403 Forbidden when attempting to access WebUI

bramnet · June 8, 2023, 5:33pm

I'm using the latest docker image of the official pi-hole docker image (pihole/pihole:latest), according to my docker, this has the sha256 tag 8bc45afe1625487aef62859a5bf02f3d7b3429e480f4e29e4689635ab86ec312.
When I attempt to access the webUI through %host%:33435 (If that's not the default, I'm using the environment variable WEB_PORT to change it to 33435), I get the HTTP error 403 Forbidden.
I've tried clearing out my volumes which are tied to /etc/pihole and /etc/dnsmasq.d inside the container. I've also tried rolling back to tag 2023.05.1 and 2023.05.0, no change in outcome.
I'm running it as a service on a docker swarm, with a NFS attached storage for holding the volumes' data, but that shouldn't make that much of a difference.

I'm not sure if this will help, but this is the printout I get when inspecting the container:

    {
        "Id": "sha256:927e9854247157c40259b84b60d3e774283ba12fc91ea0feab86536320deebb1",
        "RepoTags": [
            "pihole/pihole:latest"
        ],
        "RepoDigests": [
            "pihole/pihole@sha256:8bc45afe1625487aef62859a5bf02f3d7b3429e480f4e29e4689635ab86ec312"
        ],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2023-05-30T18:53:35.471121075Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "53/tcp": {},
                "53/udp": {},
                "67/udp": {},
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "phpver=php",
                "PHP_ERROR_LOG=/var/log/lighttpd/error-pihole.log",
                "IPv6=True",
                "S6_KEEP_ENV=1",
                "S6_BEHAVIOUR_IF_STAGE2_FAILS=2",
                "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0",
                "FTLCONF_LOCAL_IPV4=0.0.0.0",
                "FTL_CMD=no-daemon",
                "DNSMASQ_USER=pihole"
            ],
            "Cmd": null,
            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1"
                ]
            },
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/s6-init"
            ],
            "OnBuild": null,
            "Labels": {
                "org.opencontainers.image.created": "2023-05-30T18:51:05.660Z",
                "org.opencontainers.image.description": "Pi-hole in a docker container",
                "org.opencontainers.image.licenses": "",
                "org.opencontainers.image.revision": "37bd3d2f0f9321211d9370fc96b7d06325cee887",
                "org.opencontainers.image.source": "https://github.com/pi-hole/docker-pi-hole",
                "org.opencontainers.image.title": "docker-pi-hole",
                "org.opencontainers.image.url": "https://github.com/pi-hole/docker-pi-hole",
                "org.opencontainers.image.version": "2023.05.2"
            },
            "Shell": [
                "/bin/bash",
                "-c"
            ]
        },
        "Architecture": "arm64",
        "Os": "linux",
        "Size": 294132095,
        "VirtualSize": 294132095,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/b6424b2fe0d7a6a5b10cb3f59f62f50f9da7807d4e764f49eec03d388621f4af/diff:/var/lib/docker/overlay2/197740c66cd677c1b6d1e08d9ba1c982fa8dee2a6ea96ad9bdebf94ece36c8f5/diff:/var/lib/docker/overlay2/1e1189a97a984e9868dd31dd649aa7c36f92d021896d71d5c0959f1cf11441e7/diff:/var/lib/docker/overlay2/05c9e2c74f9406ca7b4980f90655a6a8c8baf7d74669f5f00b4e22c4a43c46c7/diff:/var/lib/docker/overlay2/25a5630bce5b276cae0b30e0fc869a687ac8cf748bf18de2d25ec672406d0e11/diff:/var/lib/docker/overlay2/66afad52b63aabe80da1d70f97313fd053916eae2f71bd7cdda3d7bf3cf94b0f/diff:/var/lib/docker/overlay2/51972cf14a09fee3b9bb2dfa4b6606dcc0e47ddb22933d70e0019347306cdbf3/diff:/var/lib/docker/overlay2/28e655538b408f409aa38a1b73d997c09fc91e7419dae1efbe9882c8ca55f588/diff",
                "MergedDir": "/var/lib/docker/overlay2/1ad1f7c2df7e355efc0c6a0cff53ce79519741bebba04bad8dde0ac5920497e6/merged",
                "UpperDir": "/var/lib/docker/overlay2/1ad1f7c2df7e355efc0c6a0cff53ce79519741bebba04bad8dde0ac5920497e6/diff",
                "WorkDir": "/var/lib/docker/overlay2/1ad1f7c2df7e355efc0c6a0cff53ce79519741bebba04bad8dde0ac5920497e6/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:13594e6f72105befed183626c2e1c6d7b31d7fc2c0f7e682d7fb5f2a75e5c4a2",
                "sha256:1bb4d946ceef7f5945db4a3ff7f91a8f0b5fe6239aad5d3f0c8bf57f8b740419",
                "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef",
                "sha256:c53f5e4695ba3b1fd4ead7d8d9c59f8bae89c750225f5308a933827cae7bbed0",
                "sha256:885da28193e4b57e9c54daed0c4f256fecf77d0df42074c4931f2ddf73c6df3a",
                "sha256:94e3a0d3cddb22e5891a76ea27a8ed66ab4d175acea8a9178000f299b51a1fe2",
                "sha256:aa50ba4cf51d72db2d67c185e049f55e78b607f365ce012219d8ffe5b802e3ca",
                "sha256:5fdc734eff9bebc508dae778b6be76e8276c512bd88262d03ea1940792b0bb27",
                "sha256:0728cfff109aac5580d49dfc7cbeb59fd1646dc6c46a5c89dd173168a2f0557b"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

And this is the information I get from running "docker info":

Client: Docker Engine - Community
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.5
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.18.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 5
  Running: 3
  Paused: 0
  Stopped: 2
 Images: 21
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: active
  NodeID: <censored>
  Is Manager: false
  Node Address: <censored>
  Manager Addresses:
   <censored>
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.21-v8+
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.629GiB
 Name: <censored>
 ID: 47ddf6e6-75d9-4da4-bbf5-dc1f94b5d891
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support

Bucking_Horn · June 8, 2023, 10:15pm

What Docker network mode is that Pi-hole container running in?

Please share your docker-compose or docker run script.

bramnet · June 8, 2023, 10:47pm

I'm glad you brought that up, I found out it was running in bridge, which I don't think I wanted. Changed it to host, no change.

Okay, while I was trying to figure that out how to do that (I use portainer as a GUI manager), I figured out how inspect the service, and I found out that an environment variable I thought I removed, VIRTUAL_HOST, was still tied to the service. I attempted to remove it before posting here as I thought it might be the cause of the issue, turns out it was because now that it's actually removed, the WebUI pops up with no problems. Sorry for wasting your time, but your questions helped me snuff out the real problem, so thank you.