DEV Community šŸ‘©ā€šŸ’»šŸ‘Øā€šŸ’»

DEV Community šŸ‘©ā€šŸ’»šŸ‘Øā€šŸ’» is a community of 966,904 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for Adding TLS to Pi-hole
hunttom
hunttom

Posted on

Adding TLS to Pi-hole

PiHole is a great tool for blocking ads across an entire network. However, the web-based administration panel defaults to connecting to HTTP over port 80. As a network engineer, it has always bothered me that I had to pass a password into the pi-hole I've always had it on my list to update Pi-hole to use HTTPS and I could not find any documentation.

Disclaimer: configure to meet your own baseline for security standards, the examples given are generic.

Prerequisites

  1. Raspberry Pi
  2. Pi-hole installed
  3. Backup of your configuration

Instructions

1. Create the SSL Cert:

a. Create the self signed certificate:

openssl req -new -x509 -keyout pihole.pem -out pihole.pem -days 365 -nodes
Enter fullscreen mode Exit fullscreen mode

b. Change permissions to read-only:

chmod 400 pihole.pem
Enter fullscreen mode Exit fullscreen mode

2. Configure Lighttpd

a. Create and move cert into Lighttpd:

sudo mkdir /etc/lighttpd/certs
mv pihole.pem /etc/lighttpd/certs/pihole.pem
Enter fullscreen mode Exit fullscreen mode

b. Configure Lighttpd to accept HTTPS requests: sudo vim /etc/lighttpd/external.conf

An example configuration would be for my Pi-hole DNS address at pihole.example.com:

$HTTP["host"] == "pihole.example.com" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/certs/pihole.pem" #Location of PEM file.
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

3. Restart Lighttpd

a. Run the command sudo systemctl restart lighttpd to restart Lighttpd.

4. Test the configuration

b. Log into your Pi-hole: https://pihole.example.com

Top comments (0)

Want to rep DEV and be comfy at the same time?

Check out our classic DEV shirt ā€” available in multiple colors.