1; }
@@ -1220,6 +1337,7 @@ chooseBlocklists() {
     do
         appendToListsFile "${choice}"
     done
+    touch "${adlistFile}"
     chmod 644 "${adlistFile}"
 }
 
@@ -1230,8 +1348,6 @@ appendToListsFile() {
     case $1 in
         StevenBlack  )  echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";;
         MalwareDom   )  echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";;
-        DisconTrack  )  echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";;
-        DisconAd     )  echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";;
     esac
 }
 
@@ -1402,6 +1518,15 @@ installConfigs() {
             return 1
         fi
     fi
+
+    # Install empty custom.list file if it does not exist
+    if [[ ! -r "${PI_HOLE_CONFIG_DIR}/custom.list" ]]; then
+        if ! install -o root -m 644 /dev/null "${PI_HOLE_CONFIG_DIR}/custom.list" &>/dev/null; then
+            printf "  %bError: Unable to initialize configuration file %s/custom.list\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}"
+            return 1
+        fi
+    fi
+
     # If the user chose to install the dashboard,
     if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
         # and if the Web server conf directory does not exist,
@@ -1423,8 +1548,8 @@ installConfigs() {
             sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf
         fi
         # Make the directories if they do not exist and set the owners
-        mkdir -p /var/run/lighttpd
-        chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/run/lighttpd
+        mkdir -p /run/lighttpd
+        chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd
         mkdir -p /var/cache/lighttpd/compress
         chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
         mkdir -p /var/cache/lighttpd/uploads
@@ -1764,18 +1889,49 @@ create_pihole_user() {
     printf "  %b %s..." "${INFO}" "${str}"
     # If the user pihole exists,
     if id -u pihole &> /dev/null; then
-        # just show a success
-        printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+        # if group exists
+        if getent group pihole > /dev/null 2>&1; then
+            # just show a success
+            printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+        else
+            local str="Checking for group 'pihole'"
+            printf "  %b %s..." "${INFO}" "${str}"
+            local str="Creating group 'pihole'"
+            # if group can be created
+            if groupadd pihole; then
+                printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+                local str="Adding user 'pihole' to group 'pihole'"
+                printf "  %b %s..." "${INFO}" "${str}"
+                # if pihole user can be added to group pihole
+                if usermod -g pihole pihole; then
+                    printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+                else
+                    printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+                fi
+            else
+                printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+            fi
+        fi
     # Otherwise,
     else
         printf "%b  %b %s" "${OVER}" "${CROSS}" "${str}"
         local str="Creating user 'pihole'"
         printf "%b  %b %s..." "${OVER}" "${INFO}" "${str}"
         # create her with the useradd command
-        if useradd -r -s /usr/sbin/nologin pihole; then
-          printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+        if getent group pihole > /dev/null 2>&1; then
+            # add primary group pihole as it already exists
+            if useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole; then
+                printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+            else
+                printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+            fi
         else
-          printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+            # add user pihole with default group settings
+            if useradd -r -s /usr/sbin/nologin pihole; then
+                printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+            else
+                printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+            fi
         fi
     fi
 }
@@ -1870,6 +2026,9 @@ accountForRefactor() {
         fi
         echo -e "INSTALL_WEB_SERVER=$webserver_installed" >> "${setupVars}"
     fi
+
+    # Move any existing `pihole*` logs from `/var/log` to `/var/log/pihole`
+    mv /var/log/pihole*.* /var/log/pihole/ 2>/dev/null
 }
 
 # Install base files and web interface
@@ -1888,8 +2047,6 @@ installPihole() {
             # Repair permissions if /var/www/html is not world readable
             chmod a+rx /var/www
             chmod a+rx /var/www/html
-            # Give pihole access to the Web server group
-            usermod -a -G ${LIGHTTPD_GROUP} pihole
             # Give lighttpd access to the pihole group so the web interface can
             # manage the gravity.db database
             usermod -a -G pihole ${LIGHTTPD_USER}
@@ -1943,9 +2100,9 @@ checkSelinux() {
     local DEFAULT_SELINUX
     local CURRENT_SELINUX
     local SELINUX_ENFORCING=0
-    # Check if a SELinux configuration file exists
-    if [[ -f /etc/selinux/config ]]; then
-        # If a SELinux configuration file was found, check the default SELinux mode.
+    # Check for SELinux configuration file and getenforce command
+    if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then
+        # Check the default SELinux mode
         DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
         case "${DEFAULT_SELINUX,,}" in
             enforcing)
@@ -2310,11 +2467,11 @@ get_binary_name() {
             if [[ -f "/.dockerenv" ]]; then
                 printf "%b  %b Detected ARM architecture in docker\\n" "${OVER}" "${TICK}"
                 # set the binary to be used
-                binary="pihole-FTL-armel-native"
+                l_binary="pihole-FTL-armel-native"
             else
                 printf "%b  %b Detected ARM architecture\\n" "${OVER}" "${TICK}"
                 # set the binary to be used
-                binary="pihole-FTL-arm-linux-gnueabi"
+                l_binary="pihole-FTL-arm-linux-gnueabi"
             fi
         fi
     elif [[ "${machine}" == "x86_64" ]]; then
@@ -2536,15 +2693,15 @@ main() {
         verifyFreeDiskSpace
     fi
 
-    # Update package cache
-    update_package_cache || exit 1
-
     # Notify user of package availability
     notify_package_updates_available
 
     # Install packages used by this installation script
     install_dependent_packages "${INSTALLER_DEPS[@]}"
 
+    # Check that the installed OS is officially supported - display warning if not
+    os_check
+
     # Check if SELinux is Enforcing
     checkSelinux
 

automated install/uninstall.sh

@@ -14,8 +14,8 @@ while true; do
     read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn
     case ${yn} in
         [Yy]* ) break;;
-        [Nn]* ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been cancelled${COL_NC}"; exit 0;;
-        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been cancelled${COL_NC}"; exit 0;;
+        [Nn]* ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
+        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
     esac
 done
 
@@ -52,7 +52,7 @@ if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
     DEPS+=("${PIHOLE_WEB_DEPS[@]}")
 fi
 
-# Compatability
+# Compatibility
 if [ -x "$(command -v apt-get)" ]; then
     # Debian Family
     PKG_REMOVE=("${PKG_MANAGER}" -y remove --purge)
@@ -188,9 +188,17 @@ removeNoPurge() {
             echo -e "  ${CROSS} Unable to remove 'pihole' user"
         fi
     fi
+    # If the pihole group exists, then remove
+    if getent group "pihole" &> /dev/null; then
+        if ${SUDO} groupdel pihole 2> /dev/null; then
+            echo -e "  ${TICK} Removed 'pihole' group"
+        else
+            echo -e "  ${CROSS} Unable to remove 'pihole' group"
+        fi
+    fi
 
     echo -e "\\n   We're sorry to see you go, but thanks for checking out Pi-hole!
-       If you need help, reach out to us on Github, Discourse, Reddit or Twitter
+       If you need help, reach out to us on GitHub, Discourse, Reddit or Twitter
        Reinstall at any time: ${COL_WHITE}curl -sSL https://install.pi-hole.net | bash${COL_NC}
 
       ${COL_LIGHT_RED}Please reset the DNS on your router/clients to restore internet connectivity

block hulu ads/lighttpd.conf

@@ -1,43 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
-# Network-wide ad blocking via your Raspberry Pi
-# http://pi-hole.net
-# Lighttpd config file for Pi-hole
-#
-# Pi-hole is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-
-server.modules = (
-	"mod_access",
-	"mod_alias",
-	"mod_compress",
- 	"mod_redirect",
-   "mod_rewrite"
-)
-
-server.document-root        = "/var/www"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/var/run/lighttpd.pid"
-server.username             = "www-data"
-server.groupname            = "www-data"
-server.port                 = 80
-
-
-index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-compress.cache-dir          = "/var/cache/lighttpd/compress/"
-compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
-
-# default listening port for IPv6 falls back to the IPv4 port
-include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-
-$HTTP["host"] =~ "ads.hulu.com|ads-v-darwin.hulu.com|ads-e-darwin.hulu.com" {
-	url.redirect = ( ".*" => "http://192.168.1.101:8200/MediaItems/19.mov")
-}

block hulu ads/minidlna.conf

@@ -1,17 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
-# Network-wide ad blocking via your Raspberry Pi
-# http://pi-hole.net
-# MiniDLNA config file for Pi-hole
-#
-# Pi-hole is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-
-media_dir=V,/var/lib/minidlna/videos/
-port=8200
-friendly_name=pihole
-serial=12345678
-model_number=1
-inotify=yes

gravity.sh

@@ -43,8 +43,6 @@ optimize_database=false
 
 domainsExtension="domains"
 
-resolver="pihole-FTL"
-
 # Source setupVars from install script
 setupVars="${piholeDir}/setupVars.conf"
 if [[ -f "${setupVars}" ]];then
@@ -271,7 +269,7 @@ gravity_CheckDNSResolutionAvailable() {
   fi
 
   # If the /etc/resolv.conf contains resolvers other than 127.0.0.1 then the local dnsmasq will not be queried and pi.hole is NXDOMAIN.
-  # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventualy fails
+  # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventually fails
   # So we check the output of the last command and if it failed, attempt to use dig +short as a fallback
   if timeout 4 dig +short "${lookupDomain}" &> /dev/null; then
     if [[ -n "${secs:-}" ]]; then
@@ -284,7 +282,7 @@ gravity_CheckDNSResolutionAvailable() {
   fi
 
   # Determine error output message
-  if pidof ${resolver} &> /dev/null; then
+  if pgrep pihole-FTL &> /dev/null; then
     echo -e "  ${CROSS} DNS resolution is currently unavailable"
   else
     echo -e "  ${CROSS} DNS service is not running"
@@ -336,7 +334,7 @@ gravity_DownloadBlocklists() {
     return 1
   fi
 
-  local url domain agent cmd_ext str target
+  local url domain agent cmd_ext str target compression
   echo ""
 
   # Prepare new gravity database
@@ -355,13 +353,24 @@ gravity_DownloadBlocklists() {
 
   target="$(mktemp -p "/tmp" --suffix=".gravity")"
 
+  # Use compression to reduce the amount of data that is transfered
+  # between the Pi-hole and the ad list provider. Use this feature
+  # only if it is supported by the locally available version of curl
+  if curl -V | grep -q "Features:.* libz"; then
+    compression="--compressed"
+    echo -e "  ${INFO} Using libz compression\n"
+  else
+      compression=""
+      echo -e "  ${INFO} Libz compression not available\n"
+    fi
   # Loop through $sources and download each one
   for ((i = 0; i < "${#sources[@]}"; i++)); do
     url="${sources[$i]}"
     domain="${sourceDomains[$i]}"
+    id="${sourceIDs[$i]}"
 
     # Save the file as list.#.domain
-    saveLocation="${piholeDir}/list.${i}.${domain}.${domainsExtension}"
+    saveLocation="${piholeDir}/list.${id}.${domain}.${domainsExtension}"
     activeDomains[$i]="${saveLocation}"
 
     # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-)
@@ -376,11 +385,11 @@ gravity_DownloadBlocklists() {
     echo -e "  ${INFO} Target: ${url}"
     local regex
     # Check for characters NOT allowed in URLs
-    regex="[^a-zA-Z0-9:/?&%=~._()-]"
+    regex="[^a-zA-Z0-9:/?&%=~._()-;]"
     if [[ "${url}" =~ ${regex} ]]; then
         echo -e "  ${CROSS} Invalid Target"
     else
-       gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}"
+       gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
     fi
     echo ""
   done
@@ -455,7 +464,7 @@ parseList() {
 
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
-  local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}"
+  local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}"
   local heisenbergCompensator="" patternBuffer str httpCode success=""
 
   # Create temp file to store content on disk instead of RAM
@@ -504,8 +513,9 @@ gravity_DownloadBlocklistFromUrl() {
     echo -ne "  ${INFO} ${str} Pending..."
     cmd_ext="--resolve $domain:$port:$ip $cmd_ext"
   fi
+
   # shellcheck disable=SC2086
-  httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
+  httpCode=$(curl -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
 
   case $url in
     # Did we "download" a local file?
@@ -568,7 +578,7 @@ gravity_ParseFileIntoDomains() {
   # Determine if we are parsing a consolidated list
   #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
     # Remove comments and print only the domain name
-    # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious
+    # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contiguous
     # This helps with that and makes it easier to read
     # It also helps with debugging so each stage of the script can be researched more in depth
     # 1) Remove carriage returns
@@ -746,12 +756,12 @@ gravity_Cleanup() {
   fi
 
   # Only restart DNS service if offline
-  if ! pidof ${resolver} &> /dev/null; then
+  if ! pgrep pihole-FTL &> /dev/null; then
     "${PIHOLE_COMMAND}" restartdns
     dnsWasOffline=true
   fi
 
-  # Print Pi-hole status if an error occured
+  # Print Pi-hole status if an error occurred
   if [[ -n "${error}" ]]; then
     "${PIHOLE_COMMAND}" status
     exit 1

manpages/pihole.8

@@ -187,12 +187,12 @@ Available commands and options:
 
 	(Logging options):
 .br
-      on                Enable the Pi-hole log at /var/log/pihole.log
+      on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
       off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+                        /var/log/pihole/pihole.log
 .br
-      off noflush       Disable the Pi-hole log at /var/log/pihole.log
+      off noflush       Disable the Pi-hole log at /var/log/pihole/pihole.log
 .br
 
 \fB-up, updatePihole\fR [--check-only]
@@ -224,7 +224,7 @@ Available commands and options:
 .br
       -l, --latest      Return the latest version
 .br
-      --hash            Return the Github hash from your local
+      --hash            Return the GitHub hash from your local
                         repositories
 .br
 
@@ -257,19 +257,19 @@ Available commands and options:
 
 \fBrestartdns\fR [options]
 .br
-    Full restart Pi-hole subsystems
+    Full restart Pi-hole subsystems. Without any options (see below) a full restart causes config file parsing and history re-reading
 .br
 
     (restart options):
 .br
-      reload            Updates the lists and flushes DNS cache
+      reload            Updates the lists (incl. HOSTS files) and flushes DNS cache. Does not reparse config files
 .br
-      reload-lists      Updates the lists WITHOUT flushing the DNS cache
+      reload-lists      Updates the lists (excl. HOSTS files) WITHOUT flushing the DNS cache. Does not reparse config files
 .br
 
 \fBcheckout\fR [repo] [branch]
 .br
-    Switch Pi-hole subsystems to a different Github branch
+    Switch Pi-hole subsystems to a different GitHub branch
 .br
 
     (repo options):

pihole

@@ -20,8 +20,6 @@ PI_HOLE_BIN_DIR="/usr/local/bin"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
 
-resolver="pihole-FTL"
-
 webpageFunc() {
   source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
   main "$@"
@@ -107,19 +105,19 @@ restartDNS() {
   # Determine if we should reload or restart
   if [[ "${svcOption}" =~ "reload-lists" ]]; then
     # Reloading of the lists has been requested
-    # Note: This will NOT re-read any *.conf files
+    # Note 1: This will NOT re-read any *.conf files
     # Note 2: We cannot use killall here as it does
     #         not know about real-time signals
-    svc="kill -SIGRTMIN $(pidof ${resolver})"
+    svc="pkill -RTMIN pihole-FTL"
     str="Reloading DNS lists"
   elif [[ "${svcOption}" =~ "reload" ]]; then
     # Reloading of the DNS cache has been requested
     # Note: This will NOT re-read any *.conf files
-    svc="killall -s SIGHUP ${resolver}"
+    svc="pkill -HUP pihole-FTL"
     str="Flushing DNS cache"
   else
     # A full restart has been requested
-    svc="service ${resolver} restart"
+    svc="service pihole-FTL restart"
     str="Restarting DNS server"
   fi
 
@@ -164,7 +162,7 @@ Time:
           local str="Disabling blocking for ${tt} seconds"
           echo -e "  ${INFO} ${str}..."
           local str="Blocking will be re-enabled in ${tt} seconds"
-          nohup bash -c "sleep ${tt}; ${PI_HOLE_BIN_DIR}/pihole enable" </dev/null &>/dev/null &
+          nohup "${PI_HOLE_SCRIPT_DIR}"/pihole-reenable.sh ${tt} </dev/null &>/dev/null &
         else
           local error=true
         fi
@@ -175,7 +173,7 @@ Time:
           echo -e "  ${INFO} ${str}..."
           local str="Blocking will be re-enabled in ${tt} minutes"
           tt=$((${tt}*60))
-          nohup bash -c "sleep ${tt}; ${PI_HOLE_BIN_DIR}/pihole enable" </dev/null &>/dev/null &
+          nohup "${PI_HOLE_SCRIPT_DIR}"/pihole-reenable.sh ${tt} </dev/null &>/dev/null &
         else
           local error=true
         fi
@@ -197,6 +195,7 @@ Time:
     fi
   else
     # Enable Pi-hole
+    killall -q pihole-reenable
     if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
       echo -e "  ${INFO} Blocking already enabled, nothing to do"
       exit 0
@@ -221,9 +220,9 @@ Example: 'pihole logging on'
 Specify whether the Pi-hole log should be used
 
 Options:
-  on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
-  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
+  on                  Enable the Pi-hole log at /var/log/pihole/pihole.log
+  off                 Disable and flush the Pi-hole log at /var/log/pihole/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole/pihole.log"
     exit 0
   elif [[ "${1}" == "off" ]]; then
     # Disable logging
@@ -250,16 +249,47 @@ Options:
   echo -e "${OVER}  ${TICK} ${str}"
 }
 
+analyze_ports() {
+  # FTL is listening at least on at least one port when this
+  # function is getting called
+  echo -e "  ${TICK} DNS service is listening"
+  # Check individual address family/protocol combinations
+  # For a healthy Pi-hole, they should all be up (nothing printed)
+  if grep -q "IPv4.*UDP" <<< "${1}"; then
+      echo -e "     ${TICK} UDP (IPv4)"
+  else
+      echo -e "     ${CROSS} UDP (IPv4)"
+  fi
+  if grep -q "IPv4.*TCP" <<< "${1}"; then
+      echo -e "     ${TICK} TCP (IPv4)"
+  else
+      echo -e "     ${CROSS} TCP (IPv4)"
+  fi
+  if grep -q "IPv6.*UDP" <<< "${1}"; then
+      echo -e "     ${TICK} UDP (IPv6)"
+  else
+      echo -e "     ${CROSS} UDP (IPv6)"
+  fi
+  if grep -q "IPv6.*TCP" <<< "${1}"; then
+      echo -e "     ${TICK} TCP (IPv6)"
+  else
+      echo -e "     ${CROSS} TCP (IPv6)"
+  fi
+  echo ""
+}
+
 statusFunc() {
-  # Determine if service is running on port 53 (Cr: https://superuser.com/a/806331)
-  if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then
+  # Determine if there is a pihole service is listening on port 53
+  local listening
+  listening="$(lsof -Pni:53)"
+  if grep -q "pihole" <<< "${listening}"; then
     if [[ "${1}" != "web" ]]; then
-      echo -e "  ${TICK} DNS service is running"
+      analyze_ports "${listening}"
     fi
   else
     case "${1}" in
       "web") echo "-1";;
-      *) echo -e "  ${CROSS} DNS service is NOT running";;
+      *) echo -e "  ${CROSS} DNS service is NOT listening";;
     esac
     return 0
   fi
@@ -269,13 +299,13 @@ statusFunc() {
     # A config is commented out
     case "${1}" in
       "web") echo 0;;
-      *) echo -e "  ${CROSS} Pi-hole blocking is Disabled";;
+      *) echo -e "  ${CROSS} Pi-hole blocking is disabled";;
     esac
   elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
     # Configs are set
     case "${1}" in
       "web") echo 1;;
-      *) echo -e "  ${TICK} Pi-hole blocking is Enabled";;
+      *) echo -e "  ${TICK} Pi-hole blocking is enabled";;
     esac
   else
     # No configs were found
@@ -302,10 +332,10 @@ tailFunc() {
   source /etc/pihole/setupVars.conf
 
   # Strip date from each line
-  # Colour blocklist/blacklist/wildcard entries as red
-  # Colour A/AAAA/DHCP strings as white
-  # Colour everything else as gray
-  tail -f /var/log/pihole.log | sed -E \
+  # Color blocklist/blacklist/wildcard entries as red
+  # Color A/AAAA/DHCP strings as white
+  # Color everything else as gray
+  tail -f /var/log/pihole/pihole.log | sed -E \
     -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
     -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
     -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@@ -317,7 +347,7 @@ piholeCheckoutFunc() {
   if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then
     echo "Usage: pihole checkout [repo] [branch]
 Example: 'pihole checkout master' or 'pihole checkout core dev'
-Switch Pi-hole subsystems to a different Github branch
+Switch Pi-hole subsystems to a different GitHub branch
 
 Repositories:
   core [branch]       Change the branch of Pi-hole's core subsystem
@@ -416,7 +446,7 @@ Options:
   restartdns          Full restart Pi-hole subsystems
                         Add 'reload' to update the lists and flush the cache without restarting the DNS server
                         Add 'reload-lists' to only update the lists WITHOUT flushing the cache or restarting the DNS server
-  checkout            Switch Pi-hole subsystems to a different Github branch
+  checkout            Switch Pi-hole subsystems to a different GitHub branch
                         Add '-h' for more info on checkout usage
   arpflush            Flush information stored in Pi-hole's network tables";
   exit 0

supportedos.txt

@@ -0,0 +1,5 @@
+Raspbian=9,10
+Ubuntu=16,18,20
+Debian=9,10
+Fedora=31,32
+CentOS=7,8

test/README.md

@@ -7,11 +7,11 @@ From command line all you need to do is:
 - `pip install tox`
 - `tox`
 
-Tox handles setting up a virtual environment for python dependancies, installing dependancies, building the docker images used by tests, and finally running tests.  It's an easy way to have travis-ci like build behavior locally.
+Tox handles setting up a virtual environment for python dependencies, installing dependencies, building the docker images used by tests, and finally running tests.  It's an easy way to have travis-ci like build behavior locally.
 
 ## Alternative py.test method of running tests
 
-You're responsible for setting up your virtual env and dependancies in this situation.
+You're responsible for setting up your virtual env and dependencies in this situation.
 
 ```
 py.test -vv -n auto -m "build_stage"

test/conftest.py

@@ -14,9 +14,9 @@ SETUPVARS = {
     'PIHOLE_DNS_2': '4.2.2.2'
 }
 
-tick_box = "[\x1b[1;32m\xe2\x9c\x93\x1b[0m]".decode("utf-8")
-cross_box = "[\x1b[1;31m\xe2\x9c\x97\x1b[0m]".decode("utf-8")
-info_box = "[i]".decode("utf-8")
+tick_box = "[\x1b[1;32m\u2713\x1b[0m]"
+cross_box = "[\x1b[1;31m\u2717\x1b[0m]"
+info_box = "[i]"
 
 
 @pytest.fixture
@@ -38,9 +38,7 @@ def Pihole(Docker):
         return out
 
     funcType = type(Docker.run)
-    Docker.run = funcType(run_bash,
-                          Docker,
-                          testinfra.backend.docker.DockerBackend)
+    Docker.run = funcType(run_bash, Docker)
     return Docker
 
 
@@ -106,7 +104,7 @@ def mock_command(script, args, container):
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
     case "\$1" in'''.format(script=script))
-    for k, v in args.iteritems():
+    for k, v in args.items():
         case = dedent('''
         {arg})
         echo {res}
@@ -133,7 +131,7 @@ def mock_command_2(script, args, container):
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
     case "\$1 \$2" in'''.format(script=script))
-    for k, v in args.iteritems():
+    for k, v in args.items():
         case = dedent('''
         \"{arg}\")
         echo \"{res}\"

test/test_000_build_containers.py

@@ -18,6 +18,6 @@ run_local = testinfra.get_backend(
 def test_build_pihole_image(image, tag):
     build_cmd = run_local('docker build -f {} -t {} .'.format(image, tag))
     if build_cmd.rc != 0:
-        print build_cmd.stdout
-        print build_cmd.stderr
+        print(build_cmd.stdout)
+        print(build_cmd.stderr)
     assert build_cmd.rc == 0

test/test_automated_install.py

@@ -1,6 +1,6 @@
 from textwrap import dedent
 import re
-from conftest import (
+from .conftest import (
     SETUPVARS,
     tick_box,
     info_box,
@@ -34,7 +34,7 @@ def test_setupVars_are_sourced_to_global_scope(Pihole):
     This confirms the sourced variables are in scope between functions
     '''
     setup_var_file = 'cat <<EOF> /etc/pihole/setupVars.conf\n'
-    for k, v in SETUPVARS.iteritems():
+    for k, v in SETUPVARS.items():
         setup_var_file += "{}={}\n".format(k, v)
     setup_var_file += "EOF\n"
     Pihole.run(setup_var_file)
@@ -59,7 +59,7 @@ def test_setupVars_are_sourced_to_global_scope(Pihole):
 
     output = run_script(Pihole, script).stdout
 
-    for k, v in SETUPVARS.iteritems():
+    for k, v in SETUPVARS.items():
         assert "{}={}".format(k, v) in output
 
 
@@ -69,7 +69,7 @@ def test_setupVars_saved_to_file(Pihole):
     '''
     # dedent works better with this and padding matching script below
     set_setup_vars = '\n'
-    for k, v in SETUPVARS.iteritems():
+    for k, v in SETUPVARS.items():
         set_setup_vars += "    {}={}\n".format(k, v)
     Pihole.run(set_setup_vars).stdout
 
@@ -88,7 +88,7 @@ def test_setupVars_saved_to_file(Pihole):
 
     output = run_script(Pihole, script).stdout
 
-    for k, v in SETUPVARS.iteritems():
+    for k, v in SETUPVARS.items():
         assert "{}={}".format(k, v) in output
 
 
@@ -316,23 +316,6 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
     assert expected_stdout in installed_binary.stdout
 
 
-# def test_FTL_support_files_installed(Pihole):
-#     '''
-#     confirms FTL support files are installed
-#     '''
-#     support_files = Pihole.run('''
-#     source /opt/pihole/basic-install.sh
-#     FTLdetect
-#     stat -c '%a %n' /var/log/pihole-FTL.log
-#     stat -c '%a %n' /run/pihole-FTL.port
-#     stat -c '%a %n' /run/pihole-FTL.pid
-#     ls -lac /run
-#     ''')
-#     assert '644 /run/pihole-FTL.port' in support_files.stdout
-#     assert '644 /run/pihole-FTL.pid' in support_files.stdout
-#     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
-
-
 def test_IPv6_only_link_local(Pihole):
     '''
     confirms IPv6 blocking is disabled for Link-local address

test/test_centos_fedora_support.py

@@ -1,10 +1,9 @@
 import pytest
-from conftest import (
+from .conftest import (
     tick_box,
     info_box,
     cross_box,
     mock_command,
-    mock_command_2,
 )
 
 

test/test_shellcheck.py

@@ -14,5 +14,5 @@ def test_scripts_pass_shellcheck():
                   "shellcheck -x \"$file\" -e SC1090,SC1091; "
                   "done;")
     results = run_local(shellcheck)
-    print results.stdout
+    print(results.stdout)
     assert '' == results.stdout

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py27
+envlist = py36
 
 [testenv]
 whitelist_externals = docker