AdGuardHome Change Listening Port

[muffintastic]

Hello, I wonder if someone could help me. I would like to to change the default 14711 port for adguard to something of my preferred choice. I have installed this module through amtm. If someone could help that would be great.

 

[johndoe85]

Hello, I wonder if someone could help me. I would like to to change the default 14711 port for adguard to something of my preferred choice. I have installed this module through amtm. If someone could help that would be great.

/tmp/mnt/RT-AX86U/entware/etc/AdGuardHome/AdGuardHome.yaml

change RT-AX86U to your preferense.
Or type find / -name AdGuardHome.yaml

 

[muffintastic]

/tmp/mnt/RT-AX86U/entware/etc/AdGuardHome/AdGuardHome.yaml

change RT-AX86U to your preferense.
Or type find / -name AdGuardHome.yaml

I tried this, however after a reboot the selected port I wanted I get 'refused' error, cleared cached, history etc. Locks me out on the default port and custom. I had to remove it and reinstall it. So, not sure.

 

[gspannu]

I tried this, however after a reboot the selected port I wanted I get 'refused' error, cleared cached, history etc. Locks me out on the default port and custom. I had to remove it and reinstall it. So, not sure.

Can you post your actual AdGuardHome.yaml file here to have a look?

 

[johndoe85]

Would be handy with a pastebin tool, shame there is no such package in opkg list.

 

[muffintastic]

Can you post your actual AdGuardHome.yaml file here to have a look?

Yes I can if that will help.

 

[muffintastic]

bind_host: 0.0.0.0
bind_port: 14711
beta_bind_port: 0
users:
- name: redacted
  password: redacted
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
  - 0.0.0.0
  port: 53
  statistics_interval: 90
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 2160h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: nxdomain
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
  - '[/router.asus.com/][::]:553'
  - '[/www.asusnetwork.net/][::]:553'
  - '[/www.asusrouter.com/][::]:553'
  - '[/use-application-dns.net/][::]:553'
  - '[/dns.resolver.arpa/][::]:553'
  - '[/lan/][::]:553'
  - '[//][::]:553'
  - tls://1.1.1.1
  upstream_dns_file: ""
  bootstrap_dns:
  - tls://1.1.1.1
  all_servers: false
  fastest_addr: true
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
  - version.bind
  - id.server
  - hostname.bind
  trusted_proxies:
  - 127.0.0.0/8
  - ::1/128
  cache_size: 40194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: true
  edns_client_subnet: false
  max_goroutines: 300
  ipset: []
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  local_domain_name: lan
  resolve_clients: true
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
  - '[::]:553'
  - '[/10.in-addr.arpa/][::]:553'
  - '[/168.192.in-addr.arpa/][::]:553'
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  strict_sni_check: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
filters:
- enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard DNS filter
  id: 1
- enabled: true
  url: https://adaway.org/hosts.txt
  name: AdAway Default Blocklist
  id: 2
- enabled: true
  url: https://someonewhocares.org/hosts/zero/hosts
  name: Dan Pollock's List
  id: 1650130515
- enabled: true
  url: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt
  name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
  id: 1650130516
- enabled: true
  url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=adblockplus&showintro=1&mimetype=plaintext
  name: Peter Lowe's List
  id: 1650130517
- enabled: true
  url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuardHome.txt
  name: Dandelion Sprout's Anti-Malware List
  id: 1650130518
- enabled: true
  url: https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
  name: NoCoin Filter List
  id: 1650130519
- enabled: true
  url: https://raw.githubusercontent.com/durablenapkin/scamblocklist/master/adguard.txt
  name: Scam Blocklist by DurableNapkin
  id: 1650130520
- enabled: true
  url: https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts
  name: The Big List of Hacked Malware Web Sites
  id: 1650130521
- enabled: true
  url: https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt
  name: Online Malicious URL Blocklist
  id: 1650130522
- enabled: true
  url: https://abp.oisd.nl/
  name: Oisd
  id: 1650130523
- enabled: true
  url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_11_Mobile/filter.txt
  name: Mobile ads filter
  id: 1650372270
- enabled: true
  url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_2_English/filter.txt
  name: AdGuard Base Filter
  id: 1650372271
- enabled: true
  url: https://block.energized.pro/basic/formats/hosts
  name: Energized
  id: 1650372272
whitelist_filters: []
user_rules:
- '@@||s.youtube.com^$important'
- '@@||batchlogging4-eu.truecaller.com^$important'
- '||ads-partner-eu.truecaller.com.lan^$important'
- ""
dhcp:
  enabled: false
  interface_name: ""
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: true
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 12

 

[chongnt]

Do you mean the Web GUI port? If yes, change bind_port: 14711 to your desired port number. Save the file, then restart AGH should make the new port take effect.

 

[muffintastic]

Do you mean the Web GUI port? If yes, change bind_port: 14711 to your desired port number. Save the file, then restart AGH should make the new port take effect.

Yes. I did this, restarted the router but couldnt access it on the new port or default. Had to reinstall. What is the ssh command?

 

[chongnt]

Yes. I did this, restarted the router but couldnt access it on the new port or default. Had to reinstall. What is the ssh command?

That is strange. It works for me. Perhaps next time can make a backup copy before making changes. That way, in case any hiccup we can easily restore the good working copy of yaml file. What ssh command you looking for?

 

[muffintastic]

That is strange. It works for me. Perhaps next time can make a backup copy before making changes. That way, in case any hiccup we can easily restore the good working copy of yaml file. What ssh command you looking for?

To restart adguard without having to restart the entire router.

 

[johndoe85]

kill -HUP pid-id

 

[chongnt]

To restart adguard without having to restart the entire router.oh

Oh, to restart AGH can use this /opt/etc/init.d/S99AdGuardHome restart

 

[gspannu]

To restart adguard without having to restart the entire router.

The syntax is as below...
service {start|stop|restart|check|kill|reload}_AdGuardHome

Use the appropriate command as needed...
service restart_AdGuardHome
then maybe service check_AdGuardHome

---

Updated:
Out of curiosity, what port are you planning to use and why?
I would also suggest to try with a different port number (just to validate that you are not using an existing port).
Try something like bind_port: 55443
and if it works, it proves that AdGuardHome is working as expected.... and it is your port selection that may be an issue.

---

Updated:
1) In addition, can you please read your file again after changing the value (to check the port value is retained).
2) Now restart AdGuardHome service
3) Please read/ check the file again for the port value.

 

[muffintastic]

Many thanks for the information. I will try the above methods when I have time. I will post back with results.

 

[SomeWhereOverTheRainBow]

Many thanks for the information. I will try the above methods when I have time. I will post back with results.

Adguardhome is very finicky about what ports you can bind to. They are strict depending on what kernel options are enabled. That is the reason I chose a high port number because I didn't know about the compatibility for each router. I hope the best for you on this endeavor though. Everyone here has given you the best advice.

(also you may have another application using the port you want, try running netstat -nlp | grep "theportyouwant" to see if it is in use already because the wildcard bind address of 0.0.0.0 means it binds to all.)

Here are the commands I recommend for AdGuardHome

service commands:
service {start|stop|kill|restart|reload}_AdGuardHome

alternative commands:
/opt/etc/init.d/S99AdGuardHome {start|stop|kill|check|restart|reload}

for checking if it is active:
/opt/etc/init.d/S99AdGuardHome check

And yes, recently I added the support for reload, which allows you to reload your /etc/host(s) configurations without killing adguardhome process. Also, notice i didnt add check to the service command, because this does not actually display a visual clarification that the actual process is running because service commands run completely separate from terminal session.

 

[vlord]

Adguardhome is very finicky about what ports you can bind to. They are strict depending on what kernel options are enabled. That is the reason I chose a high port number because I didn't know about the compatibility for each router. I hope the best for you on this endeavor though. Everyone here has given you the best advice.

(also you may have another application using the port you want, try running netstat -nlp | grep "theportyouwant" to see if it is in use already because the wildcard bind address of 0.0.0.0 means it binds to all.)

Here are the commands I recommend for AdGuardHome

service commands:
service {start|stop|kill|restart|reload}_AdGuardHome

alternative commands:
/opt/etc/init.d/S99AdGuardHome {start|stop|kill|check|restart|reload}

for checking if it is active:
/opt/etc/init.d/S99AdGuardHome check

And yes, recently I added the support for reload, which allows you to reload your /etc/host(s) configurations without killing adguardhome process. Also, notice i didnt add check to the service command, because this does not actually display a visual clarification that the actual process is running because service commands run completely separate from terminal session.

Is there a way to enable only https / 443 on AGH? It'd be nice not to have to remember the port number and simply use https to access the webpage but realize AGH is likely going to not like that port and will need to supply a certificate. I would like to do this without having to enable DNS over TLS

 

[SomeWhereOverTheRainBow]

Is there a way to enable only https / 443 on AGH? It'd be nice not to have to remember the port number and simply use https to access the webpage but realize AGH is likely going to not like that port and will need to supply a certificate. I would like to do this without having to enable DNS over TLS

If you don't run anything else on port 443, I suppose it would be possible. I don't recommend it though because it will break future compatibility with other things you might try to access over port 443 (or might break functionality of other services you might already access over port 443....).

Seriously though, how hard is it just to bookmark the web page?

 

[vlord]

If you don't run anything else on port 443, I suppose it would be possible. I don't recommend it though because it will break future compatibility with other things you might try to access over port 443 (or might break functionality of other services you might already access over port 443....).

Seriously though, how hard is it just to bookmark the web page?

Bookmarks? What's that? Maybe it's time I moved off Lynx