I'm a new user of v6 Pi-hole and I think it should redirect to /admin automatically. It's really very troublesome, when behind a multi-homed Nginx (as reverse proxy). Can this be implemented please?
-S
If your domain is what you set as webserver.domain in pihole.toml (or env vars in a docker container), we already have an automatic redirection / -> /admin/, however, if your domain is different, we intentionally don't do this.
The reason is that some users use IP blocking mode which replies to your clients with the IP address of your Pi-hole when a page is blocked. If the auto-redirect would fire here, too, you'd see your Pi-hole's dashboard (or the login page if you have a password) in many places on websites where you'd normally have seen the ads. This doesn't seem desired behavior.
But maybe this is an issue with your reverse proxy, please tell us more about your particular configuration:
- Have you tried setting
webserver.domain? - Are you hosting Pi-hole's dashboard on an IP address, a subdomain or maybe a path?
- ... (more interesting points about your reverse proxy setup)
I have three options here:
- use:
pihole.example.net - use:
www.example.net/pihole - Don't use any hostname assigned to pihole, let Nginx handle it
At this moment, I left the original pi.hole as the domain but accessing it with pihole.example.net as I spent enough time to make www.example.net/pihole to work, because of that static path.
So, based on what you mentioned, for option #1 and #2, what will be the host.domain to get the auto-redirect work?
This is my current Nginx configuration, FYI.....
upstream local {
server 127.0.0.1:8008;
}
server {
listen 80;
listen [::]:80;
server_name pihole.example.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name pihole.example.net;
## Server Logs
access_log /var/log/nginx/pihole_access.log;
error_log /var/log/nginx/pihole_error.log error;
## TLS Configuration
ssl_certificate /etc/nginx/ssl/fullcrt.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
## Extra Security
add_header Strict-Transport-Security max-age=31536000;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
location = / {
return 301 /admin;
}
location /admin/ {
proxy_pass http://local/admin/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/ {
proxy_pass http://local/api/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
-S
Neither domain nor host.domain are valid Pi-hole configuration options, and they don't appear in your nginx configuration either, so its unclear what you would be asking about.
Please share the output of:
sudo pihole-FTL --config webserver.domain
As @DL6ER has explained, automatic redirection to /admin works for whatever you've configured in webserver.domain.
I'm very new to pi-hole so probably didn't understand what was meant by webserver.domain but domain indeed a valid configuration option.
The result of this command:
root@mgtcnrpi5:~# pihole-FTL --config webserver.domain
pi.hole
basically the output of this:
in
/etc/pihole/pihole.toml in the form of webserver.domain, as far as I understand.
And that obviously won't appear in my Nginx config file, as that's the whole point of using a reverse proxy.
So, for my #1 or #2 above, what gonna be my webserver.domain - that's what I was aklsing.
Your current webserver.domain value would suggest that the answer to DL6ER's question would be 'no'.
As said before, there is no domain option in your nginx configuration, but I think that you want to set webserver.domain to match the value of server_name as appearing in it: