AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[mefistos]

Just checked my PS5 queries in AdGuard from before and after I installed unbound, and it does seem like there is improvement in the response time. From the screenshots you can see unbound serves the cached entries for longer than Adguard does. and in the end when it goes to cloudflare DoT the response time is similar whether it comes from unbound or AdGuard.

 

[chongnt]

Just checked my PS5 queries in AdGuard from before and after I installed unbound, and it does seem like there is improvement in the response time. From the screenshots you can see unbound serves the cached entries for longer than Adguard does. and in the end when it goes to cloudflare DoT the response time is similar whether it comes from unbound or AdGuard.

If I’m not mistaken unbound addons by default have cache-min-ttl of 1200 sec (configurable). It also has prefetch enabled.
If you opt out unbound, you can achieve similar behavior with AdguardHome DNS cache Overwrite minimum TTL and optimistic cache.
In fact, I find AGH cache perform better than unbound cache in certain condition. I have a program that lookup to about 100 of repo to sync. With unbound cache, some of them will have over 100ms response time. With AGH optimistic cache all of them have minimum response time.

 

[SomeWhereOverTheRainBow]

If I’m not mistaken unbound addons by default have cache-min-ttl of 1200 sec (configurable). It also has prefetch enabled.
If you opt out unbound, you can achieve similar behavior with AdguardHome DNS cache Overwrite minimum TTL and optimistic cache.
In fact, I find AGH cache perform better than unbound cache in certain condition. I have a program that lookup to about 100 of repo to sync. With unbound cache, some of them will have over 100ms response time. With AGH optimistic cache all of them have minimum response time.

And this is where dig test to both AdGuardHome and Unbound upstreams separately may indicate some more details.

 

[mefistos]

If I’m not mistaken unbound addons by default have cache-min-ttl of 1200 sec (configurable). It also has prefetch enabled.
If you opt out unbound, you can achieve similar behavior with AdguardHome DNS cache Overwrite minimum TTL and optimistic cache.
In fact, I find AGH cache perform better than unbound cache in certain condition. I have a program that lookup to about 100 of repo to sync. With unbound cache, some of them will have over 100ms response time. With AGH optimistic cache all of them have minimum response time.

I am going to test this, I never really paid attention to the cache TTL settings under AdGuard. Again I thought that unbound might be more efficient with working with the cache than AdGuard, and seeing 15% reduction of RAM usage on my router felt like I am doing something right. But then again as mentioned in my first post, I can't really tell a difference between having 99% of RAM used and having only 85% used while working with the router.
Thanks for bringing this to my attention.

 

[ERamseth2]

Are you seeing any actual negative effects of having 99% memory utilization? Slowing performance, etc.? If not (and I suspect you won't), then ignore it: Linux and Unix based operating systems tend to be pretty efficient in managing memory and may report "high" numbers like that but still work just fine, unlike Windows.

Right I mean I know how Linux works in this regard. Not my first rodeo so to speak.

And no, no negative effects yet.

What worries me I guess is that the mem usage grows with time and so far on my sporadic checks doesn't seem to ever go down (as you might expect if, for example AGH periodically flushed / cleaned up memory usage).

 

[ERamseth2]

As you indicate your cache pie piece is larger, this indicates that your memory is properly prioritizing its memory usage (probably as consequence of usage by adguardhome). Which also may indicate why your swap isn't firing at all pistons. Adguardhome itself is not 100% the culprit to high memory usage, but it is the consequence of your router prioritizing memory for AdGuardHome.

Here is an instance where AdGuardHome usage required swap resources, I had over 3 million domains in my block.
View attachment 40533

As a proposal for you to try:

You can edit /opt/etc/init.d/S99AdGuardHome
And issue service restart_AdGuardHome

Spoiler: BEFORE --no-mem-optimization

#!/bin/sh
ENABLED="yes"
WORK_DIR="/opt/etc/AdGuardHome"
PID_FILE="/opt/var/run/AdGuardHome.pid"
PROCS="AdGuardHome"
ARGS="-s run -c ${WORK_DIR}/AdGuardHome.yaml -w $WORK_DIR --pidfile $PID_FILE --no-check-update -l syslog"
PREARGS="nohup env TZ=/etc/localtime"
PRECMD="killall -9 dnsmasq"
POSTCMD="service restart_dnsmasq"
DESC="$PROCS"
PATH="/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
export TZ="$(cat /etc/TZ)"
[ -z "$SCRIPT_LOC" ] && . /jffs/addons/AdGuardHome.d/AdGuardHome.sh

Spoiler: AFTER --no-mem-optimization

#!/bin/sh
ENABLED="yes"
WORK_DIR="/opt/etc/AdGuardHome"
PID_FILE="/opt/var/run/AdGuardHome.pid"
PROCS="AdGuardHome"
ARGS="-s run -c ${WORK_DIR}/AdGuardHome.yaml -w $WORK_DIR --pidfile $PID_FILE --no-check-update -l syslog --no-mem-optimization"
PREARGS="nohup env TZ=/etc/localtime"
PRECMD="killall -9 dnsmasq"
POSTCMD="service restart_dnsmasq"
DESC="$PROCS"
PATH="/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
export TZ="$(cat /etc/TZ)"
[ -z "$SCRIPT_LOC" ] && . /jffs/addons/AdGuardHome.d/AdGuardHome.sh

This will add the --no-mem-optimization as a starting argument. I suspect this will mean that AdGuardHome will no longer aid in memory prioritization to serve its purpose.

W/o --no-mem-optimiztion
View attachment 40539


W --no-mem-optimization
View attachment 40538

While I am not sure if this is indicative of any significance, the platform I ran the --no-mem-optimization test uses the OISD-Basic Domains list for blocking and I do not have Diversion or unbound or any other DNS solution running on it.

If there are other things you would like to adjust this page https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
list all the memory .yaml options for /opt/etc/AdGuardHome/AdGuardHome.yaml, maybe experimenting with memory values will aid in your memory concerns. If you do head down this path, feel free to share your findings as it may prove to be beneficial to other users.

Thanks for this info. I'll look into it when I have the chance.

Per the other post I just made, I guess my concern is that AGH mem usage just grows and grows with time but never seems to drop which you might expect in some sort of cleanup or optimization situation. I'll try to come up with a better way to monitor. Can always fall back on a daily service restart though.

 

[ERamseth2]

I may not be the only one who suspects a memory leak somewhere: https://github.com/AdguardTeam/AdGuardHome/issues/4437

 

[SomeWhereOverTheRainBow]

I may not be the only one who suspects a memory leak somewhere: https://github.com/AdguardTeam/AdGuardHome/issues/4437

While I have seen this, I recommend also testing the no memories optimization arguement.

 

[ERamseth2]

Soon as I have the info formatted better.

@gspannu @Clark Griswald

See here: http://www.snbforums.com/threads/adguardhome-vs-diversion-some-basics.78332/

(still not the prettiest, but it's what I had time to write up.

 

[ERamseth2]

While I have seen this, I recommend also testing the no memories optimization arguement.

I will get there.

This is getting off topic and I might start a separate thread here, but I now have AGH set to restart every morning. I also have a simple logging task set to record RSS and VSZ usage by AGH every 10 minutes. I've got this logging now with mostly out of the box settings (in regard to mem optimization or cache size or whatever). Will try other settings later.

 

[birdie]

Been getting

oroutine 1 [running]:
net.ParseCIDR(0x858101, 0x7, 0x2870b01, 0x280a220, 0x192280, 0x818f50, 0x280a220, 0x280e2c8)
net/ip.go:717 +0x46c
net.mustCIDR(0x858101, 0x7, 0x4)
net/addrselect.go:295 +0x24
net.init()
net/addrselect.go:227 +0x4f8
Can't even uninstall. How do I remove this mess? As I type ag in amtm to have adguard options for removal, I just see above and the script then loads the main menu. Sort of stuck here

 

[SomeWhereOverTheRainBow]

Been getting

oroutine 1 [running]:
net.ParseCIDR(0x858101, 0x7, 0x2870b01, 0x280a220, 0x192280, 0x818f50, 0x280a220, 0x280e2c8)
net/ip.go:717 +0x46c
net.mustCIDR(0x858101, 0x7, 0x4)
net/addrselect.go:295 +0x24
net.init()
net/addrselect.go:227 +0x4f8
Can't even uninstall. How do I remove this mess? As I type ag in amtm to have adguard options for removal, I just see above and the script then loads the main menu. Sort of stuck here

sounds like you are somehow out of memory on your router ( you need a swap for running this, and you should make sure your ram is not being over used by other processes such as dnsmasq+diversion or unbound+unbound-blocklist ). I recommend turning off the router and remove your flash storage, then turn the router back on. You may want to run a health check on your flash device as well. From there you should be able to uninstall by manually removing the adguardhome /jffs/script entries and the adguardhome files in /opt/etc/AdGuardHome directory.

the /jffs/script entries are in /jffs/scripts/dnsmasq.postconf, /jffs/scripts/init-start, /jffs/scripts/service-event-end, and /jffs/scripts/services-stop

 

[matssa]

Hey guys I can't seem to find my password for the login page anymore and I can't seem to remember if it asked me for a login at the installation... Do you know how I can reset it?

 

[SomeWhereOverTheRainBow]

Hey guys I can't seem to find my password for the login page anymore and I can't seem to remember if it asked me for a login at the installation... Do you know how I can reset it?

OLD METHOD: (it should be noted that this method uses htpasswd: while htpasswd can spit out a password that is readable by adguardhome, this method is approaching deprecation because of the y prefix encryption used ~~it needs to be revised as current methods use a or b prefix encryption, and older almost deprecated methods use z or y.)
Requires:

opkg install apache apache-utils

Adguardhomes wiki:
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration

at the very bottom of the page, tells you how to use htpasswd to do it.

Fortunately, you only have to do the htpasswd part, it is already preinstalled by the installer.

your adaptation would look like this

/opt/bin/htpasswd -B -n -b <USERNAME> <PASSWORD>

You then copy the information to

AdGuardHome.yaml by using a terminal editor such as nano to change the name: and password: values.

(I may add this as a main menu option to the installer at a future date, I just haven't gotten around to it yet.)

REVISED METHOD: (recommended method, the installer already installs these for you and has and an option 3 that does all of this.)

# I added this for those who like the satisfaction of doing it themselves.

opkg install python3 python3-pip python3-bcrypt

pip3 install bcrypt

python -c 'import bcrypt; password = b"PUT YOUR PASSWORD HERE"; print(bcrypt.hashpw(password, bcrypt.gensalt(prefix=b"2a", rounds=10)).decode("ascii"))'

The password needs to be placed inside the file located at /opt/etc/AdGuardHome/AdGuardHome.yaml using a terminal editor such as nano.

 

[matssa]

Adguardhomes wiki:
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration

at the very bottom of the page, tells you how to use htpasswd to do it.

View attachment 40802

Fortunately, you only have to do the htpasswd part, it is already preinstalled by the installer.

your adaptation would look like this

/opt/bin/htpasswd -B -n -b <USERNAME> <PASSWORD>

You then copy the information to

AdGuardHome.yaml by using a terminal editor such as nano to change the name: and password: values.

(I may add this as a main menu option to the installer at a future date, I just haven't gotten around to it yet.)

Thanks for your help, managed to reset it. I saw this wiki but I didn't manage to find the .yaml file, found it on the USB flash drive under /etc/AdGuardHome....

 

[SomeWhereOverTheRainBow]

PUSHED v1.4.5
Whats different:

• Add a new bcrypt feature using python-bcrypt.
• Fix our expansion of password.
• Remove apache and apache-utils as an option.
• Fix logic that got lost in a commit.
• Added a change username/password option (option 3), (it will only be visible if AdGuardHome is installed. Make sure to run option 1 before attempting to use option 3.)

Full Change log:

Comparing v1.4.3...v1.4.5 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - Comparing v1.4.3...v1.4.5 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[mrgnex]

Maybe this is a dumb question but I cannot get into the webUI. I tried xxx.xxx.xxx.x:3000 and xxx.xxx.xxx.x:8080 with the x's being my router's IP adress. What am I doing wrong?

 

[SomeWhereOverTheRainBow]

Maybe this is a dumb question but I cannot get into the webUI. I tried xxx.xxx.xxx.x:3000 and xxx.xxx.xxx.x:8080 with the x's being my router's IP adress. What am I doing wrong?

Are you using the right port number, the installers does not set the default port number to 8080 or 3000. The default port is 14711

 

[mrgnex]

Are you using the right port number, the installers does not set the default port number to 8080 or 3000. The default port is 14711

Thank you! That did the trick. Although I cannot seem to login even after resetting the login and password with PuTTy? I get an error 400. Weird..

 

[SomeWhereOverTheRainBow]

Thank you! That did the trick. Although I cannot seem to login even after resetting the login and password with PuTTy? I get an error 400. Weird..

You may have to try the reset process again. You don't want to use an extremely long password. And be precise with what you type, otherwise getting either the username or password you created in the terminal wrong when attempting to login will result in a 400 error. You need to not only be precise, but also exact. Try not to use any weird characters at first to eliminate that as being the issue.

Also make sure you have ran the installer update process before attempting to use the password reset option.