Is my Pi-hole secure enough?

kaspr · March 17, 2024, 1:24am

What I've done:

VPS Server hosted offsite
FQDN
Install Pi-hole & PiVPN
exposed 1 external port that forwards to port 53 for PiVPN
password protected the Pi-hole admin page with a username and password (both of which are a jumble that is over 15 characters long and the password file is stored where it isn't reachable from the internet and the password is hashed onto a .htpasswd file)
Password to log into the admin portal itself is a totally unique 15+ character password
Site is secured with SSL

What I've Noticed:
Only VPN traffic is going through the Pi-hole
API function for mobile app access does not work (because of the lighttpd user/pass requirement) ~ Fixed this issue by changing the auth.require settings for lighttpd to exclude api.php. All other urls require auth.

I'm sure there's other things I've noticed but just can't think of them now.

Anyways, is this set up secure? What more could I do if it isn't?

I set this up so that all of my devices, whether at home or not could use the Pi-hole through the VPN.

Bucking_Horn · March 18, 2024, 8:25pm

You don't need to forward that to port 53, as the VPN software will take care of routing traffic from a VPN client to the VPN peer host (including DNS and HTTP(S)).

As long as you won't expose any ports apart from the VPN one, you should be safe.

kaspr · March 20, 2024, 5:39am

Right, I didn't set up any actual forwarding, just opened the port. It uses the default port.

system · March 27, 2024, 5:40am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.