Pi-hole admin interface does not respond after installation on Synology

Greetings,

After installation, I am unable to reach the admin interface for Pi-hole. I have attempted installation through three methods.

In the most recent attempt, port 8080 was used, and I attempted to connect via the following URL:
http://192.168.1.250:8080/admin

This is my debug log:
https://tricorder.pi-hole.net/oriUWw7m/

Pi-hole appears to be running. The log, after this method, contains the interesting note: Without proper router DNAT forwarding to 192.168.1.250:8080, you may not get any blocked websites on ads

My Synology has a fixed IP of 192.168.1.250
My Synology connects to UniFi networking equipment via a bonded connection of LAN 1/2. pihole ifconfig showed bond0 as the interface the appropriate IP was assigned to. I imagine this could be problematic under the current install method, but when I set up network interfaces in one of the methods below that did not seem to work either (which, of course, could easily be user error).
Firewall rules exist as instructed.

Here is the most recent method I attempted:

I also attempted both methods here:

Thanks for any feedback! Greatly appreciated.

James

That isn't a Pi-hole message (and in addition, it's just wrong).
What log does contain that message?

Also, please share your docker-compose or docker run file, or any other equivalent of your Pi-hole container's configuration details.

Hi @Bucking_Horn, thank you for your response.

This is not Docker, but “Container Manager,” which seems to be the alternative provided by Synology on DiskStation Manager 7.x+.

The note you commented on was in the run log.

Here is a link to the run long HTML export:
https://jpeirce.com/temp/pihole/pihole.html
I stopped and started the service so the startup routine would be in the recent log history, which seems to be fully capture in that dataset.

Here is the configuration JSON:

{
   "CapAdd" : null,
   "CapDrop" : null,
   "cmd" : "",
   "cpu_priority" : 0,
   "enable_publish_all_ports" : false,
   "enable_restart_policy" : true,
   "enabled" : false,
   "env_variables" : [
      {
         "key" : "PATH",
         "value" : "/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      },
      {
         "key" : "phpver",
         "value" : "php"
      },
      {
         "key" : "PHP_ERROR_LOG",
         "value" : "/var/log/lighttpd/error-pihole.log"
      },
      {
         "key" : "IPv6",
         "value" : "True"
      },
      {
         "key" : "S6_KEEP_ENV",
         "value" : "1"
      },
      {
         "key" : "S6_BEHAVIOUR_IF_STAGE2_FAILS",
         "value" : "2"
      },
      {
         "key" : "S6_CMD_WAIT_FOR_SERVICES_MAXTIME",
         "value" : "0"
      },
      {
         "key" : "FTLCONF_LOCAL_IPV4",
         "value" : "0.0.0.0"
      },
      {
         "key" : "FTL_CMD",
         "value" : "no-daemon"
      },
      {
         "key" : "DNSMASQ_USER",
         "value" : "root"
      },
      {
         "key" : "DNSMASQ_LISTENING",
         "value" : "local"
      },
      {
         "key" : "WEB_PORT",
         "value" : "8080"
      },
      {
         "key" : "WEBPASSWORD",
         "value" : "PiHoleDockPass"
      },
      {
         "key" : "WEB_BIND_ADDR",
         "value" : "192.168.1.250"
      },
      {
         "key" : "TZ",
         "value" : "America/Denver"
      }
   ],
   "exporting" : false,
   "id" : "7a1088ca2a7b667340ea9ad74c4e5f559f6766cc8b050a2342936038a546c72b",
   "image" : "pihole/pihole",
   "is_ddsm" : false,
   "is_package" : false,
   "labels" : {
      "org.opencontainers.image.created" : "2023-05-30T18:51:05.660Z",
      "org.opencontainers.image.description" : "Pi-hole in a docker container",
      "org.opencontainers.image.licenses" : "",
      "org.opencontainers.image.revision" : "37bd3d2f0f9321211d9370fc96b7d06325cee887",
      "org.opencontainers.image.source" : "https://github.com/pi-hole/docker-pi-hole",
      "org.opencontainers.image.title" : "docker-pi-hole",
      "org.opencontainers.image.url" : "https://github.com/pi-hole/docker-pi-hole",
      "org.opencontainers.image.version" : "2023.05.2"
   },
   "links" : [],
   "memory_limit" : 0,
   "name" : "pihole",
   "network" : [
      {
         "driver" : "host",
         "name" : "host"
      }
   ],
   "network_mode" : "host",
   "port_bindings" : [],
   "privileged" : false,
   "shortcut" : {
      "enable_shortcut" : false,
      "enable_status_page" : false,
      "enable_web_page" : false,
      "web_page_url" : ""
   },
   "use_host_network" : true,
   "version" : 2,
   "volume_bindings" : [
      {
         "host_volume_file" : "/docker/pihole/dnsmasq.d",
         "is_directory" : true,
         "mount_point" : "/etc/dnsmasq.d",
         "type" : "rw"
      },
      {
         "host_volume_file" : "/docker/pihole/pihole",
         "is_directory" : true,
         "mount_point" : "/etc/pihole",
         "type" : "rw"
      }
   ]
}

Let me know if there is anything else I can gather or try to be of use.

Hmm, that seems like a left-over from the time when Pi-hole supported showing an HTTP error page for blocked domains. That block page has since been removed (about a year ago), but that message is a genuine Pi-hole one.
By itself, that message doesn't constitute an error.

How did you try to access Pi-hole's UI?
Please share the full URL you are using.

I'm not familiar with DSM's Container Manager, but it seems you have opted to fill WEB_BIND_ADDR in favour of the recommended FTLCONF_LOCAL_IPV4.

Did you try to set FTLCONF_LOCAL_IPV4 instead?

Hi @Bucking_Horn,

I am attempting to connect to the admin interface via:
http://192.168.1.250:8080/admin
Request times out.

I have attempted to configure FTLCONF_LOCAL_IPV4 just now in response to your suggestions. Initially, FTLCONF_LOCAL_IPV4 was set to 0.0.0.0 and WEB_BIND_ADDR was 192.168.1.250. I tested with FTLCONF_LOCAL_IPV4 set to that address with WEB_BIND_ADDR defined or undefined, and, stopping and re-starting the service in each instance, I was still unable to access the admin page.

Additionally, this was generated in the startup logs:

[i] WARNING: running in host network mode forces lighttpd's bind address to $FTLCONF_LOCAL_IPV4 (192.168.1.250).
[i] This behaviour is deprecated and will be removed in a future version. If your installation depends on a custom bind address (not 0.0.0.0) you should set the $WEB_BIND_ADDR environment variable to the desired value.

Also of note, all three of the above tutorials called for defining WEB_BIND_ADDR as part of the setup. That’s the reason why I have added it in this last attempt.

One little thing I noticed:

[i] FTL binding to default interface: eth0

The Synology is currently set to use a bonded connection of LAN 1 and LAN 2. It shows as bond0 in ifconfig and that is where the IP address assigned by the router is referenced. I’m not sure if this is relevant.

Thanks again!
James

Can you please generate a new Debug Log? The previous one expired and was deleted.

@rdwebdesign Sure thing!

Here you go:
https://tricorder.pi-hole.net/MlerkMib/

Thanks!

What is the output for this command (running from your host or a different machine on your network)?

curl -I http://192.168.1.250:8080/admin/

Hi @rdwebdesign,

I tested the computer currently in use, and another on the same network.
Both machines returned the following response.

curl -I http://192.168.1.250:8080/admin/
curl: (28) Failed to connect to 192.168.1.250 port 8080 after 75008 ms: Couldn't connect to server

Your computers are not able to connect the the Synology IP, using port 8080.

Are there any firewall rules in place?

Not wanting to interfere with rdwebdesign, following are just a few notes:

I did a quick page search for WEB_BIND_ADDR (but otherwise, didn't read them at all), and it seems only one of your links refers it. Did you perhaps follow other tutorials as well?
You'd have to be careful about applying different configuration approaches with Docker, as simply restarting a container may not be enough to create it from scratch and thus guarantuee that only those settings get applied to it that you've currently set.

In any case, setting pi-hole-FTL's LOCAL_IPV4 serves a purpose different from WEB_BIND_ADDR.
For your dockered Pi-hole, it would return the appropriate IP rather than 0.0.0.0 for pi.hole, allowing you to access Pi-hole's UI via its pi.hole name.

So even if you would require your Pi-hole container's lighttpd to bind only to WEB_BIND_ADDR, it would be recommended to also set FTLCONF_LOCAL_IPV4.
In your specific case using Docker's host network mode driver, setting the latter currently also affects the former (which may change in a future release as noted by the message you've quoted).

@rdwebdesign,

Whelp... another case of good ol’ fashioned user error. Never too bad a flavor of error as it fixes up nicely when discovered.

Yes indeed, I have the firewall in the NAS configured, and I thought I had it set up properly. A rule to permit destination port 53 on all protocols and a rule to permit [the destination port]* on TCP, except when I hopped over from the setup that used port 8888 to the last setup which used port 8080, I did not update the rule to permit port 8080 (or failed to commit it). I set up a rule to permit port 8080 and things failed differently, ultimately resolved by restarting the Synology. Now I can access the Raspberry Pi admin page.

I’ll tag that message as the solution. Not sure of what the community’s desired protocol is on that sort of thing as it was the impetus that got me to review all the firewall settings and find my omission.

Thank you kindly for your assistance.

@Bucking_Horn,

You are correct. My brain mixed that up, too. That other tutorial employed ServerIP.

To be clear with your recommendation, are you suggesting it would be best to update FTLCONF_LOCAL_IPV4 to also point to the NAS (IP for Pi-hole, 192.168.1.250 in this case)? I do recall seeing some references to loading the admin page via a pi.hole address.

Thank you, also, for your assistance here.