Pi-hole im docker mit https

juemuc · April 11, 2021, 2:15pm

Hallo zusammen,
ich benötige einen Tipp. Wie kann ich https für den Zugriff im Docker aktivieren?

Über Volume habe ich das Zertifikat bereitgestellt. Die Einbindung der angepassten Datei lighttpd.conf gelingt mir aber nicht. Was ist hierbei zu beachten?

Viele Grüße
Jürgen

PS: Ich möchte keinen zusätzlichen Proxy nutzen.

DanSchaper · April 11, 2021, 4:57pm

Volume mount external.conf with your changes in to /etc/lighttpd/ in the container.

juemuc · April 15, 2021, 7:46pm

Hi DanSchaper,

please help me with details.

I create the directory lighttpd on synology-volume like "pihole" and "dnsmasq.d"
I create the file external.conf = original "lighttpd.conf" +
"$SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" }
I mount this file additionally (/etc/pihole and /etc/dnsmasq.q available)

It doesn't work. The container stops immediately

please help
Jürgen

DanSchaper · April 15, 2021, 8:40pm

The external.conf should only contain the extra lines, do not duplicate lighttpd.conf. There should be the original lighttpd.conf as is and then the external.conf as an additional file.

MichaIng · April 15, 2021, 10:58pm

Die PEM Datei enthält den Key als auch das Zertifikat mit Chain, richtig? Anders als andere Webserver benötigt Lighttpd alles in einer einzigen Datei, jedenfalls bis v1.4.53 oder wenn ssl.privkey nicht gesetzt ist.

Aber ich denke Dan's Hinweis wird dein Problem lösen.

juemuc · April 16, 2021, 6:40pm

Thanks for your help.

Now there ist the next problem:

Starting lighttpd

2021-04-16 18:15:49: (configfile.c.59) Warning: please add "mod_openssl" to server.modules list in lighttpd.conf. A future release of lighttpd 1.4.x will not automatically load mod_openssl and lighttpd will not use SSL/TLS where your lighttpd.conf contains ssl.* directives

2021-04-16 18:15:49: (network.c.313) can't bind to socket: 0.0.0.0:443 Address already in use

Stopping lighttpd

lighttpd: no process found

I have no idea to solve the problem. Port-mapping ist not possible "host-mode".

Who can help?
Jürgen

juemuc · April 16, 2021, 7:24pm

Solved
It was so easy.
Only another port in that conf-line:
$SERVER["socket"] == ":443"

Jürgen

MichaIng · April 18, 2021, 1:45pm

can't bind to socket: 0.0.0.0:443 Address already in use

Either you have another webserver installed that is listening on port 443 (serving HTTPS) already or you manually started a Lighttpd process.

Only another port in that conf-line:
$SERVER["socket"] == ":443"

You mean you changed that port in the Lighttpd config and your Pi-hole admin interface is reachable via HTTPS? Do you need to add that changed port to the URL? Otherwise a second webserver is running. Only strange would be then that the other webserver does not block port 80, too.

To get an overview about which process is listening on which port:

ss -tulp

The mod_openssl warning can be ignored, but you can mute it by adding server.modules += ("mod_openssl") as first line to your external.conf.

juemuc · April 18, 2021, 3:55pm

Hi Michalng,

port 443 is reserved for "synology-https". For http you can use "WEB_PORT" to define the port. See also pi-hole-docker for synology

Jürgen

system · May 9, 2021, 3:55pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.