Can’t access pihole externally (docker)

emrsmsrli · October 26, 2023, 4:24pm

1. The problem I’m having:

I have a containerized setup on a raspberry pi, where every service runs on Docker. I’m using reverse proxy to access the services externally, and Caddy is also installed as a container on Docker. It’s a pretty basic setup really. I’ve managed to setup everything correctly for other services but when I do the same for pihole, Caddy logs no such host errors. But I can access pihole using the local ip of the raspberry pi and the port assigned to pihole in the Docker compose file (8125). Full Caddy log can be found below

2. Error messages and/or full log output:

using docker compose logs caddy -n=1000 -f to get the below logs

caddy  | {"level":"info","ts":1698334422.9105084,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy  | {"level":"warn","ts":1698334422.9171865,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
caddy  | {"level":"info","ts":1698334422.9218347,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy  | {"level":"info","ts":1698334422.9228354,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4937bc0"}
caddy  | {"level":"info","ts":1698334422.923048,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy  | {"level":"info","ts":1698334422.9231353,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy  | {"level":"info","ts":1698334422.9246469,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
caddy  | {"level":"info","ts":1698334422.9259815,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy  | {"level":"info","ts":1698334422.926616,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy  | {"level":"info","ts":1698334422.9276242,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy  | {"level":"info","ts":1698334422.9280977,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy  | {"level":"info","ts":1698334422.9283464,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["homeassistant.emresimsirli.com","vaultwarden.emresimsirli.com","pihole.emresimsirli.com"]}
caddy  | {"level":"info","ts":1698334422.9327335,"logger":"tls","msg":"finished cleaning storage units"}
caddy  | {"level":"info","ts":1698334422.9529283,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy  | {"level":"info","ts":1698334422.953136,"msg":"serving initial configuration"}
caddy  | {"level":"error","ts":1698334453.9904325,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"53052","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Sec-Gpc":["1"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Dnt":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.023990785,"status":502,"err_id":"rr8mz5zex","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}
caddy  | {"level":"error","ts":1698335073.573918,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"53590","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Dnt":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Gpc":["1"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.017482386,"status":502,"err_id":"6u4uk1cc1","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}
caddy  | {"level":"info","ts":1698335146.0188727,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"58998","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1611"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
caddy  | {"level":"info","ts":1698335146.019488,"msg":"config is unchanged"}
caddy  | {"level":"info","ts":1698335146.0195303,"logger":"admin.api","msg":"load complete"}
caddy  | {"level":"info","ts":1698335233.150664,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"38850","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1611"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
caddy  | {"level":"info","ts":1698335233.1513495,"msg":"config is unchanged"}
caddy  | {"level":"info","ts":1698335233.1513917,"logger":"admin.api","msg":"load complete"}
caddy  | {"level":"error","ts":1698335239.663954,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"53590","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Gpc":["1"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.024788103,"status":502,"err_id":"8ugy7ppvg","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}
caddy  | {"level":"info","ts":1698335252.304942,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"46.4.33.48","remote_port":"44520","client_ip":"46.4.33.48","proto":"HTTP/1.1","method":"GET","host":"emresimsirli.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208"],"Accept":["*/*"]}},"bytes_read":0,"user_id":"","duration":0.000080814,"size":0,"status":308,"resp_headers":{"Location":["https://emresimsirli.com/"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
caddy  | {"level":"info","ts":1698335256.8544364,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"36346","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1611"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
caddy  | {"level":"info","ts":1698335256.8552425,"msg":"config is unchanged"}
caddy  | {"level":"info","ts":1698335256.8553057,"logger":"admin.api","msg":"load complete"}
caddy  | {"level":"error","ts":1698335262.8387694,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"53590","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Dnt":["1"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Gpc":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.018490926,"status":502,"err_id":"vj7ubgvqk","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}
caddy  | {"level":"error","ts":1698335265.3366473,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"53590","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Gpc":["1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.018832033,"status":502,"err_id":"x100vqw2m","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}
caddy  | {"level":"info","ts":1698336248.6082156,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"43492","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1611"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
caddy  | {"level":"info","ts":1698336248.6097324,"msg":"config is unchanged"}
caddy  | {"level":"info","ts":1698336248.6098063,"logger":"admin.api","msg":"load complete"}
caddy  | {"level":"error","ts":1698336253.097091,"logger":"http.log.error.log2","msg":"dial tcp: lookup pihole on 127.0.0.11:53: no such host","request":{"remote_ip":"192.168.0.1","remote_port":"54590","client_ip":"192.168.0.1","proto":"HTTP/2.0","method":"GET","host":"pihole.emresimsirli.com","uri":"/admin/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Sec-Gpc":["1"],"Sec-Fetch-Site":["none"],"Te":["trailers"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"pihole.emresimsirli.com"}},"duration":0.019319472,"status":502,"err_id":"xaj1eh7i9","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}

3. Caddy version:

v2.7.5

4. How I installed and ran Caddy:

a. System environment:

RPI OS, aarch64, docker v24.0.6

b. Command:

docker compose up -d

c. Service/unit/compose file:

Here’s the Docker compose file

version: '3'

services:
  caddy:
    container_name: caddy
    image: caddy:2
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /home/docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
      - /home/docker/caddy/config:/config
      - /home/docker/caddy/data:/data
      
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    network_mode: host
    volumes:
      - /home/docker/pihole:/etc/pihole
      - /home/docker/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    environment:
      - TZ=Europe/Stockholm
      - PIHOLE_DNS_=8.8.8.8;8.8.4.4
      - FTLCONF_LOCAL_IPV4=192.168.0.143 # local ip of the raspberrypi
      - DNSMASQ_LISTENING=all
      - WEB_PORT=8125

  #...other services

d. My complete Caddy config:

{
	debug
	email {$EMAIL}
	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	# acme_ca https://acme-v02.api.letsencrypt.org/directory
}

homeassistant.emresimsirli.com {
	log {
		output file {$LOG_FILE}
	}
	reverse_proxy homeassistant:8123
}

vaultwarden.emresimsirli.com {
	log {
		output file {$LOG_FILE}
	}
	encode gzip
	reverse_proxy vaultwarden:80 {
		header_up X-Real-IP {remote_host}
	}
}

pihole.emresimsirli.com {
	log {
		output file {$LOG_FILE}
	}
	reverse_proxy pihole:8125
}

5. Links to relevant resources:

I’ve asked the question on pihole discourse as well, since it might not be a Caddy issue, but still

emrsmsrli · October 27, 2023, 12:45pm

OK I’ve solved the issue, turns out if a container is running with network_mode: host, you can’t put container name in the Caddyfile, putting in the local ip of the raspberry pi solved the issue

francislavoie · October 27, 2023, 1:17pm

The problem is you used network_mode: host for your pihole container, so it’s not in the Docker network, and isn’t reachable by Caddy using the container name.

You’ll probably need to use host.internal.docker (google it) in Caddy to proxy to the host on pihole’s HTTP port.

Or, figure out the right way to run pihole without host mode (I’m sure it’s possible, but I can’t help with that part).

Edit: Oh sorry I didn’t scroll down to see this. Glad you figured it out but I suggest using host.internal.docker anyway because it means you won’t rely on a specific IP address.

emrsmsrli · October 27, 2023, 2:03pm

Thanks for the reply! I already tried using host.internal.docker but the problem was (I omitted this part here for some reason I don’t remember), Caddy had a static ip in the docker subnet because homeassistant had to register it as a trusted proxy.

I think that’s why host.internal.docker did not return the correct host ip address but instead the static ip I assigned to the container.

Anyways it’s resolved now, thanks again!

system · November 26, 2023, 2:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.