27
submitted 1 year ago* (last edited 1 year ago) by schmurnan@lemmy.world to c/selfhosted@lemmy.world

I'm trying to access my Pi-hole container from pihole.mydomain.com without any ports or /admin, and I swear the multitude of posts on the internet make this seem really straightforward. Perhaps it is and I'm being dumb, but I cannot get it to work.

Below is my current docker-compose for both Traefik and Pi-hole:

version: "3.7"

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - medianet
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /path/to/traefik:/etc/traefik
      - /path/to/shared:/shared
      - /path/to/traefik/logs/traefik.log:/etc/traefik/logs/traefik.log
      - /path/to/traefik/logs/access.log:/etc/traefik/logs/access.log
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USER_PASS}
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.service=api@internal

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole.entrypoints=https
      - traefik.http.routers.pihole.tls=true
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80

The Pi-hole one will load the login page and, upon entering the password and logging in, it will simply bring me back to the login page. So just keeps looping around.

The Traefik config is working with lots of other containers, all of which are using SSL certificates, so I'm pretty sure my Traefik config is okay.

I've tried middlewares to addprefix=/admin, which just ends up looping round with multiple /admin prefixes and also doesn't work.

Anybody got any ideas?

I'm aware I don't have to put Pi-hole behind SSL as I'm not exposing any of this stuff to the open internet (ports 80 and 443 are not forwarded on my router, and I'm using local DNS records in Pi-hole to access via subdomains).

Happy to post my traefik.yml and config.yml files if needed.

UPDATE: I seem to have figured it out! Below is my final Pi-hole docker-compose - the Traefik one remains unchanged from the original post:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=http
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.pihole.middlewares=pihole-https-redirect
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.routers.pihole-secure.entrypoints=https
      - traefik.http.routers.pihole-secure.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole-secure.tls=true
      - traefik.http.routers.pihole-secure.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80
you are viewing a single comment's thread
view the rest of the comments
[-] rambos@lemmy.world 1 points 1 year ago

Im using npm with letsenrypt for local network only, but couldnt find a way to use pihole gui without /admin. So I have bookmarked pihole.domain/admin

[-] schmurnan@lemmy.world 1 points 1 year ago

Thanks. Yeah it's really frustrating. There are guides out there that show that it's possible, but I think I'm missing something somewhere. I'm combining guides together so more than likely I've missed a step somewhere.

this post was submitted on 01 Aug 2023
27 points (100.0% liked)

Selfhosted

39980 readers
661 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS