I've been using Pi-Hole on my home net for a bit over a day and, already, I can't imagine doing without it. Without the flashing neon ad's and popup video frames, public information sites (like weather.com) are usable again. These pages and others, where advertising gets out of control, can bog down a browser. Finally, web browsing is "snappy" again.
In my install, I was forced to redirect port 80 in lighttpd.conf - to port 8888. In my use case, Pi-Hole is running on a Debian Server with Openmediavault (OMV). As it is with many headless designs, OMV takes control of port 80 for it's Web console. (And I even set up a sub-int (eht0:0) with a separate IP, but OMV took control of that address / sub-int as well,
That's unfortunate because, as I understand the errata on Pi-Hole, full blocking is reduced if the console port is changed.
Headless server designs and Web administered servers are on the rise and, generally, their consoles default to port 80. (This is the case with OMV.) So,,,,
I'm not a developer, so I don't know what would be involved in coding / scripting a change. However, it would be really helpful if Pi-Hole could be altered to were its console will answer to a port other than 80, without reducing it's effectiveness.
In any case, thanks for efforts. Pi-Hole is a fine program / app. I wish I would have known about it years ago.
Unlike many applications, Pi-hole actually needs port 80 and there's little we can do to change that. When resolving DNS queries, Pi-hole can only change the IP address the device connects to, not the port. So Pi-hole is unable to change the port a device tries to connect to. Since websites are hosted on ports 80 and 443, Pi-hole has to be able to reply on at least port 80 (because 443 just requires us to close the connection due to not having a valid ssl cert). You can set Pi-hole up to work on a virtual interface (eth0:0) and reconfigure Pi-hole to use that IP, but it still needs port 80.
Since my last post - in support of my use case, a Web admin'ed server using port 80 for the console:
I found a solution that dedicates a separate IP address and all of its ports to Pi-Hole. I'm running Debian Jessie X64 so I set up Docker and used this image -> Docker - Pi-Hole
It took a bit of extra configuring, with recommend environment variables (setting: ServerIP {address}, WEBPASSWORD {password}) and I nailed down ports 80 and 53 in arguments. (If port 443 is required as well, please advise. I'm planning to write a "how-to" for the OMV forum.)
The creation of a Docker macvlan, for my home network's sub-net, was needed to use a non-server IP address.
In the bottom line, I figured it out and I'm a Linux NOOB.
In any case, Mcat12, my hat's off to you and your fellow developers. While the concept seems simple enough (after thoroughly explained, of course), the implementation is a nicely polished piece of work. It's a value added feature for my server and the security of my network, while greatly improving the client web surfing experience,.
Port 443 is only used by HTTPS traffic, which we can't really handle because that would require us to have a valid certificate for every blocked domain (HTTPS prevents us from showing content without the authorization for that domain). So in the name of making web sites load fast, it's best if traffic to port 443 is just rejected via IP tables (if there is not already a valid https enabled site on that port).
Oops, missed this bit.
You have to bind OMV to listen to the primary IP address only, similar as above howto binds lighttpd and dnsmasq to the secondary IP address.
Perhaps there's a way to do it (bind OMV to eth0 only) but if there is, I didn't hear anything on the OMV forum In any case, it's probably best to run it this way. The Debian server is in control, with Pi-Hole running in a container. Both are working fine, and everything works as it should.
My wife and I are loving the relief from the ad's and protection from site redirects (to potential malware locations). At this point, it's hard to imagine not having Pi-Hole.
Back in the day, we said; "If it works, don't fix it."
(But I'm an old crimundgeon and things change.)
In any case, I can't help being amazed at the work in the open source community, and in projects like Pi-Hole. And, by extension, of the patience and dedication Dev's/Mod's like yourself display when dealing with NOOB's on a forum. (Umm,, like me... :- )
While I know there are unreasonable NOOB's (and even a Dev here and there), let me say thanks for what you do. My wife and I are very happy with your product.
Your right, dont fix is the right phrase.
Was confusing with the other one "dont touch, dont look at it and dont mention" as to not jinx working systems.
I agree and am amazed too about all the work being done in the open source community.
Cant thank them enough!
And everyone was a n00b at some stage.
I consider myself being a n00b plus