Forem: Prajwol Adhikari

Your Personal Internet Guardian: How to Build a FREE Ad-Blocker in the Cloud! 🚀

Prajwol Adhikari — Tue, 26 Aug 2025 04:21:23 +0000

Hey everyone! A while back, I wrote a guide on setting up AdGuard Home on Linode. The world of tech moves fast, and it's time for an upgrade! Today, we're going to build our own powerful, network-wide ad-blocker using Amazon Web Services (AWS), and we'll make it secure with our own domain and SSL certificate.

Think of this as building a digital gatekeeper for your internet. Before any ads, trackers, or malicious sites can reach your devices, our AdGuard Home server will slam the door shut. The best part? This works on your phone, laptop, smart TV—anything on your network—without installing a single app on them.

This guide is for everyone, from seasoned tech wizards to curious beginners. We'll break down every step in simple terms, so grab a coffee, and let's build something awesome!

## Chapter 1: Building Our Home in the AWS Cloud ☁️

First, we need a server. We'll use an Amazon EC2 instance, which is just a fancy name for a virtual computer that you rent.

Sign Up for AWS: If you don't have an account, head to the AWS website and sign up. You'll need a credit card for verification, but for this guide, we can often stay within the Free Tier.
Launch Your EC2 Instance:
- Log in to your AWS Console and search for EC2.
- Click "Launch instance".
- Name: Give your server a cool name, like AdGuard-Server.
- Application and OS Images: In the search bar, type Debian and select the latest version (e.g., Debian 12). Make sure it's marked "Free tier eligible".
- Instance Type: Choose t2.micro. This is your free, trusty little server.
- Key Pair (for login): This is your digital key to the server's front door. Click "Create a new key pair", name it something like my-adguard-key, and download the .pem file. Keep this file secret and safe!
- Network settings (The Firewall): This is crucial. We need to tell our server which doors to open. Click "Edit".
  - Check the box for "Allow SSH traffic from" and select My IP. This lets you securely log in.
  - Check "Allow HTTPS traffic from the internet" and "Allow HTTP traffic from the internet". We'll need these for our secure dashboard later.
Launch It! Hit the "Launch instance" button and watch as your new cloud server comes to life.
Give Your Server a Permanent Address (Elastic IP):
- By default, your server's public IP address will change every time it reboots. Let's make it permanent!
- In the EC2 menu on the left, go to "Elastic IPs".
- Click "Allocate Elastic IP address" and then "Allocate".
- Select the new IP address from the list, click "Actions", and then "Associate Elastic IP address".
- Choose your AdGuard-Server instance from the list and click "Associate".
- Your server now has a static IP address that will never change! Make a note of this new IP.

## Chapter 2: Opening the Doors (Configuring the Firewall) 🚪

Our server is running, but we need to open a few more specific doors for AdGuard Home to work.

Go to your EC2 Instance details, click the "Security" tab, and click on the Security Group name.
Click "Edit inbound rules" and "Add rule" for each of the following:
- Port 3000: Custom TCP, Port 3000, Source My IP. (For the initial setup).
- Port 53 (TCP): Custom TCP, Port 53, Source Anywhere-IPv4. (For DNS).
- Port 53 (UDP): Custom UDP, Port 53, Source Anywhere-IPv4. (Also for DNS).
- Port 853: Custom TCP, Port 853, Source Anywhere-IPv4. (For DNS-over-TLS).
Click "Save rules". Your firewall is now ready!

## Chapter 3: Installing AdGuard Home 🛡️

Now, let's connect to our server and install the magic software.

Connect via SSH: Open a terminal (PowerShell on Windows, Terminal on Mac/Linux) and use the key you downloaded to connect. Use your new Elastic IP address!
```
# Replace the path and Elastic IP with your own
ssh -i "path/to/my-adguard-key.pem" admin@YOUR_ELASTIC_IP
```

Install AdGuard Home: Run this one simple command. It downloads and installs everything for you.

curl -s -S -L [https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh](https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh) | sh -s -- -v

Run the Setup Wizard: The script will give you a link, like http://YOUR_ELASTIC_IP:3000. Open this in your browser. Follow the on-screen steps to create your admin username and password.

## Chapter 4: Teaching Your Guardian Who to Trust and What to Block

With AdGuard Home installed, the next step is to configure its core brain: the DNS servers it gets its answers from and the blocklists it uses to protect your network.

1. Setting Up Upstream DNS Servers

Think of "Upstream DNS Servers" as the giant, public phonebooks of the internet. When your AdGuard server doesn't know an address (and it's not on a blocklist), it asks one of these upstreams. It's recommended to use a mix of the best encrypted DNS providers for security, privacy, and speed.

In the AdGuard dashboard, go to Settings -> DNS settings. In the "Upstream DNS servers" box, enter the following, one per line:

https://dns.quad9.net/dns-query
https://dns.google/dns-query
https://dns.cloudflare.com/dns-query
Quad9: Focuses heavily on security, blocking malicious domains.
Google: Known for being very fast.
Cloudflare: A great all-around choice with a strong focus on privacy.

2. Optimizing DNS Performance

Still in the DNS settings page, scroll down to optimize how your server queries the upstreams.

Parallel requests: Select this option. This is the fastest and most resilient mode. It sends your DNS query to all three of your upstream servers at the same time and uses the answer from the very first one that responds. This ensures you always get the quickest possible result.
Enable EDNS client subnet (ECS): Check this box. This is very important for services like Netflix, YouTube, and other content delivery networks (CDNs). It helps them give you content from a server that is geographically closest to you, resulting in faster speeds and a better experience.

3. Enabling DNSSEC

Right below the upstream servers, there's a checkbox for "Enable DNSSEC". You should check this box. DNSSEC is like a digital wax seal on a letter; it verifies that the DNS answers you're getting are authentic and haven't been tampered with. It's a simple, one-click security boost.

4. Choosing Your Blocklists

This is the fun part—the actual ad-blocking! Go to Filters -> DNS blocklists. For a "Balanced & Powerful" setup that blocks aggressively without a high risk of breaking websites, enable the following lists:

AdGuard DNS filter: A great, well-maintained baseline.
OISD Blocklist Big: Widely considered one of the best all-in-one lists for blocking ads, trackers, and malware.
HaGeZi's Pro Blocklist: A fantastic list that adds another layer of aggressive blocking for privacy.
HaGeZi's Threat Intelligence Feed: A crucial security-only list that focuses on protecting against active threats like phishing and malware.

This combination will give you robust protection against both annoyances and real dangers.

## Chapter 5: Giving Your Server a Name (Free Domain with No-IP) 📛

An IP address is hard to remember. Let's get a free, memorable name for our server.

Sign Up at No-IP: Go to No-IP.com, create a free account, and create a hostname (e.g., my-dns.ddns.net).
Point it to Your Server: When creating the hostname, enter your server's permanent Elastic IP address. Confirm your account via email.

## Chapter 6: Making It Secure with SSL/TLS 🔐

We'll use Let's Encrypt and Certbot to get a free SSL certificate, which lets us use secure https:// and encrypted DNS.

Install Certbot: In your SSH session, run these commands:
```
sudo apt update
sudo apt install certbot -y
```
Get the Certificate: Run this command, replacing the email and domain with your own.
```
# This command will temporarily stop any service on port 80, get the certificate, and then finish.
sudo certbot certonly --standalone --agree-tos --email YOUR_EMAIL@example.com -d your-no-ip-hostname.ddns.net
```
If it's successful, it will tell you where your certificate files are saved (usually in /etc/letsencrypt/live/your-no-ip-hostname.ddns.net/).
Configure AdGuard Home Encryption:
- Go to your AdGuard Home dashboard (Settings -> Encryption settings).
- Check "Enable encryption".
- In the "Server name" field, enter your No-IP hostname.
- Under "Certificates", choose "Set a certificates file path".
  - Certificate path: /etc/letsencrypt/live/your-no-ip-hostname.ddns.net/fullchain.pem
  - Private key path: /etc/letsencrypt/live/your-no-ip-hostname.ddns.net/privkey.pem
- Click "Save configuration". The page will reload on a secure https:// connection!

## Chapter 7: Automating SSL Renewal (Cron Job Magic) ✨

Let's Encrypt certificates last for 90 days. We can tell our server to automatically renew them.

Open the Cron Editor: In SSH, run sudo crontab -e and choose nano as your editor.
Add the Renewal Job: Add this line to the bottom of the file. It tells the server to try renewing the certificate every day at 2:30 AM.
```
30 2 * * * /usr/bin/certbot renew --quiet
```
Save and exit (Ctrl+X, then Y, then Enter). Your server will now keep its certificate fresh forever!

## Chapter 8: Testing Your New Superpowers (DoH & DoT) 🧪

For a direct confirmation, I used these commands on my computer:

DNS-over-HTTPS (DoH) Test: This test checks if the secure web endpoint for DNS is alive.
```
curl -v [https://your-no-ip-hostname.ddns.net/dns-query](https://your-no-ip-hostname.ddns.net/dns-query)
```
I got a "405 Method Not Allowed" error, which sounds bad but is actually great news. It means I successfully connected to the server, which correctly told me I didn't send a real query. The connection works!
DNS-over-TLS (DoT) Test: This checks the dedicated secure port for DNS. I used a tool called kdig.
```
# I had to install it first with: sudo apt install knot-dnsutils
kdig @your-no-ip-hostname.ddns.net +tls-ca +tls-host=your-no-ip-hostname.ddns.net example.com
```
The command returned a perfect DNS answer for example.com, confirming the secure tunnel was working.

## Chapter 9: Protecting Your Kingdom (Router & Phone Setup) 🏰

Now, let's point your devices to their new guardian.

On Your Home Router: Log in to your router's admin page, find the DNS settings, and enter your server's Elastic IP as the primary DNS server. Leave the secondary field blank! This forces all devices on your Wi-Fi to be protected. Then, restart your router.
On Your Mobile Phone:
- Android: Go to Settings -> Network -> Private DNS. Choose "Private DNS provider hostname" and enter your No-IP hostname (my-dns.ddns.net). This gives you ad-blocking everywhere, even on cellular data!
- iOS: You can use a profile to configure DoH. A simple way is to use a site like AdGuard's DNS profile generator, but enter your own server's DoH address (https://my-dns.ddns.net/dns-query).

## Chapter 10: The Ultimate Safety Net (Creating a Snapshot) 📸

Finally, let's back up our perfect setup.

In the EC2 Console, go to your instance details.
Click the "Storage" tab and click the "Volume ID".
Click "Actions" -> "Create snapshot".
Give it a description, like AdGuard-Working-Setup-Backup.

If you ever mess something up, you can use this snapshot to restore your server to this exact working state in minutes.

## Bonus Chapter: Common Troubleshooting Tips

If things aren't working, here are a few common pitfalls to check:

Browser Overrides Everything: If one device isn't blocking ads, check its browser settings! Modern browsers like Chrome have a "Secure DNS" feature that can bypass your custom setup. You may need to turn this off.
Check Your Laptop's DNS: Make sure your computer's network settings are set to "Obtain DNS automatically" so it listens to the router. A manually set DNS on your PC will ignore the router's settings.
Beware of IPv6: If you run into trouble on one device, try disabling IPv6 in that device's Wi-Fi adapter properties to force it to use your working IPv4 setup.

## It’s a Wrap!

And there you have it! You've successfully built a personal, secure, ad-blocking DNS server in the cloud. You've learned about cloud computing, firewalls, DNS, SSL, and automation. Go enjoy a faster, cleaner, and more private internet experience.

Running Private Adguard Server on Cloud (Linode)

Prajwol Adhikari — Sat, 01 Mar 2025 04:44:00 +0000

What's the buzz about AdGuard Home?

Imagine AdGuard Home as your personal internet guardian. This versatile tool blocks ads, trackers, and other online nuisances across all devices connected to your network. Whether you're browsing on your phone, tablet, or computer, AdGuard Home has your back.

In today's digital landscape, robust security measures are paramount. Protecting each device shields your family from accidental clicks and malicious attacks, ensuring peace of mind and a secure online environment.

Why on the Cloud?

While setting up AdGuard Home on your home network is great, installing it on a cloud server like Linode takes things up a notch. Here's why:

On-the-Go Protection: Your devices stay protected from ads and trackers, no matter where you are, you can even share it with your family.
Centralized Control: Manage and customize your ad-blocking settings from a single dashboard.
Enhanced Privacy: Keep your browsing data away from prying eyes.

Ready to embark on this ad-free adventure? Let's get started!

Setting Up The Environment

Step 1: Create a Linode Cloud Account

Why choose Linode? Through NetworkChuck's referral link, you receive a generous $100 cloud credit - a fantastic start!

Sign Up: Navigate to Linode's signup page and register.
Access the Dashboard: Log in and select 'Linodes' from the left-side menu.
Create a Linode: Click 'Create Linode,' choose your preferred region, and select an operating system (Debian 11 is a solid choice).
Choose a Plan: The Shared 1GB Nanode instance is sufficient for AdGuard Home.
Label and Secure: Assign a label to your Linode and set a strong root password.
Deploy: Click 'Create Linode' and wait for it to initialize.

Once your Linode is up and running, access it via the LISH Console or SSH. (use root as localhost login)

Step 2: Installing AdGuard Home on Linode

Yes, we're already into setting up at this point.

Log In: Access your Linode using SSH or the LISH Console with your root credentials.
Update the system:

sudo apt update && apt upgrade -y

Go ahead and copy this command to Install Adguard Home:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

AdGuard Home is installed and running. You can use CTRL+Shift+V to paste into the terminal.

Step 3: Configure AdGuard Home

Post-installation, you'll see a list of IP addresses with port :3000.

Access the Web Interface: Open your browser and navigate to the IP address followed by :3000. If you encounter a security warning, proceed by clicking "Continue to site."
Initial Setup: Click 'Get Started' and follow the prompts. When uncertain, default settings are typically fine.
Set Credentials: Set up the Username and Password.

Step 4: Integrate AdGuard Home with Your Router

After this your AdGuard Home is running, but in order to use it on your devices you need to setup inside your home router for all your devices to be protected. For that, I can't walk you through each and every router settings, but the steps are pretty similar.

Find your router IP address, you should be able to find it on the back of your router (commonly 192.168.0.1 or 192.169.1.1) enter it into your browser.
Login into your router using the credentials mentioned in the back of your router; the default is often admin for both username and password. I suggest you change your default password.
Configure DNS Settings:
- Enable DHCP Server: Ensure your router's DHCP server is active.
- Set DNS Addresses: Input your AdGuard Home server's IP as the primary DNS (mine was 96.126.113.207). For secondary DNS, options like 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9), or 8.8.8.8 (Google) are reliable.
- Save and apply the changes.

Fine-Tuning AdGuard Home

If you've done everything till here you should be good, but for those who enjoy customization, AdGuard Home offers a plethora of settings. Some of the customizations I did are:

Settings

Go to Settings -> General Settings: You can enable Parental Control and Safe Search.
You can also make your Statistics last longer than 24hrs which is default.
Now on Settings -> DNS Settings
- By default it uses DNS from quad9 which is pretty good but I suggest you add more.
- You can click on list of known DNS providers, where you can choose from.
- I used:
- Enable 'Load Balancing' to distribute queries evenly.
- Scroll down to 'DNS server configuration' and enable DNSSEC for enhanced security.
- Click on Save.

Filters

DNS blocklists

Go to Filters -> DNS blocklists, here you can add blocklist that people have created and use it to block even more things. By default AdGuard uses AdGuard DNS filter, and you can add more.

Click on Add blocklist -> Choose from the list
Don't choose too many from the list cause it may slow your internet requests. These are the blocklists I added. And just like that you are blocking more and more things.

DNS rewrites

Go to Filters -> DNS rewrites, here you can add your own DNS entries, so I added AdGuard here.

Click on Add DNS rewrite
Type in domain adguardforme.local and your IP address for AdGuard Home.
And save it.

Now, when I want to go on AdGuard Home dashboard I just type in adguardforme.local and I'm into AdGuard, I don't have to remember the IP address.

Custom filtering rules

Go to Filters -> Custom filtering rules. For some reason when I use Facebook on mobile device stories and videos does not load up, so I added custom filtering rules.

@@||graph.facebook.com^$important

Dive into AI Fun: Running DeepSeek-R1 on Docker Container on Ubuntu

Prajwol Adhikari — Sat, 01 Mar 2025 04:23:28 +0000

What's a Docker Container?

Before we dive into setting up DeepSeek-R1, let me explain what a Docker container is. Imagine you have a toy that works perfectly on your birthday but gets broken if you move it to another room. A Docker container is like a magic box that keeps your AI model (the toy) in perfect condition wherever you take it, whether it's running as a background task, on a web server, or even in the cloud.

Docker containers encapsulate everything required to run an application: the code, dependencies, and environment settings. This ensures consistency across different machines, which is super important for AI models that rely on precise configurations.

Setting Up The Environment

Step 1: Install Ubuntu on Windows (If You Haven't Already)

If you're using Windows, the easiest way to get an Ubuntu environment is through the Microsoft Store. Here's how:

Open the Microsoft Store and search for Ubuntu.
Click Get and let it install.
Once installed, open Ubuntu from the Start menu and follow the setup instructions.
Update the system:

sudo apt update && sudo apt upgrade

Now, you have an Ubuntu terminal running on Windows!

Step 2: Install Docker (If You Haven't Already)

First, let's check if you have Docker installed. Open a terminal and run:

docker --version

If that returns a version number, congrats! If not, install Docker:

sudo apt update && sudo apt install docker.io -y
sudo systemctl enable --now docker

Step 3: Prerequisites for NVIDIA GPU

Install NVIDIA Container Toolkit:

Configuring the production repository:

curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list

Update the package list:

sudo apt-get update

Install the NVIDIA Container Toolkit:

sudo apt-get install -y nvidia-container-toolkit

Running Ollama Inside Docker

Run these commands(P.S. shoutout to NetworkChuck):

docker run -d \
--gpus all \
-v ollama:/root/.ollama \
-p 11434:11434 \
--security-opt=no-new-privileges \
--cap-drop=ALL \
--cap-add=SYS_NICE \
--memory=8g \
--memory-swap=8g \
--cpus=4 \
--read-only \
--name ollama \
ollama/ollama

Running DeepSeek-R1 Locally

Time to bring DeepSeek-R1 to life locally and containerized:

docker exec -it ollama ollama run deepseek-r1

or you can run other versions of deepseek-r1 just by typing in the version at the end after a colon(:)

docker exec -it ollama ollama run deepseek-r1:7b

After this, play around with the AI, if you wanna exit just type:

/bye

Starting Deepseek-R1

To Start Deepseek-R1 from next time go to Ubuntu and type:

docker start ollama

this will start ollama docker container; then type:

docker exec -it ollama ollama run deepseek-r1:7b