Host website alongside Pi-Hole interface

i6nfinity · May 10, 2020, 3:11pm

How to: Host another website alongside the Pi-Hole admin interface on your Raspbian installation.

1.Create a new folder for your web server in the same folder, the files for the Pi-Hole interface are stored:

mkdir /var/www/html/myserver

It's usually /var/www/html/, but you can look it up in your lighttpd config (stored at /etc/lighttpd/lighttpd.conf) where it is referred to as server.document-root.

2.Set ownership to user www-data:

chown www-data:www-data /var/www/html/myserver

3.Enable virtual hosts:

sudo lighty-enable-mod simple-vhost
sudo service lighttpd force-reload

4.Configure your lighttpd server. Edit /etc/lighttpd/external.conf using this scheme:

$HTTP["host"] == "<DOMAIN>" {
	<YOUR CONFIG>
}

Example

$HTTP["host"] == "my.server" {

    server.modules = (
        "mod_access",
        "mod_accesslog",
        "mod_auth",
        "mod_expire",
        "mod_compress",
        "mod_redirect",
        "mod_setenv",
        "mod_rewrite"
    )

    server.document-root = "/var/www/html/myserver/"
    server.error-handler-404 = "index.php"
    server.errorlog = "/var/log/lighttpd/error.log"
    server.username = "www-data"
    server.groupname = "www-data"
    server.port = 80

    index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
    url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
    static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
    compress.cache-dir          = "/var/cache/lighttpd/compress/"
    compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

    mimetype.assign   = ( ".png"  => "image/png",
                        ".jpg"  => "image/jpeg",
                        ".jpeg" => "image/jpeg",
                        ".html" => "text/html",
                        ".css" => "text/css; charset=utf-8",
                        ".js" => "application/javascript",
                        ".json" => "application/json",
                        ".txt"  => "text/plain",
                        ".svg"  => "image/svg+xml" )
}

5.Check the syntax of your config:

lighttpd -t -f /etc/lighttpd/external.conf

It should return "Syntax OK".

6.Restart lighttpd:

sudo systemctl restart lighttpd

7.Add the domain to your PiHole:

Pi-Hole 5+:
Add the domain using the Local DNS Records section in the web interface.

Older Versions:
Edit "local.list" and add an entry following this scheme:

<Pi-Hole IP> <Domain>

jeffduncan · November 7, 2020, 8:20pm

I have added a website on lighttpd alongside of pi-hole on a Raspi 3B+; everything works fine. Will my added website continue to work after a pi-hole update?

i6nfinity · November 7, 2020, 11:15pm

Yes. That's what the external.conf is for.

jeffduncan · November 8, 2020, 2:41am

... but that does nothing to protect non pi-hole files in /var/www.

i6nfinity · November 8, 2020, 10:14am

As far as I know the Pi-Hole install script won't just replace any directories in /var/www/html/. The only things that might be changed are /var/www/html/index.lighttpd.html, /var/www/html/admin and /var/www/html/pihole.

What will be changed are some permissions:

## L.56
# Set the owner and permissions
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} ${webroot}
chmod 0775 ${webroot}

jeffduncan · November 8, 2020, 12:57pm

Thank you, i6nfinity !

macphisto · December 12, 2020, 1:10am

Would it be possible to list the remaining steps to expose this externally?

For example, at router open up port 80 to point to the pihole server address.

I've done that as well as tried to map a more generic host address:
$HTTP["host"] =~ "(^|.)example.org$"
and lighthttpd serves the pages when using the local pihole IP, but externally it appears to result in a permissions error (only evidence is "connection reset" message from browser).

macphisto · December 12, 2020, 2:19am

I figured this out. User error. For anyone else stumbling upon it, I had told the router to forward a 'single port' of 80-81 rather than a range. Seems to work as suggested above. Thanks for the article.

Will_Galan · December 15, 2020, 2:14am

Hi,

Your router support port forwarding? You need to set this if you want to access any service using your external IP.

You want to access your pi-hole from the Internet, lets say that your Internet facing IP is 188.152.173.218 and your pi-hole server internal address is 10.0.0.2/admin/ you need to forward inbound port 80 queries to port 80 of the internal ip in order to get access from the Internet.

wg

Kangkan · February 6, 2021, 6:39pm

I tried this to restore my owncloud instance after I installed pi-hole on top of the Apache. Owncloud was running happily after. Now I'm not sure how to get this resolved.

sally · February 8, 2021, 7:07am

Awesome guide at i6nfinity

at Kangkan does your owncloud and pihole use the same MySQL and Apache?

I wonder if you can tap into Pihole's MySQL.

aanset · February 14, 2021, 12:28am

Thank you i6nfinity . This is what I am looking for.
Let me try it now.

dunxd · May 4, 2021, 10:30am

After following these instructions to serve a site containing my wpad file, I get a PiHole message that the site is blocked because it isn't listed in any blacklist.

When I whitelist the domain I get a PiHole message just saying access has been denied.

Technical info on the page says it is in 1 of 4 lists, and then says [π].

Query lists shows the site is only in Exact whitelist.

What is going wrong here?

In the query logs and using dig I can see the hostname is being resolved successfully by pihole and the correct result returned to the client. lighttpd is serving the Website blocked page when it receives a request for anything other than pihole or pi.hole.

Here is my external.conf file:

$HTTP["host"] == "wpad.home.arpa" {
        server.document-root = "/var/www/wpad/"
        mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig",
                            ".html" => "text/html" )
        index-file.names        = ( "index.html")
}

All restarts of lighttpd have been done etc. Is it possible that lighty-enable-mod simple-vhost is not enabling vhosts?

dunxd · May 4, 2021, 6:07pm

Ok - figured out where the problem is - my lighttpd does not run the external.conf file - I'm using dietpi as my OS and I think this comes with lighttpd and a different config. I don't recall.

If the file is saved in /etc/lighttpd/conf-enabled it will get included by the line

`include "/etc/lighttpd/conf-enabled/*.conf`

in /etc/lighttpd/lighttpd.conf - I have tested this and it works.

That location probably isn't the best place to add custom configs long term. Does it get overwritten when upgrading pihole or dietpi?

jfb · May 4, 2021, 6:52pm

Yes. As indicated in the top of that file:

###############################################################################
#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#              CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:              #
#                         /etc/lighttpd/external.conf                         #
###############################################################################

dunxd · May 4, 2021, 7:08pm

That is absent at the top of my lighttpd.conf file. If I am using the dietpi install of pihole, might I be using a different version of lighttpd that doesn't handle external.conf?

Note that I am not editing lighttpd.conf - just putting the external.conf in a place that my lighttpd does look in for additional configuration directives.

jfb · May 4, 2021, 7:15pm

Since you are have a specific question regarding DietPi, please contact the DietPi maintainer:

DanSchaper · May 4, 2021, 7:31pm

Yes, DietPi uses lighttpd with it's own configurations to allow users to install multiple applications via dietpi-software. As jfb mentioned, you'll need to check with DietPi to be sure that any modifications you make are not going to break anything or be reverted.

karlitos · April 10, 2022, 9:04am

Hello, and thank you very much for the How-To. I set up the Baikal CalDav/CardDav server alongside my Pi-Hole according to the instructions.

It works great if I use a simple custom domain like baikal. I pointed the the baikal domain to the IP of my Pi-Hole instance in the Local-DNS setup. My lighttpd setup looks like this:

$HTTP["host"] == "baikal" {
    server.modules = (
        "mod_access",
        "mod_redirect",
        "mod_rewrite"
    )

    server.document-root = "/var/www/html/baikal/html/"
    server.errorlog = "/var/log/lighttpd/error.log"
    accesslog.filename = "/var/log/lighttpd/access.log"
    server.username = "www-data"
    server.groupname = "www-data"
    server.port = 80
    index-file.names = ( "index.php", "index.html" )

    $HTTP["url"] =~ "/(\.ht|Core|Specific|config)/" {
        url.access-deny = ("")
    }

    url.redirect = (
        "^/.well-known/caldav"  => "/dav.php",
        "^/.well-known/carddav" => "/dav.php"
    )
}

Then I can access the Baikal server in my local network under: http://baikal/.

I need to set up HTTPS for the baikal server, since CardDdav won't work under MacOS. Therefore I was thinking about using Let's Encrypt Certbot and using some publicly accessible domain which I would locally override in the Local-DNS Setting on PiHole and get a certificate for it. I decided to go with pim.app

So I added pim.app to the Local-DNS settings on Pi-Hole - pointing it to it's local IP Address and changes the lighttpd settings to

$HTTP["host"] == "pim.app" {

Sadly, in that case I get a ERR_CONNECTION_REFUSED page in the browser.

I do not now whether this is a DNS error or misconfigured lighttpd Here is the output of dig pim.app

; <<>> DiG 9.10.6 <<>> pim.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61305
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pim.app.			IN	A

;; ANSWER SECTION:
pim.app.		0	IN	A	192.168.178.4

;; Query time: 41 msec
;; SERVER: 192.168.178.4#53(192.168.178.4)
;; WHEN: Sun Apr 10 11:02:55 CEST 2022
;; MSG SIZE  rcvd: 52

thebard · March 12, 2024, 1:36pm

Hi I am trying to setup baikal and Pihole on the same lighttpd/RPi.
Pihole runs fine! I am having problems with php.

Firefox will display
192.168.1.10/baikal/html/index.html
correctly BUT not
192.168.1.10/baikal/html/index.php.
The index.php gives a permission denied error.

If you have this working can you tell me what owner:group and permissions you have on the baikal folder and sub-folders and files.

Could you also post your /var/lighttpd/lighttpd.conf file.

In the OP they said to edit external.conf but I dont want this to be accessible outside my LAN so can i put that stuff in lighttpd.conf file.