Cannot access Pi-hole's UI after installation

TentsUp · September 15, 2024, 1:17am

Hi,
Thanks for the help. I was able to get back into system. I installed Pihole and fixed most issues I thought. The DNS is not working in Pihole ? Everything else seems ok but also I cannot get my web gui up ? I am going to play with this more. If you have any idea please let me know ? Rienstall ?

Thanks

chrislph · September 15, 2024, 9:11pm

When you say "I cannot get my web gui up", what exactly are you trying, and what happens?

Try the full address:

http://pi.hole/admin/login.php

or

http://PIHOLE_IP/admin/login.php

replacing PIHOLE_IP with your Pi-hole's IP address in that last one.

Make sure your browser is not changing http to https.

rdwebdesign · September 15, 2024, 9:35pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

TentsUp · September 15, 2024, 10:52pm

Hi,
I was able to get Web interface up.
I just cannot seem to get Ftl and dns server running. It looks like I am having the port 53 and 80 conflicts ? I have tried the fixes but cannot get Ftl to run. DNS is not working either ?

Thanks

chrislph · September 16, 2024, 9:00pm

As requested by rdwebdesign earlier, please provide a debug log.

TentsUp · September 17, 2024, 2:16am

Hi ,

Thanks for the reply. I will upload the log soon as I can. Probably be Wednesday.

Thanks

TentsUp · September 18, 2024, 9:31pm

Hi,
Here is the debug log:

(moderator edit: explicit debug log removed)

Bucking_Horn · September 18, 2024, 9:44pm

For your own privacy and safety, don't post your unsanitised debug log publically.
We only ask for the token displayed after uploading the log has completed.

TentsUp · September 22, 2024, 10:30pm

Hi,
Here is my debug log:
https://tricorder.pi-hole.net/I1GWTqNi/

Thanks for the help

TentsUp · September 22, 2024, 10:29pm

Hi,
Here is my Debug Token. Sorry I am new to all of this but giving it a go.
https://tricorder.pi-hole.net/I1GWTqNi/

THanks

rdwebdesign · September 23, 2024, 12:53am

You are using an old and unsupported OS: Debian 9.

TentsUp · September 23, 2024, 8:28pm

Hi ,
I was hoping to get a work around? Will it work with Bullseye? I will try to upgrade.

Thank

TentsUp · October 7, 2024, 11:39pm

Hi,
I upgraded os to Bullseye and install Pihole. I still cannot get Dns server to run?
Here is my Debug token. Any help is appreciated.
https://tricorder.pi-hole.net/lMMColu5/
Thanks

rdwebdesign · October 8, 2024, 12:06am

pihole-FTL failed to start due to capabilities issue:


*** [ DIAGNOSING ]: Pi-hole-FTL full status
   ● pihole-FTL.service - Pi-hole FTL
     Loaded: loaded (/etc/systemd/system/pihole-FTL.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2024-10-07 16:33:42 PDT; 3min 9s ago
    Process: 1035 ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh (code=exited, status=0/SUCCESS)
    Process: 1049 ExecStart=/usr/bin/pihole-FTL -f (code=exited, status=218/CAPABILITIES)
    Process: 1051 ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh (code=exited, status=0/SUCCESS)
   Main PID: 1049 (code=exited, status=218/CAPABILITIES)

Are you restricting the OS capabilities?

TentsUp · October 8, 2024, 10:15pm

Hi,

Not at all ? I upgraded to Bullseye and was able to install Pihole .
Thanks
I am installing it on a Cloundkey Gen1.

TentsUp · October 9, 2024, 7:59pm

Hi,
I have never really tried anything like this but was reading post on repurposing my cloudkey. I have been able to get pretty far by reading post and looking into project. I was told that it was my Os and it was not supported. Was able to upgrade it. It still having with DNS not running. Any help would be appreciated. Ideas or where to start ?
Thanks

deHakkelaar · October 9, 2024, 11:14pm

Something is bugging setting capabilities via systemd directives on Cloudkey's that have been upgraded to Buster:

About Linux capabilities:

$ man capabilities
[..]
CAPABILITIES(7)       Linux Programmer's Manual      CAPABILITIES(7)

NAME
       capabilities - overview of Linux capabilities

DESCRIPTION
       For  the purpose of performing permission checks, traditional
       UNIX implementations distinguish two categories of processes:
       privileged  processes (whose effective user ID is 0, referred
       to as superuser or root), and unprivileged  processes  (whose
       effective  UID  is nonzero).  Privileged processes bypass all
       kernel permission checks, while  unprivileged  processes  are
       subject  to  full  permission checking based on the process's
       credentials (usually: effective UID, effective GID, and  sup‐
       plementary group list).

       Starting with kernel 2.2, Linux divides the privileges tradi‐
       tionally associated with superuser into distinct units, known
       as  capabilities, which can be independently enabled and dis‐
       abled.  Capabilities are a per-thread attribute.

   Capabilities list
       The following list  shows  the  capabilities  implemented  on
       Linux,  and  the operations or behaviors that each capability
       permits:

       CAP_AUDIT_CONTROL (since Linux 2.6.11)
              Enable and disable kernel  auditing;  change  auditing
              filter  rules;  retrieve auditing status and filtering
              rules.
[..]

My Buster:

$ hostnamectl
[..]
  Operating System: Raspbian GNU/Linux 10 (buster)

$ systemctl cat pihole-FTL.service
[..]
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN

Does below one report the version without errors?

pihole-FTL -v

If so, you could try hack capabilities on a file level.
For that, you could edit the systemd unit file for the pihole-FTL daemon with below one:

sudo systemctl edit --full pihole-FTL.service

Look for a line that says:

ExecStart=/usr/bin/pihole-FTL -f

And add below line above it:

ExecStartPre=setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"

So it resembles below:

$ sudo systemctl edit --full pihole-FTL.service
[..]
ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
ExecStartPre=setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"
ExecStart=/usr/bin/pihole-FTL -f
[..]

Save/exit and follow/tail the systemd journal live with below:

sudo journalctl --full --follow --unit pihole-FTL.service

In another shell session, restart the daemon with below one and check the journal for errors/warnings appearing:

sudo systemctl restart pihole-FTL.service

To check if it runs:

sudo systemctl status pihole-FTL.service

systemctl is-active pihole-FTL.service

pihole status

And on which ports its listening:

sudo ss -nltup | grep 'Netid\|pihole-FTL\|lighttpd'

Drawback is that you most likely lose the hack when you do a Pi-hole upgrade or repair.

TentsUp · October 10, 2024, 3:23am

Thanks so much. I will try this tomorrow.

Thanks again

deHakkelaar · October 14, 2024, 2:27pm

Any luck?

I forgot to put in a proper cleanup to remove capabilities for when the daemon gets stopped:

$ sudo systemctl edit --full pihole-FTL.service
[..]
ExecStartPre=setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"
ExecStart=/usr/bin/pihole-FTL -f
ExecStopPost=setcap -r /usr/bin/pihole-FTL
[..]

TentsUp · October 18, 2024, 6:17pm

Hi,
My Cloudkey is not giving me access and will not reset. I am going to try to get into it using a Direct Pc ethernet connection. Thanks for your help. I was not able to try your steps yet. I was updating apt a tried Upgrade to Maintainers version. I will update.

Thanks