Can't reach web UI via pi.hole (but IP works)—help me debug?

rlue · May 5, 2019, 2:59am

Expected Behaviour:

http://pi.hole/admin displays web UI

Actual Behaviour:

pi.hole does not resolve

Debug Token:

https://tricorder.pi-hole.net/54maz32e88!

Setup:

Host device: Raspberry Pi 3B+
Install method: Docker (pihole/pihole)
Exposed behind an automated NGINX reverse proxy (https://github.com/Brain-Gamer/nginx-proxy)
Pi-Hole configured as DNS on: DD-WRT router

Scroll to the end of this message for complete Docker compose configurations.

My debugging so far:

My Pi-Hole’s LAN IP is 192.168.1.140.
My DD-WRT router has this IP set as the static DNS.
My DD-WRT router’s LAN IP is 192.168.1.1.
My computer has this IP set in /etc/resolv.conf.
Visiting http://192.168.1.140 in a browser takes me to the Pi-Hole splash page.
Visiting http://pi.hole in a browser fails to load.

On my laptop, using nslookup to query the pihole box for pi.hole returns 0.0.0.0:

$ nslookup pi.hole 192.168.1.140
Server:         192.168.1.140
Address:        192.168.1.140#53

Name:   pi.hole
Address: 0.0.0.0

On my laptop, using nslookup to query the default DNS for pi.hole fails:

$ nslookup pi.hole
Server:         192.168.1.1
Address:        192.168.1.1#53

*** Can't find pi.hole: No answer

If I manually modify /etc/resolv.conf to use 192.168.1.140, then nslookup pi.hole succeeds (returns 0.0.0.0), but pi.hole still doesn’t resolve in a browser.

So... what gives? Any insight would be greatly appreciated.

Docker compose configuration:

version: "2"
services:
  nginx-proxy:
    restart: unless-stopped
    image: braingamer/nginx-proxy-arm
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    environment:
      DEFAULT_HOST: pi.hole
    volumes:
      - "/home/rlue/.local/etc/nginx/certs:/etc/nginx/certs:ro"
      - /var/run/docker.sock:/tmp/docker.sock:ro
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 67:67/udp
    environment:
      TZ: Asia/Taipei
      WEBPASSWORD: "{{ pihole_password }}"
      DNS1: 1.1.1.1
      DNS2: 1.0.0.1
      VIRTUAL_HOST: pi.hole
      HTTPS_METHOD: noredirect
    volumes:
      - "/home/rlue/.local/etc/pihole:/etc/pihole"
      - "/home/rlue/.local/etc/dnsmasq.d:/etc/dnsmasq.d"
    dns:
      - 127.0.0.1
      - 1.1.1.1
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

Auto-generated NGINX reverse proxy config:

upstream pi.hole {
				## Can be connect with "nginxproxy_default" network
			# pihole
			server 192.168.16.8:80;
}
server {
	server_name pi.hole;
	listen 80 default_server;
	access_log /var/log/nginx/access.log vhost;
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass http://pi.hole;
	}
}
server {
	server_name pi.hole;
	listen 443 ssl http2 default_server;
	access_log /var/log/nginx/access.log vhost;
	return 500;
	ssl_certificate /etc/nginx/certs/default.crt;
	ssl_certificate_key /etc/nginx/certs/default.key;
}

jfb · May 5, 2019, 3:40am

From your debug log, your Pi-Hole isn't configured properly to listen on its assigned IP. I'm not sure how you got 0.0.0.0 for the confguration on Pi-Hole (this is the IP you told Pi-Hole to listen on).

*** [ DIAGNOSING ]: Networking
[âœ“] IPv4 address(es) bound to the eth0 interface:
   192.168.16.8/20 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

*** [ DIAGNOSING ]: Setup variables
    IPV4_ADDRESS=0.0.0.0

rlue · May 5, 2019, 1:22pm

Thanks for the very prompt reply. I didn't actually set any of the configuration myself; this was automatically generated based on the environment variables I passed to docker when I created the container.

Looks like I've got a good bit more digging to do, but this is a start! I'll post here with more details as I find them. Thanks again!

rlue · May 6, 2019, 1:33am

So it's come down to two things:

The ServerIP environment variable has to be set on the pihole docker container. (It should be set to the LAN IP of the machine that the container is running on.)
Even with this fix, the router's DNS is intercepting the request to pi.hole. That is, if I set /etc/resolv.conf to use the pihole box directly, http://pi.hole resolves fine. But if I set it to the router's IP, and configure the router to use the pihole box as the DNS, then it fails. So, at this point, it looks like a DD-WRT issue, and I'll go ask on their forums.

Considering this issue fixed. Thanks again for the insight!

system · May 27, 2019, 1:33am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.