Pi Hole dashboard not coming up

Help
1

I am running Pi Hole on Raspberry Pi 4. It was working perfectly. I tried to install Unbound. I thought I got it installed correctly. Now the dashboard is not accessible. I uninstalled Unbound, but that did not fix it. I am using Tailscale on my network (Synology NAS, etc.) So I tried installing Tailscale, but that made no difference.

Expected Behaviour:

The admin dashboard page is not coming up in the browser. I get a 403 error
pi hole version:
Core version is v6.0.4 (Latest: N/A)
Web version is v6.0.1 (Latest: N/A)
FTL version is v6.0.3 (Latest: N/A)

OS version:
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="Debian -- User Support"
BUG_REPORT_URL="https://bugs.debian.org/"

Actual Behaviour:

When i try to hit the url http://<ip_address>/admin, I eventually get a 403 Forbidden error.

Debug Token:

I have the token in a file. I am a hesitant to post it here because it contains sensitive information. Tell me which portion is needed to diagnosis the problem. I'll gladly post what is needed.

2

The token URL contains no sensitive information. The token leads to your unique debug log on our server, which is accessible for only 48 hours and only by 9 people on this planet.

Any sensitive information stays with your debug log and dies a natural death after 48 hours.

2 Likes
3

Just post the URL token here. Never post the full file.

Steps to generate a debug Token.

  • Execute pihole -d.
  • When Pi-hole asks you to upload the file, you answer "Y" (the file will be sent to a secure server).
  • Then you will receive a token like this: https://tricorder.pi-hole.net/Abc123yZ.
  • post only the token here.
1 Like
4

Thanks for explain it to me. I have a question, should pihole -d require sudo? Because mine does require sudo.

I got this error when I tried to upload the pihole -d output:

[?] Would you like to upload the log? [y/N] y
* Using curl for transmission.
* curl failed, contact Pi-hole support for assistance.
* Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net

[βœ—] There was an error uploading your debug log.

  • Please try again or contact the Pi-hole team for assistance.
  • A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log

OK. I turned off Tailscale and tried again. Here is my token:
https://tricorder.pi-hole.net/GeOOTXfz/

5

Yes, starting in V6.

6

Lighttpd is running on port 80, preventing FTL from binding to that port:

[βœ—] tcp:0.0.0.0:80 is in use by lighttpd (https://docs.pi-hole.net/main/prerequisites/#ports)
[βœ—] tcp:[::]:80 is in use by lighttpd (https://docs.pi-hole.net/main/prerequisites/#ports)

FTL is running on port 443, since that port is vacant. You can access your Pi-hole web admin GUI at the following URL:

https://192.168.1.253/admin

If you want FTL on port 80, stop and disable lighttpd and restart FTL.

You have FTL configured as follows in file /etc/pihole/pihole.toml - the default settings.

  # Ports to be used by the webserver.
  # Comma-separated list of ports to listen on. It is possible to specify an IP address
  # to bind to. In this case, an IP address and a colon must be prepended to the port
  # number. For example, to bind to the loopback interface on port 80 (IPv4) and to all
  # interfaces port 8080 (IPv4), use "127.0.0.1:80,8080". "[::]:80" can be used to
  # listen to IPv6 connections to port 80. IPv6 addresses of network interfaces can be
  # specified as well, e.g. "[::1]:80" for the IPv6 loopback interface. [::]:80 will
  # bind to port 80 IPv6 only.
  # In order to use port 80 for all interfaces, both IPv4 and IPv6, use either the
  # configuration "80,[::]:80" (create one socket for IPv4 and one for IPv6 only), or
  # "+80" (create one socket for both, IPv4 and IPv6). The '+' notation to use IPv4 and
  # IPv6 will only work if no network interface is specified. Depending on your
  # operating system version and IPv6 network environment, some configurations might not
  # work as expected, so you have to test to find the configuration most suitable for
  # your needs. In case "+80" does not work for your environment, you need to use
  # "80,[::]:80".
  # If the port is TLS/SSL, a letter 's' (secure) must be appended, for example,
  # "80,443s" will open port 80 and port 443, and connections on port 443 will be
  # encrypted. For non-encrypted ports, it is allowed to append letter 'r' (as in
  # redirect). Redirected ports will redirect all their traffic to the first configured
  # SSL port. For example, if webserver.port is "80r,443s", then all HTTP traffic coming
  # at port 80 will be redirected to HTTPS port 443.
  # When specifying 'o' (optional) behind a port, inability to use this port is not
  # considered an error. For instance, specifying "80o,8080o" will allow the webserver
  # to listen on either 80, 8080, both or even none of the two ports. This flag may be
  # combined with 'r' and 's' like "80or,443os,8080,4443s" (80 redirecting to SSL if
  # available, 443 encrypted if available, 8080 mandatory and unencrypted, 4443
  # mandatory and encrypted).
  # If this value is not set (empty string), the web server will not be started and,
  # hence, the API will not be available.
  #
  # Possible values are:
  #     comma-separated list of <[ip_address:]port>
 port = "80o,443os,[::]:80o,[::]:443os"

You can also move FTL to another http port (8080, for example) if you intend to use lighttpd for other purposes.

7

Thanks for the detailed reply. It’s a little confusing to me. What is the best configuration?

8

We can't choose... this is a personal choice and it varies from user to user.

My suggestion is:

  • If you are not using lighttpd for other services, stop and disable lighttpd and restart FTL.
1 Like
9

I understand. Thanks for all your help

10

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.