Pihole dns works, but some parts of webif broken, fastcgi/php errors

Fresh install, reinstalled also. On armel/kirkwood Debian.

Most parts of webif work correctly, dns blocking works fine, graphs/stats, etc all good.

Broken:

• webif for gravity update (shows no output)
• webif for diagnostics (shows no output)
• odd specific parts... e.g. Temperature choice (C, K, F) shows dropdown menu, can choose F or K, but webif doesn't change it. I actually changed it via CLI to F, but webif shows C still.

Clues:

• php version is 8.2.26; on another similar device (backup/failover pihole) 8.2.24 is still there, and works fine... not sure if there is a problem with 8.2.26, but couldn't see anything in change log that would point to that
• in /var/log/lighttpd/error-pihole.log : 2024-12-08 09:36:23: (mod_fastcgi.c.449) FastCGI-stderr:PHP Warning: Executing sudo pihole -a -c failed. in /var/www/html/admin/scripts/pi-hole/php/func.php on line 173
• I was able to use the command line just fine to change C to F, and also (obviously) to run debug and upload...
• Is there some sort of cache for php/fastcgi that I can delete?
• I suspect that it could be some odd permissions error, but I don't know where to look exactly...

Debug token: https://tricorder.pi-hole.net/X2sS4hfk/

TIA,

Dave

I see an issue with the cgi binary:

   2024-12-08 09:32:41: (gw_backend.c.1583) invalid "bin-path" => "/usr/bin/php-cgi" (check that file exists, is regular file, and is executable by lighttpd)

Can you check sudo which php-cgi and show the contents of the lighttpd configuration for fastcgi sudo can /etc/lighttpd/conf-available/10-fastcgi.conf please? I see an additional 99-unconfigured.conf file in that same conf-available director that does not look familiar to me.

root@PiHole1-B388:/# which php
/usr/bin/php
root@PiHole1-B388:/# file /usr/bin/php-cgi
/usr/bin/php-cgi: symbolic link to /etc/alternatives/php-cgi
root@PiHole1-B388:/# file /etc/alternatives/php-cgi
/etc/alternatives/php-cgi: symbolic link to /usr/bin/php-cgi.default
root@PiHole1-B388:/# file /usr/bin/php-cgi.default 
/usr/bin/php-cgi.default: symbolic link to php-cgi8.2
root@PiHole1-B388:/# file /usr/bin/php-cgi8.2 
/usr/bin/php-cgi8.2: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, BuildID[sha1]=833e3b42306ca87603aee567637c9109cf1c5845, for GNU/Linux 3.2.0, stripped
root@PiHole1-B388:/# ll /usr/bin/php-cgi8.2
-rwxr-xr-x 1 root root 4359960 Nov 25 11:21 /usr/bin/php-cgi8.2

root@PiHole1-B388:/# cat /etc/lighttpd/conf-available/10-fastcgi.conf
# /usr/share/doc/lighttpd/fastcgi.txt.gz
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions#mod_fastcgi-fastcgi

server.modules += ( "mod_fastcgi" )

root@PiHole1-B388:/# cat /etc/lighttpd/conf-available/99-unconfigured.conf 
# override prior index-file.name directive
# to fall back to default index.lighttpd.html
index-file.names := ( "index.php", "index.html", "index.lighttpd.html" )

Do you see any error messages in your browser console (Devtools) when you access these pages?

Thanks @DanSchaper @rdwebdesign for ideas. None. Tried a different browser, same behavior. Leaning towards a hardware (SSD fault) problem.

Will post back after I've check into that possibility in more depth.

This is possible.

What is the output of ls -la /run/lighttpd on your system?

root@PiHole1-B388:/etc# ls -la /run/lighttpd
total 0
drwxr-x---  2 www-data www-data  60 Dec  8 16:41 .
drwxr-xr-x 17 root     root     760 Dec 31  1969 ..
srwxr-xr-x  1 www-data www-data   0 Dec  8 16:41 pihole-php-fastcgi.socket-0

With a freshly formatted SSD, using a fresh tarball of the rootfs that I've used from the last few years (Debian Bookworm armel), I reproduced the exact same error.

For now, I'm leaving it as is. All the CLI operations seem to work just fine, but something between the webif and fastcgi seems to be borked.

If Pihole 6 does come out, any php considerations would probably be moot... I've searched for some mention of "armel", "debian", "php8.2.26-1", "pihole", but I've not come up with anything.

At this point I'll probably also try to debootstrap a Debian "Trixy" image and give that a go. Not sure what else to try...

Some hints/tips (on my Raspi though):

$ readlink -f /usr/bin/php-cgi
/usr/bin/php-cgi7.3

$ dpkg -S bin/php-cgi7.3
php7.3-cgi: /usr/bin/php-cgi7.3

$ update-alternatives --display php-cgi
php-cgi - auto mode
  link best version is /usr/bin/php-cgi7.3
  link currently points to /usr/bin/php-cgi7.3
  link php-cgi is /usr/bin/php-cgi
  slave php-cgi.1.gz is /usr/share/man/man1/php-cgi.1.gz
/usr/bin/php-cgi7.3 - priority 73
  slave php-cgi.1.gz: /usr/share/man/man1/php-cgi7.3.1.gz

You can set/configure alternatives with below if there are any:

sudo update-alternatives --config php-cgi

Also check the man page eg:

man update-alternatives

What do below three show?

stat /usr/bin/php-cgi8.2

ps -o uid,user,gid,group,pid,cmd -C lighttpd

sudo -u www-data /usr/bin/php-cgi --version

root@PiHole1-B388:~# stat /usr/bin/php-cgi8.2
  File: /usr/bin/php-cgi8.2
  Size: 4359960   	Blocks: 8544       IO Block: 4096   regular file
Device: 8,1	Inode: 467091      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-12-08 16:19:47.000000000 -0600
Modify: 2024-11-25 11:21:51.000000000 -0600
Change: 2024-12-08 16:20:02.163888876 -0600
 Birth: 2024-12-08 16:20:00.353649713 -0600


root@PiHole1-B388:~# ps -o uid,user,gid,group,pid,cmd -C lighttpd
  UID USER       GID GROUP      PID CMD
   33 www-data    33 www-data  1209 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf



root@PiHole1-B388:~# sudo -u www-data /usr/bin/php-cgi --version
PHP 8.2.26 (cgi-fcgi) (built: Nov 25 2024 17:21:51)
Copyright (c) The PHP Group
Zend Engine v4.2.26, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.26, Copyright (c), by Zend Technologies

It looks like 7.3 is from Bullseye, not available in Bookworm. Also, the "sister" pihole server is running php8.2.24, and it works correctly. I don't want to get into the whole thing of apt-pinning or and alternate source... gonna let this as is for now. Thanks.

$ hostnamectl
[..]
  Operating System: Raspbian GNU/Linux 10 (buster)

Output looks good.
No idea whats bugging your setup.

Ja...bedankt.

I went further on this today... reinstalled again twice...

• fresh Bookworm install; same result; upgraded to Trixie, same result
• fresh Bullseye install; same result...

My suspicion now is that the problem lies w/ a recent security fix or update which breaks something in Armel php.

At least now I have a stable pihole back, even if it the webif isn't 100% working. Still very usable.

And a good reason to look forward to Version 6.

Maybe those distro's apply Selinux or Apparmor which might bug your setup?

That's a good idea, but apparmor/SE are not applied/present on these boxes.

They are running armel (Kirkwood SoC) Debian - 32 bit ARM. This SoC was popular 15 years ago - draws only about 3-5 watts, so they are great for embedded applications. Downside is that they are no longer made - fewer and fewer people use them, so they not as well supported/tested as they used to be.

Probably time for me to get a 5-10$ raspberry pi 64bit look-alike and try out one of those. More modern means often better supported/tested.

Kirkwood armel... Is this on a PogoPlug?

Exactly... it has been very reliable for about 12 years if my count/memory is correct...

Why not give it a try?
V6 is dropping the lighttpd/php dependency anyway in favor of a web deamon (Civitweb) embedded in the pihole-FTL binary itself:

$ sudo ss -nltup | grep pihole-FTL
udp   UNCONN 0      0            0.0.0.0:53        0.0.0.0:*    users:(("pihole-FTL",pid=1880538,fd=20))
udp   UNCONN 0      0            0.0.0.0:123       0.0.0.0:*    users:(("pihole-FTL",pid=1880538,fd=40))
udp   UNCONN 0      0               [::]:53           [::]:*    users:(("pihole-FTL",pid=1880538,fd=22))
udp   UNCONN 0      0               [::]:123          [::]:*    users:(("pihole-FTL",pid=1880538,fd=41))
tcp   LISTEN 0      200          0.0.0.0:443       0.0.0.0:*    users:(("pihole-FTL",pid=1880538,fd=37))
tcp   LISTEN 0      32           0.0.0.0:53        0.0.0.0:*    users:(("pihole-FTL",pid=1880538,fd=21))
tcp   LISTEN 0      200          0.0.0.0:80        0.0.0.0:*    users:(("pihole-FTL",pid=1880538,fd=33))
tcp   LISTEN 0      200             [::]:443          [::]:*    users:(("pihole-FTL",pid=1880538,fd=38))
tcp   LISTEN 0      32              [::]:53           [::]:*    users:(("pihole-FTL",pid=1880538,fd=23))
tcp   LISTEN 0      200             [::]:80           [::]:*    users:(("pihole-FTL",pid=1880538,fd=36))

After you've installed v5 and before switching to the v6 development branch (checkout), dont forget to disable and stop lighttpd first with below if you dont use it for anything else:

sudo systemctl disable --now lighttpd.service

If not, lighttpd will keep on running after the switch and the pihole-FTL daemon will be configured to listen on port 8080 for HTTP instead of 80 where lighttpd will still be listening!

Am not sure if pihole checkout development is sufficient to switch.
But am sure @DanSchaper can tell

EDIT: Oh blast, after typing above, I realised there is no armel pre-compiled binary available for your Pogo:

If you are capable of compiling yourself, V6 works great on the PogoPlug Pro. I know there are at least 2 of us on here that have had success with it.

@bluzfanmr1 , two question for you ... please...

1. did you compile it natively (on your PogoPlug Pro), which is IIRC oxnas?
2. How much memory does it require to run (my pogoplug v2 has 256MB)

@deHakkelaar : Is there any "Cross Toolchain of Choice" used by the armel community here?

1. Correct, I compiled it on my Pogoplug Pro using the instructions @kennywest previously posted in the other thread: https://github.com/pi-hole/docs/blob/release/v6.0/docs/ftldns/compile.md

2. The Pro's only have 128k of memory so make sure you have created a swap file. I have a 2GB swap file on the SSD.

Like I said, it takes a bit over 2 hours, which I don't mind by letting it run while I'm doing other stuff.