Hi,
I'm running two pihole's in HA with keepalived, all working fine.
I also enabled https for each Pihole, like this (with a wildcard cert):
$HTTP["host"] == "pihole.example.com" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/combined.pem"
ssl.ca-file = "/etc/ssl/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
Now I was wondering if it would be possible to add a second host, something as;
$HTTP["host"] == "pihole1.example.com,pihole.example.com" {
Now each PiHole has pihole.mydomain so it goes to the pi-hole who is master at the moment
But I would like to have pihole1.mydomain + pihole.mydomain and on the other pihole2.mydomain + pihole.mydomain
That way I can also go directly to Pihole 1 & 2 instead of their IP adress
Any idea?
Hi,
Fixed it myself:
$HTTP["host"] == "pi-hole.mydomain.com" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "etc/lighttpd/ssl/combined.pem"
ssl.ca-file = "/etc/lighttpd/ssl/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
$HTTP["host"] == "pi-hole-1.mydomain.com" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "etc/lighttpd/ssl/combined.pem"
ssl.ca-file = "/etc/lighttpd/ssl/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
system
Closed
September 7, 2021, 8:22am
3
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.