Docker-compose admin UI not accessible via browser

Manolo · August 12, 2023, 10:35pm

Hi,

I'm running a raspberry pi with Debian 11. Got the default docker-compose file from Github and I changed only the web port and the time zone. Local IP of the raspberry pi is 10.0.55.85

docker-compose:

version: "3"

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "10080:80/tcp"
    environment:
      TZ: 'Europe/Berlin'
      WEBPASSWORD: 'securepass'
    # Volumes store your data between container upgrades
    volumes:
      - '/opt/docker/pihole/etc-pihole:/etc/pihole'
      - '/opt/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)

Expected Behaviour:

Opening http://10.0.55.85:10080/admin/ should redirect and show the admin page
Opening http://10.0.55.85:10080/admin/login.php should show the admin page

OS: Debian 11 on a rasp pi

Actual Behaviour:

In Chrome I always get the error "This site can't be reached" although a curl in terminal is working
I also tried the web interface in Safari and I get only a blank page

Don't know what's the issue I mean the compose file is default. I also change the DNS pointing to 10.0.55.85 but no chance to get the admin page.

rdwebdesign · August 12, 2023, 11:09pm

Does this work from a different device (another computer or phone)?

Manolo · August 13, 2023, 9:06am

Nope same behaviour. I tested Safari and Chrome on different MacBooks and on my iPhone no luck at all.

Manolo · August 13, 2023, 11:03am

That's weird!
I've added an nginx reverse proxy with this config:

server {
	server_name pihole.example.com;
        listen 80;
        access_log /var/log/nginx/access.log speciallog;
        location / {
		proxy_pass http://172.29.0.2:80;
	}
}

It also works with my internal IP 10.0.55.85.

Manolo · August 13, 2023, 6:05pm

Any idea what could be the issue with pihole? Why isn't it possible to browse the admin UI directly via browser?

ngxson · August 13, 2023, 8:44pm

Here's something you can try:

Check if port 10080 is blocked by your firewall
Check if MTU is the same on all machines
Maybe try with a hello world HTTP server to see if you get the same problem? Use this image: https://hub.docker.com/r/strm/helloworld-http/

Manolo · August 14, 2023, 10:04am

Hi,
well I've tested the connectivity with curl and nectat. Both working fine. So I guess something weird is being sent by lighttpd.
Even if I try to open http://10.0.55.85:10080/admin/ or http://10.0.55.85:10080/admin/login.php doesn't work. Btw I'm not using any firewall for my internal network.

DanSchaper · August 14, 2023, 7:28pm

Can you post the exact response from curl -I http://10.0.55.85:10080/admin/ and curl -I http://10.0.55.85:10080/?

Might also need to curl -IL if you are using redirects. I'm looking for the header information that is returned with those curl calls.

DanSchaper · August 14, 2023, 7:29pm

Can you also post a screenshot of the browser window including the URL?

Manolo · August 15, 2023, 1:53pm

Sorry for the late reply. I executed the curls on my local machine a macbook pro.

manuel@Manuels-MacBook-Pro ~ % curl -I http://10.0.55.85:10080/
HTTP/1.1 301 Moved Permanently
Location: /admin/
Date: Tue, 15 Aug 2023 13:47:00 GMT
Server: lighttpd/1.4.59

manuel@Manuels-MacBook-Pro ~ % curl -I http://10.0.55.85:10080/admin/
HTTP/1.1 302 Found
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=4gkkkbqu9ompp2mh9mol9enqri; path=/; HttpOnly; SameSite=Strict
Location: login.php
Content-type: text/html; charset=UTF-8
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline';
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: same-origin
Date: Tue, 15 Aug 2023 13:47:18 GMT
Server: lighttpd/1.4.59

manuel@Manuels-MacBook-Pro ~ %

And the screenshot from chrome:

As you can see the curl looks promising but no way to open the url in chrome or any other browser. Regardless which machine.

DanSchaper · August 16, 2023, 1:14am

The curl shows that lighttpd is providing all of the content, headers and information that it is set up to do. So the issue isn't there, Pi-hole is fully functional. (Note the X-Pi-hole header for confirmation.)

I think your issue is with the browser or the underlying OS. Note the very last line of the page display: ERR_UNSAFE_PORT which is Chrome telling you that it is blocking your access to http on port 10080. There's a few options that show up from a quick web search on that error, how you wish to address it is up to you.

Manolo · August 17, 2023, 4:43pm

...just read about the ALPACA attack....this seems to be related to port 10080 what a shame...so problem solved

Bucking_Horn · August 17, 2023, 5:02pm

If you'd stick with port 10080, you'd have to take it up with G**gle's developers then:

They are the ones deciding which ports to consider unsafe:

// The general list of blocked ports. (...)
(...)
const int kRestrictedPorts[] =  = {
    1,      // tcpmux
(...)
    10080,  // Amanda
};

(source: Chromium /net/base/port_util.cc)

system · September 7, 2023, 5:03pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.