Pi Hole: https for admin page


(Rohmilchkaese) #1

Hi Community,

I have https://pi-hole.net installed. I want to use Caddy as web server because of https.

I tried these two guides:

So far I changed the port. But proxying it to port 80 using Caddy doesn’t add https. Pi Hole in my case runs on an VPS, so I really want to make sure that the password for the admin page is transferred secure.

Is it possible to secure Pi Hole with https threw Caddy ? And furthermore is it possible to proxy that to a subdomain?

Thank you all.

Pi Hole Forum:

If you want to know any more, let met know.


(Matthew Fay) #2

Yep, it’s doable. I used to run it on a VPS, too, until I got myself flagged on http://www.openresolverproject.org/ so I took it down. Nowadays I just run pfBlockerNG with the Pi-Hole lists set in DNSBL for the local network.

My setup was Docker-based, but the Caddy configuration was quite simple.

skyhole.whitestrake.net {
  proxy / pihole {
    transparent
  }
}

The admin portal was available at https://skyhole.whitestrake.net/admin.

I also had a catch-all for :80 proxying to the Pi-Hole that was used for replacing ads with blank spaces.


(Rohmilchkaese) #3

Hey, thank you for your reply. Thank you also for mentioning the open resolver project. I have to mention now that my resolver of course is not open and its probably firewalled.

You could have blocked access to your resolver by ip-/ip6tables.

I give your configuration a try and come back !

EDIT: That works - thanks. I added an redirect to open the admin panel because otherwise you’ll get some php error.

Best
Cevin


(Matthew Fay) #4

Aye, that’d work. In my case, it was serving residential connections, so I’d probably have had to whitelist their ISP’s address pools. I found it simpler just to set it up inside the private networks of the people I was hosting it for.


(Rohmilchkaese) #5

Oh i see. In my case I host a VPN and use Pi Hole. Its great, that way all the ads get blocked even on mobile network.


(Rohmilchkaese) #6

@Whitestrake Do you remember ? When you a website was on an blocklist, an pihole page should show up, where you could enter your password, to whitelist it. It doesn’t seem to work the way I reverse proxy it out with caddy. Was that something that did work for you ?
Also I’m not sure about the :80 catch-all.


(Matthew Fay) #7

Hmm, no, I never had that - I never used Pi-Hole outside of a Caddy rev proxy.

The :80 catch-all was to allow Pi-Hole to fill the ad’s space with a blank section, so the structure of a page was preserved and there were no page errors.