Can’t access pihole externally using reverse proxy on docker

Hi everybody,

I'm pretty new to this whole networking environment, like docker, pihole and stuff.

Every service I run is on docker on a rpi, including pihole and caddy for reverse proxy. The issue I'm facing is: after setting up everything on docker compose and caddy, I can't access pihole using my domain name. Basically I get redirected to the admin page, then it returns 502 code for some reason.

Though, It is accessible if I use the local ip of the rpi and the port I've assigned to pihole. And I know my domain/DNS setup works because I can access other services using the domain name.

Here's the docker compose file:

version: '3'

    container_name: caddy
    image: caddy:2
    restart: always
      - "80:80"
      - "443:443"
      - "443:443/udp"
      - /home/docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
      - /home/docker/caddy/config:/config
      - /home/docker/caddy/data:/data
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    network_mode: host
      - /home/docker/pihole:/etc/pihole
      - /home/docker/pihole/dnsmasq.d:/etc/dnsmasq.d
      - NET_ADMIN
      - TZ=Europe/Stockholm
      - PIHOLE_DNS_=;
      - FTLCONF_LOCAL_IPV4= # local ip of the raspberrypi
      - WEB_PORT=8125

  #...other services

and the caddy file basically contains this for pihole: {
  reverse_proxy pihole:8125

#...other services

I've also tried removing the network_mode: host and exposing ports instead but it still has the same issue. For the record, I'd like to use DHCP so I prefer this to stay.

Has anybody have any idea about this? Thanks in advance!

I don't know much about reverse proxy, but perhaps setting a Local DNS of to would work?

Does not work unfortunately, I still get 502. And relevant Caddy log is below if anyone knows about it:

{"level":"error","ts":1698406602.5773423,"logger":"http.log.error.log2","msg":"dial tcp: lookup host.docker.internal on no such host","request":{"remote_ip":"","remote_port":"50443","client_ip":"","proto":"HTTP/2.0","method":"GET","host":"","uri":"/admin/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Gpc":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":""}},"duration":0.035136537,"status":502,"err_id":"t7aj6iqib","err_trace":"reverseproxy.statusError (reverseproxy.go:1265)"}

OK I've solved the issue, turns out if a container is running with network_mode: host, you can't put container name in the Caddyfile, putting in the local ip of the raspberry pi solved the issue