AdGuard Home App
AdGuard Home is a network-wide software for blocking ads & tracking.
- Questions? Ask in the Cloudron Forum - AdGuard Home
- AdGuard Home Website
- AdGuard Home forum
- AdGuard Home issue tracker
To change the AdGuard Home password, one must use the
First, open the Web terminal and run the command below. Note
that the single quote around the password below is not part of the password. It is needed
for the shell to execute the command correctly when your password has special characters.
$ htpasswd -nbB admin 'MyNewPassword' admin:$2y$05$zsr9LdcnDQ3TCBLuyljJHer6XS03ute6GiuA8H7ZjvKuJikud/wk2
Copy the password part (after the 'admin:') and put it in
(use the File Manager. It's a good idea to quote the password
field. So, it will look like this:
users: - name: admin password: "$2y$05$zsr9LdcnDQ3TCBLuyljJHer6XS03ute6GiuA8H7ZjvKuJikud/wk2"
The app must be restarted for the password change to take effect.
While the admin page is password protected, the DNS server is not. This is because DNS has no notion of authentication. Leaving your DNS server open will lead to it getting abused for conducting DDoS reflection and amplification attacks. Many VPS providers will likely send you a warning/caution email, if you run a open DNS resolver.
We strongly recommend securing your installation in the following ways:
When available, use your VPS providers firewall functionality to restrict access to Port 53 (TCP & UDP).
In the AdGuard Home dashboard, go to
DNS settings. Scroll to the bottom for
Access settingsand set a list of clients that can access the DNS server. You can also use ipdeny lists (IPv4 and IPv6) to set access and block lists.
DNS over HTTPS is enabled by default. Note that there is a Settings page that lets you enable DoH but you won't able to save that page since this is not implemented yet.
This is fine because DoH is enabled in the underlying configs and it's just an UI issue.
To use Client ID identifiers, you can add aliases to the app.
In the screenshot below, a wildcard alias is set up to make it possible to identify
somedevice by configuring it to make DoH requests to
DNS over TLS (DoT) is supported and uses port 853 by default. DoT is required for Android's "Private DNS mode" (available since Android 9.0 Pie).
To use Client ID identifiers, you must add a wildcard subdomain alias of the form
In the screenshot below, a wildcard alias is set up:
The phone can be configured in the
Private DNS settings as below: