I've asked about this on Reddit and additionally to a temporary solution I also got the suggestion to post a feature request.
I'd like to ability to toggle in the settings to disable the "Dashboard" features of Pi-Hole if not logged in. By that I mean the "Queries over last 24 hours", and all the other stats and to remove "Dashboard" from the main navigation and make "Login" the default page.
I've been toying with this a bit. I'm very much not a PHP developer and I'm unfamiliar with the codebase, but I have implemented a very barebones version.
Add checks in AdminLTE scripts/pi-hole/header.php for my new setup variable:
if(!$auth && (!isset($indexpage) || isset($_GET['login']) || $setupVars["STATS_HIDDEN_WITHOUT_AUTH"]))
{
$scriptname = "login";
}
.
.
.
// If auth is required and not set, i.e. no successfully logged in,
// we show the reduced version of the summary (index) page
if(!$auth && (!isset($indexpage) || isset($_GET['login']) || $setupVars["STATS_HIDDEN_WITHOUT_AUTH"])){
require "scripts/pi-hole/php/loginpage.php";
I'm not sure if there's a nicer way to implement this. Parsing the setupVars.conf file seems a bit overkill for what I'm doing, but it works. Again, I know nothing about PHP.
Two small additions in AdminLTE settings.php to add a button:
if (isset($setupVars["STATS_HIDDEN_WITHOUT_AUTH"])) {
$statshidden = $setupVars["STATS_HIDDEN_WITHOUT_AUTH"];
} else {
$statshidden = false;
}
.
.
.
<div class="form-group">
<div class="checkbox">
<label><input type="checkbox" name="statshidden" title="hide-stats"
<?php if ($statshidden){ ?>checked<?php }
?>>Hide all statistics until user logs in</label>
</div>
</div>
Run a script to save the user's settings in AdminLTE scripts/pi-hole/php/savesettings.php:
if(isset($_POST["statshidden"]))
{
exec('sudo pihole -a statshidden true');
}
else
{
exec('sudo pihole -a statshidden false');
}
break;
The change to setupVars.conf in Pi-hole advanced/Scripts/webpage.sh:
SetStatsHidden() {
if [[ "${args[2]}" == "true" ]]; then
change_setting "STATS_HIDDEN_WITHOUT_AUTH" "true"
elif [[ "${args[2]}" == "false" ]]; then
change_setting "STATS_HIDDEN_WITHOUT_AUTH" "false"
fi
}
The new checkbox in the privacy settings:
When the checkbox is ticked and the user is logged out, the dashboard redirects to the login page. I feel fairly good about these changes except perhaps the fact that I need to parse setupVars.conf in the header script. If anyone could suggest a better solution, that would be nice.
Any official solution in sight? Would rather not fiddle with the files since an update could just override the file at any time.
I would like to be able to access pihole from anywhere I want to disabling external access is not an option for me. And changing ports, subdomain etc (ie security through obscurity) is not secure.
Have you considered setting up a VPN to tunnel into your Pi-Hole when you are off your network?
I have but I'm connected to a paid one pretty much all the time. I have the webinterface open to the outside for convenience and having to switch VPNs only for that kinda defeats this purpose.
Thanks for the suggestion though.
I'll see if I'm going to tinker around and fix this myself.
I could just throw an HTTP user and password prompt infront of the interface.
This would be simple to implement in the new web interface, but more risky to implement in the PHP web interface. You might need to wait until the new web interface for this feature.
I think this is a valid request. If one is not logged in, there should be no information visible at all. I would also not make this an option in settings, but rather just disable it.
I favor keeping as is. When you open the page, it is clear that there is a Pi-hole running and the information provided is totally anonymous.
I don't think that those informations are totally anonymous. For example, if there 2 Persons which are connected to the pi-hole you can see when the other person sleep, is away or ... because you know what you did... I don't think that this is the definition of totally anonymous.
Yes, that shouldn't be a problem. The problem starts if you want to access the interface from everywhere without vpn. Then could everyone in the world see when he can break-in your home, because all person are away...
Sorry for my bad english.
Don't. Don't. Don't.
Open pull request for this feature
Edit:
After internal discussion, the developers decided to close this PR.
New attempt
