How do I install Pi-hole on a Synology NAS?

Thanks for the great howto. One short comment from my experience on a DS212j with the latest DSM 6: the command "cat /proc/mount > /etc/mtab" did not work initialy. I had to mount proc first with the command "mount -t proc proc /proc".

3 Likes

I'm sure this is user error, but I'm stuck on step 0. Not new to linux but new to chroot... any pointers?

john@xxx01:~ $ 
john@xxx01:~ $ sudo su-
Password: 
sudo: su-: command not found
john@xxx01:~ $ sudo su -
root@xxx01:/# /var/packages/debian-chroot/scripts/start-stop-status status
Debian Chroot is not running
root@xxx01:/# /var/packages/debian-chroot/scripts/start-stop-status start
Starting Debian Chroot ...
root@xxx01:/# /var/packages/debian-chroot/scripts/start-stop-status chroot
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8)
root@xxx01:/# apt-get update
bash: apt-get: command not found
root@xxx01:/# 

edit: whoa... that was odd. After taking 5 minutes to post this question, I returned to the terminal and hit up to try the apt-get update again. Terminal output continues below:

root@xxx01:/# apt-get update
Get:1 http://debootstrap.invalid jessie InRelease
Ign http://debootstrap.invalid jessie InReleaseed in /etc/apt/trusted.gpg.d/.
Get:2 http://debootstrap.invalid jessie/main amd64 Packages/DiffIndex
Get:3 http://debootstrap.invalid jessie/main Translation-en
Get:4 http://debootstrap.invalid jessie/main amd64 Packages                        
Fetched 1306 B in 3s (428 B/s)                                                       
W: GPG error: http://debootstrap.invalid jessie InRelease: Could not execute 'gpgv' to verify signature (is gpgv installed?)
W: Failed to fetch copy:/var/lib/apt/lists/partial/debootstrap.invalid_dists_jessie_main_i18n_Translation-en  Invalid file format

W: Failed to fetch copy:/var/lib/apt/lists/partial/debootstrap.invalid_dists_jessie_main_binary-amd64_Packages  Invalid file format

E: Some index files failed to download. They have been ignored, or old ones used instead.
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
root@xxx01:/# 

Maybe on my DS1812+ it takes some time to enable chroot?? But what about the gpgv error?

edit2: no clue what's going on... but running apt-get update again got me past the gpgv error. At this point I'm just posting my trial and error in case anyone else runs across the same issue. Seems like stubborn persistence is key. :grinning:

Thanks for the great howto. One short comment from my experience on a DS212j with the latest DSM 6: the command "cat /proc/mount > /etc/mtab" did not work initialy. I had to mount proc first with the command "mount -t proc proc /proc".

Thanks, this worked form me:

root@xxx01:/home# cat /proc/mounts > /etc/mtab
cat: /proc/mounts: No such file or directory
root@xxx01:/home# mount -t proc proc /proc
root@xxx01:/home# cat /proc/mounts > /etc/mtab
root@xxx01:/home# 

Ok, I seem to be troubleshooting 2 different issues now. I think they are unrelated but let me know what you think:

Issue 1
Lighttpd & Dnsmasq both install/run without a problem and Pihole seems to be running fine but I can't get my Router (Fios Actiontec G1100) to propagate the new DNS setting. All devices still point DNS to the router/gateway after a reboot/network restart.

For clarity, in the router I'm setting the DNS to the PiHole/Synology IP at the following location (My Network -> Network Connections -> Broadband Connection -> Settings -> DNS Server). After a few router and client reboots, I couldn't get any client to show the new DNS settings.

Figuring this was just a router issue and wanting to test out PiHole, I moved forward setting the DNS settings on my Macbook client manually to the PiHole/Synology IP. This worked, (and wow was it fast, with no ads) but led to my 2nd issue...

Issue 2
I lost the Admin console. Wanting to see the stats page fill out, I went to see the admin console and got this:
Failed Host Check: pi.hole:8082 vs http://xxx.xxx.xxx.xxx, http://pi.hole, http://pi.hole, http://localhost

where xxx.xxx.xxx.xxx is the PiHole/Synology IP.

I should note that at some point today I ran pihole -r and it updated to 2.10. This error only showed up after that. Not sure if it's a lighttpd error or PiHole error but Google comes up with nothing for either.

Again, ad blocking seems to be working - just can't see the admin console:

root@xxx01:/# curl -i http://pi.hole:8082/admin/api.php?summary
HTTP/1.1 200 OK
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
Set-Cookie: PHPSESSID=3imohdj3r5b18m2i35q90sk7l3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 21 Dec 2016 21:27:06 GMT
Server: lighttpd/1.4.35

Failed Host Check: pi.hole:8082 vs http://xxx.xxx.xxx.xxx, http://pi.hole, http://pi.hole, http://localhostroot@syn01:/# 

Any ideas? thx!

Edit: seems I can't have more than 3 posts in this thread because I'm new. To answer the question in the next post, yes 8082 in the lighttpd.conf with a restart. Does 8082 go anywhere else?

An you configured it on 8082? And restarted lighttpd after that?

Hi,

I'm experencing the same issue (as johnny above Issue 2) since upgrading last night to 2.10, i installed using the original sequence (inital post) and was working fine but admin panel was broken after the upgrade. I've tried reinstalling and running though the commands again (editing ports, restarting services etc.) but no luck. It appears in the logs that all is working and blocks are happening just the admin panel isn't loading.

I initally just ran "pihole -up" in chroot and all updated fine but appered to disable the web panel. Then tried a full reinstall selecting all the same settings as before but no luck, tried different settings (interfaces etc.) but still no luck. all services are running and logs are fine.

I'll keep trying and post if i figure it out, if not I'll post logs

This is my first install, and i am experiencing the same issues as johnny2678 with the

"Failed Host Check: pi.hole:31415 vs http://xxx.xxx.xxx.xxx, http://pi.hole, http://pi.hole, http://localhost"

The DNS server seems to be working just fine, but the admin panel is not accessible. I have tried reinstalling.

Since BeRoKr is experiencing the same issue i think this is linked to the recent version upgrade.

Investigated some more, found this in the auth.php file:

root@DiskStation:/# grep -rnw '/' -e "Failed Host Check"

/var/www/html/admin/php/auth.php:37: log_and_die("Failed Host Check: " . $_SERVER['HTTP_HOST'] .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));

The code that generates the $AUTORIZED_HOSTNAMES array does not account for installations that deviate from the standard web port of your browser when checking for host header spoofing. And good luck getting port 80 unbound on your Synology. Because i first tried for an hour to get Synology unbound web server from port 80, and it apparently was easier to fix the source code.

Here is the fix:

File: /var/www/html/admin/php/auth.php

// Check CORS
$AUTHORIZED_HOSTNAMES = array(
    'http://' . $ipv4 . ':' . $_SERVER['SERVER_PORT'],
    'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'],
    'http://pi.hole' . ':' . $_SERVER['SERVER_PORT'],
    'http://localhost'  . ':' . $_SERVER['SERVER_PORT'],
);

I have made a pull request here: https://github.com/pi-hole/AdminLTE/pull/279

4 Likes

Saw the response and the link from the Github/Changelog pages thought I'd link for anyone else:

Issue has been picked up and now is WIP #275

2 Likes

Thank you cbgj, This fixed my problem!

Minor note: the last comma is not needed after 'http://localhost' . ':' . $_SERVER['SERVER_PORT'],

1 Like

Thanks cbgj same as noudklaver all fixed with this modification

Now there is an official fix Add support for port != 80

1 Like

Typing /var/www/html/admin/php/auth.php

I got permission dennied.

I logtin as admin then sudo -i and starting chroot.

You don't have to do anything. My changes have been merged five days ago and are available as an update since a few days. No need to change any files when your web UI is up-to-date (> v2.0)

hmm, I must be missing something. Again, probably user error. The web interface loads now with v2.2 when I'm on a non standard port (8082), but when I try and change pihole settings (ex. enable DHCP server or change upstream DNS) through the GUI, i get the same message again:

Failed CORS: http://x.x.x.x:8082 vs http://x.x.x.x, http://x.x.x.x, http://pi.hole, http://localhost

any ideas?

::: Pi-hole version is v2.10.2 (Latest version is v2.10.2)
::: Web-Admin version is v2.2 (Latest version is v2.2)```

This is probably a bug on our part. We modified one security check to allow custom ports, but didn't change the CORS security check. We'll fix it for the next update.
See here for the code in question: https://github.com/pi-hole/AdminLTE/blob/master/php/auth.php#L50

Edit: You can try out the changes in this PR:

2 Likes

Thanks for the quick reply @Mcat12. Will try the changes and post back.

@johnny2678

Replace you /var/www/html/admin/php/auth.php by this updated file:

https://raw.githubusercontent.com/pi-hole/AdminLTE/devel/php/auth.php

The issue will be fixed in the next release as the corresponding PR has already been merged.

1 Like

Thanks @DL6ER! I had tried pasting in the changes to the file manually but it didn't take for some reason. Replacing the whole file did the trick.

Just to confirm, once the next release is out are these the steps I need to take to roll back my local changes and use the git master?

cd /var/www/html/admin
sudo git reset --hard
sudo git checkout master
sudo git pull

You won't have to do anything. We prepared the updater such that any local changes will be stashed so that the update can be applied straightforwardly.

1 Like