DEV Community

Yoshi's Homelab profile image Yoshi Nakamoto
Yoshi Nakamoto for Yoshi's Homelab

Posted on

Pi-hole v6: How to actually set a password and login properly?

#pihole #unraid #homelab #dns

My initial experience setting up Pi-hole v6 on Unraid was a real head-banger. I just could not log in at all.

TLDR version: Set password using pihole setpasswd and login to Pi-hole's web dashboard via a hostname, not raw IP address.

What's changed with passwords on Pi-hole V6?

I went down the password rabbit hole, trying to figure what has changed between v5 and v6, and what may or may not apply when running Pi-hole under Unraid's environment.

Here are some of my learnings:

  1. The initial randomly generated password only show up once. If you've restarted the Docker instance (which I did as I was changing a few container configs), this does not show up in the logs anymore. If you've missed the boat, just skip over and set a password instead.

  2. The new command to set a password is now pihole setpasswd. While pihole -a -p still works, pihole setpasswd is the newer preferred one now. Also, when you set a password, the hash of the password is now stored in /etc/pihole/pihole.toml for v6 (not /etc/pihole/setupVars.conf as that is for v5).

  3. WEBPASSWORD is now FTLCONF_webserver_api_password. Not a secure practice (as this is visible in plain text in your docker config file), but if you decide to set a password via the Docker container's variable, WEBPASSWORD no longer works, use FTLCONF_webserver_api_password instead.

  4. WEBPASSWORD_FILE still works. You can create a file containing the password and assign the path of the file to the WEBPASSWORD_FILE docker environment variable on v6. Yes, I know what you're thinking, the naming is not consistent anymore.

  5. Pointing FTLCONF_webserver_api_password or WEBPASSWORD_FILE to a Docker secret entry. This is not for Unraid. Using Docker secrets requires you to setup Docker Compose or Docker Swarm on Unraid, which isn't standard practice on Unraid.

In short, just run pihole setpasswd in the Docker terminal of your Pi-hole instance.

Is the login page broken?

I have tried everything above and I still can't login. I'd enter my password on the login page, hit enter, and... nothing. The page would just refresh. My login attempts were just being silently rejected.

Upon inspecting the /auth network request, I found a clue - it was returning a no SID provided message in the response.

Network inspector tool reveals no SID provided message

Taking an educated guess, SID likely means Session ID. This suggests that Pi-hole possibly refused to start an authenticated session.

Does Pi-hole strictly requires HTTPS to establish a session? That doesn't make any sense. Why would a service that you're setting up for the first time require HTTPS? Accessing via the HTTP protocol is normally what folks do for initial configuration, as doing cert signing and validation upfront complicates the setup process.

Pi-hole Needs a Hostname!

In a fit of frustration, I decided to put the issue aside and set up the Nginx reverse proxy to Pi-hole, as I was planning on doing it anyway. And that's when it happened - the login magically worked!

It turns out Pi-hole wants to be accessed via a hostname rather than a raw IP address. Therefore, the fix for the broken login is actually embarrassingly simple, just add an entry in your local machine's hosts file.

pi-hole.lan 12.34.56.78
Enter fullscreen mode Exit fullscreen mode

Pi-hole dashboard

And just like that, I can finally login! It's frustrating that such a simple, non-obvious step was the cause of so much headache. Hopefully, this saves someone else from the troubles I endured.

Top comments (0)