Docker
Docker provides an isolated, portable way to run NextDNS Blocker without installing Python.
Quick Start
Section titled “Quick Start”# Clone repositorygit clone https://github.com/aristeoibarra/nextdns-blocker.gitcd nextdns-blocker
# Copy configuration templatescp .env.example .envcp config.json.example config.json
# Edit configurationnano .env # Add API credentialsnano config.json # Configure domains
# Start containerdocker compose up -dConfiguration
Section titled “Configuration”.env File
Section titled “.env File”# RequiredNEXTDNS_API_KEY=your_api_key_hereNEXTDNS_PROFILE_ID=your_profile_id
# OptionalAPI_TIMEOUT=10API_RETRIES=3config.json
Section titled “config.json”Same format as native installation:
{ "version": "1.0", "settings": { "timezone": "America/New_York" }, "blocklist": [...], "allowlist": [...]}docker-compose.yml
Section titled “docker-compose.yml”version: '3.8'
services: nextdns-blocker: build: . container_name: nextdns-blocker restart: unless-stopped env_file: - .env volumes: - ./config.json:/app/config.json:ro - nextdns-data:/app/data
volumes: nextdns-data:Container Operations
Section titled “Container Operations”docker compose up -ddocker compose downView Logs
Section titled “View Logs”# All logsdocker compose logs -f
# Recent logsdocker compose logs --tail 100Rebuild After Changes
Section titled “Rebuild After Changes”docker compose up -d --buildCheck Status
Section titled “Check Status”docker compose psRunning Commands
Section titled “Running Commands”Via docker compose exec
Section titled “Via docker compose exec”# Check statusdocker compose exec nextdns-blocker nextdns-blocker status
# Manual syncdocker compose exec nextdns-blocker nextdns-blocker config push -v
# View configdocker compose exec nextdns-blocker nextdns-blocker config showVia docker run
Section titled “Via docker run”docker run --rm \ --env-file .env \ -v $(pwd)/config.json:/app/config.json:ro \ nextdns-blocker nextdns-blocker statusDockerfile
Section titled “Dockerfile”The provided Dockerfile:
FROM python:3.11-slim
WORKDIR /app
# Install dependenciesCOPY requirements.txt .RUN pip install --no-cache-dir -r requirements.txt
# Copy applicationCOPY src/ ./src/COPY pyproject.toml .
# Install applicationRUN pip install --no-cache-dir .
# Create data directoryRUN mkdir -p /app/data
# Set up cronRUN apt-get update && apt-get install -y cron && rm -rf /var/lib/apt/lists/*
# Add cron jobRUN echo "*/2 * * * * nextdns-blocker config push >> /app/data/cron.log 2>&1" | crontab -
# Start cron in foregroundCMD ["cron", "-f"]Data Persistence
Section titled “Data Persistence”Volumes
Section titled “Volumes”The nextdns-data volume persists:
- Logs (
/app/data/logs/) - State files (
.panic) - Pending actions (
pending.json)
Config as Read-Only
Section titled “Config as Read-Only”Configuration is mounted read-only for safety:
volumes: - ./config.json:/app/config.json:roTo modify config:
- Edit locally:
nano config.json - Restart container:
docker compose restart
Timezone
Section titled “Timezone”Timezone is configured in config.json, not via environment variables:
{ "settings": { "timezone": "America/New_York" }}Networking
Section titled “Networking”DNS Resolution
Section titled “DNS Resolution”The container resolves DNS normally. Ensure your Docker network allows external DNS:
services: nextdns-blocker: dns: - 1.1.1.1 - 8.8.8.8No Port Exposure Needed
Section titled “No Port Exposure Needed”NextDNS Blocker only makes outbound API calls. No ports need to be exposed.
Health Check
Section titled “Health Check”Add a health check to docker-compose.yml:
services: nextdns-blocker: healthcheck: test: ["CMD", "nextdns-blocker", "status"] interval: 5m timeout: 10s retries: 3Multiple Profiles
Section titled “Multiple Profiles”Run multiple instances for different NextDNS profiles:
version: '3.8'
services: nextdns-work: build: . env_file: .env.work volumes: - ./config-work.json:/app/config.json:ro - work-data:/app/data
nextdns-home: build: . env_file: .env.home volumes: - ./config-home.json:/app/config.json:ro - home-data:/app/data
volumes: work-data: home-data:Updating
Section titled “Updating”Pull Latest
Section titled “Pull Latest”git pulldocker compose up -d --buildFrom Registry (if published)
Section titled “From Registry (if published)”docker compose pulldocker compose up -dTroubleshooting
Section titled “Troubleshooting”Container Keeps Restarting
Section titled “Container Keeps Restarting”Check logs:
docker compose logs --tail 50Common causes:
- Invalid credentials
- Malformed config.json
- Missing environment variables
Sync Not Running
Section titled “Sync Not Running”# Check cron is runningdocker compose exec nextdns-blocker ps aux | grep cron
# Check cron logdocker compose exec nextdns-blocker cat /app/data/cron.log
# Run sync manuallydocker compose exec nextdns-blocker nextdns-blocker config push -vConfig Changes Not Applied
Section titled “Config Changes Not Applied”# Restart containerdocker compose restart
# Or recreatedocker compose up -d --force-recreatePermission Issues
Section titled “Permission Issues”# Check file permissions in containerdocker compose exec nextdns-blocker ls -la /app/
# Fix volume permissionsdocker compose downsudo chown -R $USER:$USER ./docker compose up -dResource Limits
Section titled “Resource Limits”Add resource limits for production:
services: nextdns-blocker: deploy: resources: limits: cpus: '0.5' memory: 128M reservations: memory: 64MLogging Configuration
Section titled “Logging Configuration”Configure logging driver:
services: nextdns-blocker: logging: driver: "json-file" options: max-size: "10m" max-file: "3"Uninstalling
Section titled “Uninstalling”# Stop and remove containerdocker compose down
# Remove volume (loses data)docker compose down -v
# Remove imagedocker rmi nextdns-blocker
# Remove filesrm -rf config.json .env