Lighttpd doesn‘t Start after enabled SSL

iGodPhil · December 10, 2019, 12:48pm

Hey,

I want to enable SSL for my pihole. My problem is, that Nextcloud runs on Port 80 and 443. I changed the standard Port to 81 And ist worked but after i enabled the SSL option the Lighttpd service doesn’t start anymore. So i have to change the Port 443 because it is in use of Nextcloud and use Port 8081 because it’s free.

● lighttpd.service - Lighttpd Daemon
   Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-12-10 13:00:30 CET; 55s ago
  Process: 27810 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPT
Dez 10 13:00:30 smarthome systemd[1]: lighttpd.service: Service RestartSec=100ms expired, scheduling restart.
Dez 10 13:00:30 smarthome systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Dez 10 13:00:30 smarthome systemd[1]: Stopped Lighttpd Daemon.
Dez 10 13:00:30 smarthome systemd[1]: lighttpd.service: Start request repeated too quickly.
Dez 10 13:00:30 smarthome systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Dez 10 13:00:30 smarthome systemd[1]: Failed to start Lighttpd Daemon.

cat external.conf
$HTTP["host"] == "***nextcloud.ddns.net" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":8081" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/letsencrypt/live/***nextcloud.ddns.net/combined.pem"
    ssl.ca-file =  "/etc/letsencrypt/live/***nextcloud.ddns.net/fullchain.pem"
    ssl.honor-cipher-order = "enable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}

I followed the official instruction to enable ssl.
https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771

My Debug Token: https://tricorder.pi-hole.net/0no3anenr3

DanSchaper · December 10, 2019, 5:58pm

What does sudo /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf produce for output?

iGodPhil · December 10, 2019, 7:42pm

I think I can close the issue because meanwhile i read that lighttpd is also a webserver what i didn't know before. My nextcloud runs on a apache2 webserver and after i stoped the lighttpd webserver i can access the pi hole webpage via ssl if i type in ***nextcloud.ddns.net/admin. I've decided to delete the lighttpd server because i don't need them or are there any problems with pihole without the lighttpd webserver?

jfb · December 10, 2019, 10:03pm

No. Using lighttpd is an option in Pi-Hole.

iGodPhil · December 11, 2019, 6:13am

Thanks but is that documented anywhere? because i didn‘t found anything.

Bucking_Horn · December 11, 2019, 11:17am

Yes, it is mentioned several times in the docs, e.g. quite prominently when detailing port prerequisites.

There is even a question during installation that allows you to opt out of installing the web interface.

jfb · December 11, 2019, 1:22pm

Your debug log will show the details of your settings in /etc/pihole/setupVars.conf

system · January 1, 2020, 1:22pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.