Binding volume to /etc/lighttpd breaks Pi-Hole

Help docker
1

Hi!

So I'm trying to play a little with Lighttpd but when I bind this volume Pi-Hole does not start anymore. It breaks at certain line.

volumes:
  - ./etc-lighttpd:/etc/lighttpd

Here's the log:

pihole       | s6-rc: info: service s6rc-oneshot-runner: starting
pihole       | s6-rc: info: service s6rc-oneshot-runner successfully started
pihole       | s6-rc: info: service fix-attrs: starting
pihole       | s6-rc: info: service fix-attrs successfully started
pihole       | s6-rc: info: service legacy-cont-init: starting
pihole       | s6-rc: info: service legacy-cont-init successfully started
pihole       | s6-rc: info: service cron: starting
pihole       | s6-rc: info: service cron successfully started
pihole       | s6-rc: info: service _uid-gid-changer: starting
pihole       |   [i] Changing ID for user: pihole (999 => 0)
pihole       | s6-rc: info: service _uid-gid-changer successfully started
pihole       | s6-rc: info: service _startup: starting
pihole       |   [i] Starting docker specific checks & setup for docker pihole/pihole
pihole       |   [i] Setting capabilities on pihole-FTL where possible
pihole       |   [i] Applying the following caps to pihole-FTL:
pihole       |         * CAP_CHOWN
pihole       |         * CAP_NET_BIND_SERVICE
pihole       |         * CAP_NET_RAW
pihole       |         * CAP_NET_ADMIN
pihole       |   [i] Ensuring basic configuration by re-running select functions from basic-install.sh
pihole       | 
pihole       |   [i] Installing configs from /etc/.pihole...
pihole       |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole       | 
  [✓] Installing latest logrotate script
pihole       |   [i] Creating empty /etc/pihole/setupVars.conf file.
pihole       |   [i] Assigning random password: TkOrTveg
pihole       |   [✓] New password set
pihole       | grep: /etc/lighttpd/conf-enabled/15-fastcgi-php.conf: No such file or directory
pihole       | sed: can't read /etc/lighttpd/conf-enabled/15-fastcgi-php.conf: No such file or directory
pihole       | s6-rc: info: service _startup successfully started
pihole       | s6-rc: info: service pihole-FTL: starting
pihole       | s6-rc: info: service pihole-FTL successfully started
pihole       | s6-rc: info: service lighttpd: starting
pihole       | s6-rc: info: service lighttpd successfully started
pihole       | s6-rc: info: service _gravityonboot: starting
pihole       | s6-rc: info: service _gravityonboot successfully started
pihole       | s6-rc: info: service legacy-services: starting
pihole       |   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
pihole       | s6-rc: info: service legacy-services successfully started
pihole       |   [i] Creating new gravity database
pihole       | 2022-09-25 16:24:51: configfile.c.2113) command "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null" exited non-zero: 1
pihole       | 2022-09-25 16:24:51: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 82 pos: 1 parser failed somehow near here: (EOL)
pihole       | Stopping lighttpd
pihole       |   [i] Neutrino emissions detected...
pihole       | lighttpd: no process found
  [✓] Pulling blocklist source list into range
pihole       |   [i] No source list found, or it is empty
pihole       | 
pihole       | 
  [✓] Preparing new gravity database
pihole       |   [i] Using libz compression
pihole       | 
  [✓] Creating new gravity databases
  [✓] Storing downloaded domains in new gravity database
  [✓] Building tree
  [✓] Swapping databases
pihole       |   [✓] The old database remains available.
pihole       |   [i] Number of gravity domains: 0 (0 unique domains)
pihole       |   [i] Number of exact blacklisted domains: 0
pihole       |   [i] Number of regex blacklist filters: 0
pihole       |   [i] Number of exact whitelisted domains: 0
pihole       |   [i] Number of regex whitelist filters: 0
  [✓] Cleaning up stray matter
pihole       | 
pihole       |   [✓] FTL is listening on port 53
pihole       |      [✓] UDP (IPv4)
pihole       |      [✓] TCP (IPv4)
pihole       |      [✓] UDP (IPv6)
pihole       |      [✓] TCP (IPv6)
pihole       | 
pihole       |   [i] Pi-hole blocking will be enabled
pihole       |   [i] Enabling blocking
  [✓] Pi-hole Enabled
pihole       | 2022-09-25 16:24:52: configfile.c.2113) command "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null" exited non-zero: 1
pihole       | 2022-09-25 16:24:52: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 82 pos: 1 parser failed somehow near here: (EOL)
pihole       | Stopping lighttpd
pihole       | lighttpd: no process found
pihole       | 2022-09-25 16:24:56: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 82 pos: 1 parser failed somehow near here: (EOL)
pihole       | Stopping lighttpd
pihole       | lighttpd: no process found
pihole       | 2022-09-25 16:24:57: configfile.c.2113) command "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null" exited non-zero: 1
pihole       | 2022-09-25 16:24:57: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 82 pos: 1 parser failed somehow near here: (EOL)
pihole       | Stopping lighttpd
pihole       | lighttpd: no process found
pihole       | 2022-09-25 16:24:58: configfile.c.2113) command "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null" exited non-zero: 1
pihole       | 2022-09-25 16:24:58: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 82 pos: 1 parser failed somehow near here: (EOL)
pihole       | Stopping lighttpd
pihole       | lighttpd: no process found

Any idea what is wrong? Why the line find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null" does break?

I also noticed that when I won't bind the volumes to /etc/lighttpd then inside the container two directories exist:

root@2673ad8cc15e:/etc/lighttpd# pwd
/etc/lighttpd
root@2673ad8cc15e:/etc/lighttpd# ls -la
total 24
4 drwxr-xr-x 2 root root 4096 Sep 18 04:19 conf-available
4 drwxr-xr-x 1 root root 4096 Sep 25 16:38 conf-enabled
0 -rw-r--r-- 1 root root 0 Sep 19 12:41 external.conf
8 -rw-r--r-- 1 root root 5679 Sep 25 16:38 lighttpd.conf
8 -rw-r--r-- 1 root root 5679 Sep 19 12:41 lighttpd.conf.orig
2

Those other files are used by lighttpd.
If your volumes don't have them, you need to include them.

You shouldn't remove the original config file. You can add your extra config to external.conf file.

3

But I am not removing any files at all...

All I'm doing is to map a volume:

volumes:
  - ./etc-lighttpd:/etc/lighttpd

When I do this I experience the lighttpd: no process found

4

What do you have inside /etc-lighttpd?

5

Like I mentioned in my first post:

  1. When volume is bound: all except conf-available/ and conf-enabled/
  2. When running container with no volumes and checking inside:
4 drwxr-xr-x 2 root root 4096 Sep 18 04:19 conf-available
4 drwxr-xr-x 1 root root 4096 Sep 25 16:38 conf-enabled
0 -rw-r--r-- 1 root root 0 Sep 19 12:41 external.conf
8 -rw-r--r-- 1 root root 5679 Sep 25 16:38 lighttpd.conf
8 -rw-r--r-- 1 root root 5679 Sep 19 12:41 lighttpd.conf.orig
6

Post your docker-compose.yml.

7

These directories (and all files inside them) are installed by lighttpd:

4 drwxr-xr-x 2 root root 4096 Sep 18 04:19 conf-available
4 drwxr-xr-x 1 root root 4096 Sep 25 16:38 conf-enabled

They are needed by lighttpd.

You are mounting a directory without these sub-directories/files inside. How would lighttpd find the files if they are gone?

If you are "bind mounting" a directory already containing files to the image, the whole directory will be replaced. Only the files you add will be available to the container.

8 
version: "3"

services:
  letsencrypt:
    container_name: letsencrypt
    image: adferrand/dnsrobocert:latest
    volumes:
      - ./dnsrobocert:/etc/dnsrobocert
      - ./letsencrypt:/etc/letsencrypt

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    depends_on:
      - letsencrypt
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      # - '67:67/udp'
      - '80:80/tcp'
      #- '443:443/tcp'
    environment:
      PIHOLE_UID: 0
      DNSMASQ_USER: root
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      - './etc-lighttpd:/etc/lighttpd'
      - './letsencrypt:/etc/le'
      # - './var:/var/www/html'
11

The problem is that conf-* directories are subdirectories to /etc/lightttpd and I need access to both of the locations.

Haven't been doing Docker for a while but... Has something changed recently? I cannot even bind /etc cause every single subdirectory won't be visible?

13

That's how docker works:
Docker - Mount into a non-empty directory on the container

14

So how do I inject the SSL config into Pi-Hole then?

Named volumes?
Modify Dockerfile and perform sed actions in CLI based on container arguments?

15

I don't access Pi-hole using SSL, so I never did this config, but have you tried to add those sub-directories inside your /etc-lighttpd dir?

16

I'll definitely try that however I'm looking to achieve a way of providing only necessary files in bind volume, the rest of files existing inside the container should be taking precedence.

I'm guessing I was wrong thinking that way. I'll try to reproduce whole /etc/lighttpd directory in my bind volume first and then start.

17

You don't. The docker approach would be to use a proxy container that handles the TLS operations and forwards to the Pi-hole container.

1 Like