Not able to assign WEBPASSWORD_FILE in docker compose

Help docker
1

I am attempting to move my password out of my docker compose.

I created the WEBPASSWORD_FILE environment variable, and pointed it to a file

adminpw.txt has a single line, with a password.

This password isn't passing to PiHole that I can tell, and the random password I get out of docker exec pihole -a -n doesn't work either.

What's the right format for it?

docker compose section for reference:

 pihole:
    container_name: pihole
    image: pihole/pihole:latest
    network_mode: "host"
    env_file: .env
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8080:80/tcp"
    environment:
      TZ: 'America/New_York'
      WEBPASSWORD_FILE: "/opt/pihole/secrets/admin_pw.txt"
      SERVERIP: "192.168.1.70"
    volumes:
      - "/opt/pihole/etc-pihole/:/etc/pihole/"
      - "/opt/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
    restart: unless-stopped
2

Our docker image doesn't know what WEBPASSWORD_FILE is so that's why it's not working.

If you want to remove the password from the compose file then I'd use the .env approach.

Set the .env file to have WEBPASSWORD=PaSSwORd
and then modify the compose file to show as:

environment:
  WEBPASSWORD

Compose/Docker will pull the password from the .env file since the compose variable is blank/empty.

5

I've been educated about WEBPASSWORD_FILE.

I think you have that envvar set correctly, but the guide also says that you need to set WEBPASSWORD to empty as well. Both need to be set.

Variable: WEBPASSWORD_FILE
default: unset
value: <Docker secret path>
Description: Set an Admin password using Docker secrets.
If WEBPASSWORD is set, WEBPASSWORD_FILE is ignored.
If WEBPASSWORD is empty, and WEBPASSWORD_FILE is set to a valid readable file path, then WEBPASSWORD will be set to the contents of WEBPASSWORD_FILE .
7

thanks, had some time to work on it today.

right now I have:

environment:
      TZ: 'America/New_York'
      WEBPASSWORD:
      WEBPASSWORD_FILE: '/opt/pihole/secrets/admin_pw.txt'

but it doesn't seem to be passing the contents of the admin_pw.txt file. do I not want the colon? or do I need to put a null variable?

Thank you

8

I'm sorry to jump on this rather old topic, but I'm stumbeling upon the same problem as Trekkie .

I did set the environment variables like this:

 environment:
      WEBPASSWORD:
      WEBPASSWORD_FILE: '/run/secrets/web_password'

I also deleted setupVars.conf to get rid of the old hashed password.

Then after spinning up the container, the password is set to something random. The content of the secrets-file has been ignored
I also checked if the secrets file is readable from within the container:

root@pihole:/# cat /run/secrets/web_password

my_super_secret_password

Can it be, that the documentation is missleading and the actual docker secret that is supposed to be used is the docker swarm version? Because that's where the link in the documentation is pointing to.

So one has to setup secrets by using

echo my_super_secret_password | docker secret create pihole_web_password -

I word of confirmation or a complete and proper example would be much appreciated.

Cheers,

ichnafi

10

Managed to get this working
Here's how I done it:
Step 1: Save the content of the password to /my/path/mystrongpassword
Step 2: Edit the docker-compose.yml file as follows (irrelevant sections ommited):

pihole:
...............
    environment:
      WEBPASSWORD_FILE: /run/secrets/my-strong-secret
...............
    secrets:
     - my-strong-secret
...............................
secrets:
  my-strong-secret:
    file: /my/path/mystrongpassword

I have figured it out from here
So what happens is as follows:
You create a secret called "my-strong-secret" at the end of the docker-compose.yml file

secrets:
  my-strong-secret:
    file: /my/path/mystrongpassword

You use that secret in the pihole container

    secrets:
     - my-strong-secret

Docker than uses that secret variable called "my-strong-secret" and mounts it temporarily in a file at /run/secrets/my-strong-secret

    environment:
      WEBPASSWORD_FILE: /run/secrets/my-strong-secret

I had no line for WEBPASSWORD:

Hope it helps someone.

1 Like
11

Hey Guys,

On my side, I just wanted to get rid of any clear mention of my password, either on a secret file or inside the docker compose file. What I did is just remove the WEBPASSWORD from the compose.
Then I logged into the container environment by typing:
docker exec -it <yourpiholecontainer> bash
and just run the pihole -a -p command to reset my password.
Hope this helps.

12

You can do it in a single step:

docker exec -it <yourpiholecontainer> pihole -a -p