Configuring webui server port in a update-safe way

Help docker
1

Hey all,

I am trying to change the webui port in an update-safe way (i.e. persists updates with no manual effort).

Based on some older posts in this forum, it seems like this used to be possible via /etc/lighttpd/external.conf but now needs to be done via a .conf file placed in /etc/lighttpd/conf-enabled/. Based on this, I created /etc/lighttpd/conf-enabled/15-lighttpd-external.conf with the following content:

server.port := 7069

Expected Behaviour:

The server binds to port 7069

Actual Behaviour:

Unfortunately, pihole is still trying to bind to port 80. I get a bunch of these errors in my container logs:

2023-06-12 15:39:21: network.c.369) can't bind to socket: [::]:80: Address already in use

I have verified that my custom conf file has the expected content:

root@pihole:/# cat /etc/lighttpd/conf-enabled/04-external.conf
server.port := 7069

Debug Token:

Here are the lighttpd related lines from my debug log. I can post the entire log if needed.

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 2.2K Jan 19  2022 /etc/lighttpd/lighttpd.conf
   server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
   )
   server.document-root        = "/var/www/html"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   server.feature-flags       += ("server.h2proto" => "enable")
   server.feature-flags       += ("server.h2c"     => "enable")
   server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
   server.http-parseopts = (
     "header-strict"           => "enable",# default
     "host-strict"             => "enable",# default
     "host-normalize"          => "enable",# default
     "url-normalize-unreserved"=> "enable",# recommended highly
     "url-normalize-required"  => "enable",# recommended
     "url-ctrls-reject"        => "enable",# recommended
     "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
     "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
   )
   index-file.names            = ( "index.php", "index.html" )
   url.access-deny             = ( "~", ".inc" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.conf.pl"
   include "/etc/lighttpd/conf-enabled/*.conf"
   server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
   )

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf.d
/etc/lighttpd/conf.d does not exist.

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf-enabled
total 8.0K
-rw-rw-r-- 1 1000 pihole  20 Jun 12 15:12 04-external.conf
lrwxrwxrwx 1 root root    32 May 30 13:51 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root    35 May 30 13:51 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root    33 May 30 13:51 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
-rw-r--r-- 1 root root   215 Jun 12 16:46 15-pihole-admin-redirect-docker.conf
lrwxrwxrwx 1 root root    38 May 30 13:51 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf

lrwxrwxrwx 1 root root 38 May 30 13:51 /etc/lighttpd/conf-enabled/15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
   server.errorlog := "/var/log/lighttpd/error-pihole.log"
   $HTTP["url"] =~ "^/admin/" {
       server.document-root = "/var/www/html"
       server.stream-response-body = 1
       accesslog.filename = "/var/log/lighttpd/access-pihole.log"
       accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
       fastcgi.server = (
           ".php" => (
               "localhost" => (
                   "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
                   "bin-path" => "/usr/bin/php-cgi",
                   "min-procs" => 1,
                   "max-procs" => 1,
                   "bin-environment" => (
                       "TZ" => "America/Chicago",
                       "PIHOLE_DOCKER_TAG" => "",
                       "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
                       "CORS_HOSTS" => "",
                       "VIRTUAL_HOST" => "pihole",
                       "PHP_FCGI_CHILDREN" => "4",
                       "PHP_FCGI_MAX_REQUESTS" => "10000",
                   ),
                   "bin-copy-environment" => (
                       "PATH", "SHELL", "USER"
                   ),
                   "broken-scriptfilename" => "enable",
               )
           )
       )
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY",
           "X-XSS-Protection" => "0",
           "X-Content-Type-Options" => "nosniff",
           "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
           "X-Permitted-Cross-Domain-Policies" => "none",
           "Referrer-Policy" => "same-origin"
       )
       $HTTP["url"] =~ "^/admin/\." {
           url.access-deny = ("")
       }
       $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
           $HTTP["referer"] =~ "/admin/settings\.php" {
               setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
           }
       }
   }
   else $HTTP["url"] == "/admin" {
       url.redirect = ("" => "/admin/")
   }
   $HTTP["host"] == "pi.hole" {
       $HTTP["url"] == "/" {
           url.redirect = ("" => "/admin/")
       }
   }
   server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )
2

This line include "/etc/lighttpd/conf-enabled/*.conf" instructs lighttpd to load all files inside conf-enabled. They are loaded in alphabetic order.

Your 04-... file will be loaded BEFORE the 15-pihole-admin.conf and the port will be set to 80.

Rename your file to something like 15-pihole-external.conf.

Edit:
After some tests, I realize the file naming is not important in this case.

3

Thanks for the reply. Unfortunately, I am still receiving the can't bind to socket error. Here's the new debug log:

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf-enabled
total 8.0K
lrwxrwxrwx 1 root root    32 May 30 13:51 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root    35 May 30 13:51 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root    33 May 30 13:51 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
-rw-r--r-- 1 root root   215 Jun 12 17:51 15-pihole-admin-redirect-docker.conf
lrwxrwxrwx 1 root root    38 May 30 13:51 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
-rw-rw-r-- 1 1000 pihole  20 Jun 12 15:12 99-external.conf
4

Just to be sure:
Did you restart lighttpd after renaming the file?

5

I am running in docker compose environment and bringing pihole up/down each time. I exec'd into the container and tried to restart lighttpd but got the same error:

root@pihole:/# /etc/init.d/lighttpd restart
Stopping web server: lighttpd.
Starting web server: lighttpd2023-06-12 17:59:37: network.c.369) can't bind to socket: [::]:80: Address already in use
 failed!
root@pihole:/# ls -l /etc/lighttpd/conf-enabled/
total 8
lrwxrwxrwx 1 root root    32 May 30 13:51 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root    35 May 30 13:51 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root    33 May 30 13:51 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
-rw-r--r-- 1 root root   215 Jun 12 17:57 15-pihole-admin-redirect-docker.conf
lrwxrwxrwx 1 root root    38 May 30 13:51 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
-rw-rw-r-- 1 1000 pihole  20 Jun 12 15:12 99-external.conf
root@pihole:/# cat /etc/lighttpd/conf-enabled/99-external.conf
server.port := 7069
6

Here's another test ensuring that the pihole user can truly access 99-external.conf:

root@pihole:/etc/lighttpd/conf-enabled# sudo -u pihole cat /etc/lighttpd/conf-enabled/99-external.conf
server.port := 7069
7

Maybe there is something else broken on the web server config.

What is the output of the following command inside the container? Any error?

lighttpd -tt -f /etc/lighttpd/lighttpd.conf
8

No errors for lighttpd.conf, but when trying it with 99-external.conf or 15-pihole-admin.conf it does complain:

root@pihole:/etc/lighttpd/conf-enabled# root@pihole:/etc/lighttpd/conf-enabled# lighttpd -tt -f /etc/lighttpd/lighttpd.conf
root@pihole:/etc/lighttpd/conf-enabled# echo $?
0
root@pihole:/etc/lighttpd/conf-enabled# lighttpd -tt -f /etc/lighttpd/conf-enabled/99-external.conf
2023-06-12 18:13:10: configfile.c.2288) document-root is not set
2023-06-12 18:13:10: server.c.1232) setting default values failed
root@pihole:/etc/lighttpd/conf-enabled# echo $?
255
root@pihole:/etc/lighttpd/conf-enabled# lighttpd -tt -f /etc/lighttpd/conf-enabled/15-pihole-admin.conf
2023-06-12 18:13:26: configfile.c.2288) document-root is not set
2023-06-12 18:13:26: server.c.1232) setting default values failed
root@pihole:/etc/lighttpd/conf-enabled# echo $?
255

EDIT:
Here's the output on all the conf-enabled configurations:

root@pihole:/etc/lighttpd/conf-enabled# for conf in *.conf; do lighttpd -tt -f "$conf"; echo "$conf: $?"; done
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
05-setenv.conf: 255
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
10-accesslog.conf: 255
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
10-fastcgi.conf: 255
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
15-pihole-admin-redirect-docker.conf: 255
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
15-pihole-admin.conf: 255
2023-06-12 18:17:51: configfile.c.2288) document-root is not set
2023-06-12 18:17:51: server.c.1232) setting default values failed
99-external.conf: 255
9

I started debugging before you said you are using a container (That's why we ask for a full debug log).

OK. Let's start over.

You don't need to change the port inside the container. Your problem is on the docker run command.

How did you start the container?
Please post your compose file or docker run command (remove passwords and secrets).

10

Thanks for your help. After reading your message, I decided to take a look at some other options for configuring this and ended up just configuring a macvlan instead. This worked for changing the port (via the docker port mapping feature), but I also ended up using the default port now that I have a dedicated IP for my pihole instance.

11

I think macvlan is the best option, when the host OS support it.

Note:
Your original problem would have been solved using -p 7069:80.

12

Perhaps you should have explicitly mentioned that you are running a dockered Pi-hole in your initial post.

Port 80 is baked into the Pi-hole Docker image.

As you are running your Pi-hole in such a Docker container, you should be able to simply map your container's port 80 to the desired port in Docker.

Of course, that wouldn't work in Docker's host network mode, as Docker doesn't do any port mapping then.

If you'd want to switch away from port 80 when using host mode, simply set the WEB_PORT environment variable for your Pi-hole container.

13

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.