[New Install] 403, Permission issue? (PORT ISSUE WITH NGINX)

nulrie · May 31, 2025, 7:53am

This is a new install of the latest pihole on a Linux Mint machine.

I had an nginx server running, and had no prompts during install about which web server to use or select.

I added a section to my sites-enabled, which is:

server {
    listen 80;

    server_name 192.168.1.142;
    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;


	access_log /var/log/nginx/pihole.spawningpool.net.log;
	error_log /var/log/nginx/error.pihole.spawningpool.net.log;


    location ~ \.php$ {
        include /etc/nginx/mime.types;
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
}

I added this section as I was getting a 404 using my LAN IP over http/https. After this, I only receive 403 responses from my web server (http://192.168.1.142/admin). I am wondering if this is due to the permissions on all files (-rw-r--r--) and directories (-rw-r--r--), both under user and group root:root, in /var/www/html/admin. Would it be safe to change this using chmod 644 /var/www/html/admin -R (EDIT: 644 is the default perms for files) or do I need to also change the user and group (EDIT: pihole:pihole and www-data:www-data did not work for me)?

Bucking_Horn · May 31, 2025, 8:01am

Pi-hole comes with its own embedded webserver, which may conflict with your nginx if configured for the same ports. If they are on separate ports already, your nginx configuration would have to be adjusted for Pi-hole's ports.

You should check your Pi-hole's current web ports.
Please share the output of:

sudo pihole-FTL --config webserver.port

nulrie · May 31, 2025, 8:03am

OK yeah its a port conflict. What is the appropriate configuration file to edit to change these in pihole? I can easily setup a reverse proxy using proxy-pass in nginx.

Bucking_Horn · May 31, 2025, 8:09am

If you'd provided the output I've requested, I could have supplied a suggestion, by adopting webserver.port.

With Pi-hole v6, there is a variety of ways to configure things, see Introducing Pi-hole v6 » 3. Consolidated Configuration Files.

nulrie · May 31, 2025, 8:13am

If you needed it "word for word", 80o,443os,[::]:80o,[::]:443os, confirming a conflict with nginx.

I was able to find the /etc/nginx/nginx.toml file where these are set, then restart pihole using sudo pihole disable & sudo pihole enable.

Bucking_Horn · May 31, 2025, 8:32am

To move your Pi-hole's web server to other ports (e.g. 8088/HTTP and 8443/HTTPS), you could do so via CLI:

sudo pihole-FTL --config webserver.port '8088o,8443os,[::]:8088o,[::]:8443os'

webserver.port allows for very flexible configuration of Pi-hole's embedded webserver listening behaviour. Both pihole.toml and Pi-hole's web UI's Settings | All settings » Webserver and API have a quite comprehensive description.
All settings is available in Expert mode only.

Those commands do disable and enable Pi-hole's blocking feature; they don't restart Pi-hole.

If you reconfigure webserver.port by any of the means as described in my link above, you won't need to restart Pi-hole (except when using environment variables for a Pi-hole Docker container).

system · June 21, 2025, 8:33am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.