Add a second host to lighttpd external.conf for https in HA

Kopernikus · August 15, 2021, 12:44pm

Hi,

I'm running two pihole's in HA with keepalived, all working fine.
I also enabled https for each Pihole, like this (with a wildcard cert):

$HTTP["host"] == "pihole.example.com" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/ssl/combined.pem"
    ssl.ca-file =  "/etc/ssl/fullchain.pem"
    ssl.honor-cipher-order = "enable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}

Now I was wondering if it would be possible to add a second host, something as;

$HTTP["host"] == "pihole1.example.com,pihole.example.com" {

Now each PiHole has pihole.mydomain so it goes to the pi-hole who is master at the moment
But I would like to have pihole1.mydomain + pihole.mydomain and on the other pihole2.mydomain + pihole.mydomain

That way I can also go directly to Pihole 1 & 2 instead of their IP adress

Any idea?

Kopernikus · August 17, 2021, 8:21am

Hi,

Fixed it myself:

$HTTP["host"] == "pi-hole.mydomain.com" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "etc/lighttpd/ssl/combined.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/fullchain.pem"
    ssl.honor-cipher-order = "enable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}

$HTTP["host"] == "pi-hole-1.mydomain.com" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "etc/lighttpd/ssl/combined.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/fullchain.pem"  
    ssl.honor-cipher-order = "enable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}

system · September 7, 2021, 8:22am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.