Pi-hole v6 on Unraid: First-Time Login Hell (And It's Not the Password)

My initial experience setting up Pi-hole v6 on Unraid was a real head-banger. I just could not log in at all.

Finding out how to set up the Pi-hole web password was more confusing than I expected, with all the different advice out there for either old or new version of Pi-hole, and config suggestions that may not apply under Unraid's environment.

After sifting through all the information, here's what I learned:

1. Finding the initial randomly generated password. This only shows up once in the initial setup logs. If you've restarted the docker instance, this does not show up in the logs anymore. If you've missed the boat, just skip over to the next point and set a password instead.

2. Setting password using the pihole -a -p and pihole setpasswd command. These two commands are the same, the only difference is setpasswd is the newer preferred command. When you run the command, your password hash is stored in /etc/pihole/pihole.toml for v6, not /etc/pihole/setupVars.conf, that's for v5.

3. Setting the password using the FTLCONF_webserver_api_password and WEBPASSWORD docker environment variable. The FTLCONF_webserver_api_password variable is for v6, whereas WEBPASSWORD variable is for v5. This is not a very secure practice, as your visible in plain text in the docker config file.

4. Creating a file containing the password and pointing that file to the WEBPASSWORD_FILE docker environment variable. This still works in v6, so why was WEBPASSWORD removed but WEBPASSWORD_FILE is kept? And now we have an out-of-convention FTLCONF_webserver_api_password variable name which essentially behaves the same as WEBPASSWORD. My OCD can't.

5. Creating a Docker secret using docker secret create and point WEBPASSWORD_FILE to the secret file. This is not for Unraid. Using Docker secrets requires you to setup Docker Compose or Docker Swarm, which does not align with Unraid's Docker template's way of doing things.

It is clear that the most straightforward way of setting a password is to just run the pihole setpasswd command.

However, that didn't work for me. In fact, I have tried everything and I still can't login!

---

The Dashboard That Just Won't Land

I'd enter my password on the login page, hit enter, and... nothing. The page would just refresh. My login attempts were just being silently rejected.

No, I didn't enter the wrong password. If the password was incorrect, Pi-hole will say so.

Upon inspecting the /auth network request, I found a clue: it was returning a no SID provided message in the response. Just an educated guess, but SID likely means Session ID. This suggests that Pi-hole possibly refused to start an authenticated session. Is this because Pi-hole requires HTTPS to establish a session?

But that doesn't make any sense. Why would a service that you're setting up for the first time require HTTPS? Accessing via the HTTP protocol should remain a viable option for initial configuration having to do cert signing and validation upfront complicates the setup process.

---

The Big Reveal: Pi-hole Needs a Hostname

In a fit of frustration, I decided to put the issue aside and set up the Nginx reverse proxy to Pi-hole, as I was planning on doing it anyway. And that's when it happened — the login magically worked!

It turns out Pi-hole has a preference for being accessed by a hostname rather than a raw IP address.

The fix for the broken login is embarrassingly simple. Just edit your computer's hosts file and add an entry for Pi-hole.

• On Linux, the file is /etc/hosts.
• On macOS, it's at /Private/etc/hosts.

pi-hole    12.34.56.78    # Your IP where Pi-hole is running

And just like that, I was in! It's frustrating that such a simple, non-obvious step was the cause of so much headache. Hopefully, this saves someone else from the troubles I endured.