Please follow the below template, it will help us to help you!
Expected Behaviour:
The pihole admin screen in Chrome
Actual Behaviour:
establishing secure connection ... ERR_TIMED_OUT
The pihole admin screen in Chrome
establishing secure connection ... ERR_TIMED_OUT
nginx
is not a supported webserver.
You can search Discourse for community supported solutions that may assist you.
*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 24 Apr 2020 00:25:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: <redacted>
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Public-Key-Pins: pin-sha256="EUHOVJ+d40agKdy64LJNDF9y8cr0mTkwW+eKWSZATa0="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="; pin-sha256="CfyancXuwYEHYRX3mmLJI3NFW6E8cydaCGS1D9wGhT4="; max-age=86400; includeSubDomains; report-uri="https://reyskywalker.report-uri.com/r/d/csp/reportOnly"
Feature-Policy: fullscreen 'none'; microphone 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; camera 'none'; speaker 'none';
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; font-src 'self'; object-src 'none'; connect-src 'self'; form-action 'self'; style-src-elem 'self'; upgrade-insecure-requests; report-uri https://reyskywalker.report-uri.com/r/d/csp/reportOnly;
X-Permitted-Cross-Domain-Policies: master-only
Expect-CT: max-age=0
Pragma: no-cache
Cache-Control: no-cache
Allow: GET, POST, HEAD
Set-Cookie: __Host-sess=123; path=/; Secure; HttpOnly; SameSite=Strict;
[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 24 Apr 2020 00:25:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: <redacted>
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Public-Key-Pins: pin-sha256="EUHOVJ+d40agKdy64LJNDF9y8cr0mTkwW+eKWSZATa0="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="; pin-sha256="CfyancXuwYEHYRX3mmLJI3NFW6E8cydaCGS1D9wGhT4="; max-age=86400; includeSubDomains; report-uri="https://reyskywalker.report-uri.com/r/d/csp/reportOnly"
Feature-Policy: fullscreen 'none'; microphone 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; camera 'none'; speaker 'none';
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; font-src 'self'; object-src 'none'; connect-src 'self'; form-action 'self'; style-src-elem 'self'; upgrade-insecure-requests; report-uri https://reyskywalker.report-uri.com/r/d/csp/reportOnly;
X-Permitted-Cross-Domain-Policies: master-only
Expect-CT: max-age=0
Pragma: no-cache
Cache-Control: no-cache
Allow: GET, POST, HEAD
Set-Cookie: __Host-sess=123; path=/; Secure; HttpOnly; SameSite=Strict;
Side Note: Conditional Forwarding to a domain that exists on the internet will cause you problems unless you know exactly why and how you are doing it.
any more progress on this?
I've stopped the nginx service and the timeout still occurs. It works with http, just not https.
thanks
Send a new debug token after you've reenabled lighttpd
.
What blocking mode are you using? Have you adjusted your firewall for port 443 if you are not using the default mode? See the HTTPS section on the link below.
The only way to have nginx and Pi-hole on the same server is to have lighttpd installed but configured to a different port (other than 80) and an nginx rule for the IP/name of the server forward the request to the lighttpd port.
That way, you can keep all the other nginx rules/forwards and have Pi-hole web interface on the same server.
One thing to keep in mind. An update of Pi-hole, will overwrite the edited lighttpd.conf file.
It will restore port 80 and then, it will fail to start (lighttpd or maybe after a reboot, nginx, as they will fight for 80).
Dan,
-- works over http
-- https://tricorder.pi-hole.net/8lx2njr96o
The pihole admin screen in Chrome
establishing secure connection … ERR_TIMED_OUT
hope you can provide some thoughts
thanks
Check the guide you used for TLS configuration:
-rwxr-x--- 1 www-data www-data 535 Apr 26 08:29 /var/log/lighttpd/error.log
2020-04-26 08:26:24: (log.c.217) server started
2020-04-26 08:26:24: (server.c.1295) WARNING: unknown config-key: alias.url (ignored)
2020-04-26 08:27:58: (server.c.1828) server stopped by UID = 0 PID = 1
2020-04-26 08:29:06: (log.c.217) server started
2020-04-26 08:29:06: (server.c.1295) WARNING: unknown config-key: alias.url (ignored)
2020-04-26 08:29:06: (server.c.1295) WARNING: unknown config-key: ssl.openssl.ssl-conf-cmd (ignored)
2020-04-26 08:29:06: (server.c.1295) WARNING: unknown config-key: ssl.privkey (ignored)
Best guess is that something in the files you've included is not correct. (Note: Any changes to the lighttpd.conf file will be overwritten on update, making changes like you have is not supported.)
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
curl -Iv https://raspberrypi.lallybroch.com.au:8080
your code produces
include "/etc/lighttpd/conf-enabled/15-fastcgi-php.conf"
include "/etc/lighttpd/conf-enabled/10-fastcgi.conf"
include "/etc/lighttpd/conf-enabled/90-javascript-alias.conf"
do i add the find into lighttpd.conf?
thank you
The code I copied was from your lighttpd.conf file already. I don't know what guide you are following but it's not one that we've done.
*** [ DIAGNOSING ]: contents of /etc/lighttpd
-rw-r--r-- 1 root root 3501 Apr 26 04:51 /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_access",
"mod_accesslog",
"mod_auth",
"mod_expire",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
)
server.document-root = "/var/www/html"
server.error-handler-404 = "/pihole/index.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8080
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
mimetype.assign = ( ".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".html" => "text/html",
".css" => "text/css; charset=utf-8",
".js" => "application/javascript",
".json" => "application/json",
".txt" => "text/plain",
".svg" => "image/svg+xml" )
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
$HTTP["url"] =~ "^/admin/" {
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
$HTTP["url"] =~ ".ttf$" {
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}
}
$HTTP["url"] =~ "^/admin/\.(.*)" {
url.access-deny = ("")
}
include_shell "cat external.conf 2>/dev/null"
Hi Dan,
All non standard code removed from lighttpd.conf.
I've narrowed it down too pihole and SSL.
On entering ...
curl -Iv https://raspberrypi.lallybroch.com.au:8080
TLS errorring and note sure where CAfile: /etc/ssl/certs directory come into it.
Thoughts please?
Thank you once again.
This is beyond what we support. Please see Enabling HTTPS for your Pi-hole Web Interface for community support with SSL/TLS.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.