I have installed an Ubuntu server in a EC2 Instance on AWS.
Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1031-aws x86_64) I previously tried Ubuntu 20.04 and had the exact same issue I am reporting.
I then installed Pi-Hole following instructions from various souces which all showed the same straightforward procedure. I followed just the one link initially, but checked others as i could not get Pi-hole to work.
My problem is that it seems to all install without issue. However once installed I cannot access the web interface. I beileve this is because the ip address that pi-hole has configured is my EC2 private ip address and not the public one. I have attached an Elastic IP address so that the public address is Static.
I have tried rerunning the Pi-Hole install but it does not give the option to change the IP address during this process. It always sets the EC2 private address and not the static public one? I have tried to research the various config files but cannot resolve the issue. I have spent days reading and researching this issue but have not found a solution as yet. I am not sure how much scope there is to change settings given that its running on a EC2 instance.
I can ssh into ubuntu from my machine but i cannot access Pi-hole from anywhere?
The recommended way to access a cloud-based Pi-hole is via a VPN, so only authenticated clients may securely use it.
As you allow direct acccess to your Pi-hole's DNS, you'd be running an open resolver, posing a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
OK, I was not aware of that and the various youtube videos and wriiten sources I have seen all set it up that way? However, I am not looking to bypass any security requirements. So I have removed all inbound rules, as recommended. This now means I am unable to access the EC2 instance myself? There is an AWS default rule that I can use instead. Presumable an AWS rule would be OK to use? I am assuming that AWS would not set a default rule that put their system at risk? Or is the risk purely associated with the Pi-hole server?
Publically exposed hosts are always at risk, so you could consider to allow secure access to all your AWS instance's services via VPN only.
This is your choice, however, as those risks would mainly impact yourself.
But - as explained - the danger of exposing DNS and thus running an open resolver potentially affects many, not just you.
In order to avoid this, you need to close down DNS/port 53 for public access.
Instead, consider a VPN software running side-by-side on your cloud server with your Pi-hole to handle encrypted and authenticated access from clients via public IPs to your Pi-hole's DNS port attached to its private IP address.
For a such a client, you'd have a choice of tunneling all traffic via VPN to Pi-hole, or just DNS requests.
You may refer to Guides|VPN from Pi-holes documentation for related suggestions for some VPN software packages.