Setup
- Raspberry image: nextcloudp
- running pihole as docker container with reverse proxy configured
Behavior
- Web Interface is down (site could not be found)
- DNS queries are resolved
- Ads are not blocked
Pihole container restarts every 5 minutes after working normally for about a week. DNS works but Ads pihole seems not to block ads anymore. After fresh installation debug log showed that lighttpd and FTL daemons weren not running but everything including the web interface worked properly. In the latest debug log it says additionally : 172.17.0.2/16 does not match the IP found in /etc/pihole/setupVars.conf which was not there before.
I used the following command to start and run the docker container:
docker run -d
--name pihole
-p 53:53/tcp
-p 53:53/udp
-p 67:67/udp
-p 88:80
-p 8080:443
-e PUID=1000 -e PGID=1000
-e TZ=Europe/Berlin
-v /mnt/pihole/pihole/:/etc/pihole/
-v /mnt/pihole/dnsmasq.d/:/etc/dnsmasq.d/
-e 46.182.19.48
-e 91.239.100.100
--restart=unless-stopped
pihole/pihole:latest
I had to configure a reverse proxy because nextcloud is running on the same raspberry pi
and is occupying the ports. Everything works fine for about a week and then pihole crashes and keeps
restarting.
Any help appreciated.
Debug log:
*** [ INITIALIZING ]
[i] 2021-01-09:15:23:31 debug log has been initialized.
*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...
*** [ DIAGNOSING ]: Core version
[i] Core: v5.2.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin https://github.com/pi-hole/pi-hole.git (fetch)
origin https://github.com/pi-hole/pi-hole.git (push)
[i] Branch: master
[i] Commit: v5.2.2-0-g41bdb741
*** [ DIAGNOSING ]: Web version
[i] Web: v5.2.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin https://github.com/pi-hole/AdminLTE.git (fetch)
origin https://github.com/pi-hole/AdminLTE.git (push)
[i] Branch: master
[i] Commit: v5.2.2-0-g780dff0e
*** [ DIAGNOSING ]: FTL version
[✓] FTL: v5.3.4
*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.53
*** [ DIAGNOSING ]: php version
[i] 7.3.19
*** [ DIAGNOSING ]: Operating system
[i] dig return code: 10
[i] dig response: dig: couldn't get address for 'ns1.pi-hole.net': failure
[✗] Distro: Debian
[✗] Error: Debian is not a supported distro (https://docs.pi-hole.net/main/prerequisites/)
*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected
*** [ DIAGNOSING ]: FirewallD
[✓] Firewalld service not detected
*** [ DIAGNOSING ]: Processor
[✓] aarch64
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
172.17.0.2/16 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
[✗] No IPv6 address(es) found on the eth0 interface.
[i] Default IPv4 gateway: 172.17.0.1
* Pinging 172.17.0.1...
[✓] Gateway responded.
*** [ DIAGNOSING ]: Ports in use
[53] is in use by pihole-FTL
[53] is in use by pihole-FTL
[4711] is in use by pihole-FTL
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] sexzpornm.ocry.com is via localhost (127.0.0.1)
[✓] sexzpornm.ocry.com is via Pi-hole (0.0.0.0)
[✓] doubleclick.com is 172.217.18.110 via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds
DHCP packets received on interface eth0: 0
DHCP packets received on interface lo: 0
*** [ DIAGNOSING ]: Pi-hole processes
[✗] lighttpd daemon is inactive
[✗] pihole-FTL daemon is inactive
*** [ DIAGNOSING ]: Pi-hole-FTL full status
[i] systemctl: command not found
*** [ DIAGNOSING ]: Setup variables
BLOCKING_ENABLED=true
ADMIN_EMAIL=
WEBUIBOXEDLAYOUT=boxed
WEBTHEME=default-dark
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=208.67.222.222
PIHOLE_DNS_2=208.67.220.220
PIHOLE_DNS_3=9.9.9.9
PIHOLE_DNS_4=149.112.112.112
PIHOLE_DNS_5=9.9.9.10
PIHOLE_DNS_6=149.112.112.10
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
REV_SERVER=false
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
IPV4_ADDRESS=0.0.0.0
PIHOLE_INTERFACE=eth0
*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
*** [ DIAGNOSING ]: Gravity List and Database
-rw-rw-r-- 1 pihole pihole 295444480 Jan 8 15:34 /etc/pihole/gravity.db
*** [ DIAGNOSING ]: Info table
property value
-------------------- ----------------------------------------
version 13
updated 1609682333
gravity_count 4455834
Last gravity run finished at: Sun Jan 3 14:58:53 CET 2021
----- First 10 Gravity Domains -----
localhost.localdomain
n2019cov.000webhostapp.com
webmail-who-int.000webhostapp.com
010sec.com
01mspmd5yalky8.com
0byv9mgbn0.com
ns6.0pendns.org
dns.0pengl.com
ios.0pengl.com
0x4fc271.tk
*** [ DIAGNOSING ]: Groups
id enabled name date_added date_modified description
---- ------- -------------------------------------------------- ------------------- ------------------- --------------------------------------------------
0 1 Default 2021-01-03 14:44:55 2021-01-03 14:44:55 The default group
2021-01-08 15:34:44 2021-01-08 15:34:44 Added from Query Log
*** [ DIAGNOSING ]: contents of /etc/pihole
-rw-r--r-- 1 root root 37 Jan 3 14:58 /etc/pihole/local.list
0.0.0.0 8f75b3a36e01
0.0.0.0 pi.hole
-rw-r--r-- 1 pihole pihole 0 Jan 3 14:44 /etc/pihole/pihole-FTL.conf
*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d
-rw-r--r-- 1 root root 1513 Jan 9 15:23 /etc/dnsmasq.d/01-pihole.conf
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
server=208.67.222.222
server=208.67.220.220
server=9.9.9.9
server=149.112.112.112
server=9.9.9.10
server=149.112.112.10
domain-needed
expand-hosts
bogus-priv
interface=eth0
server=/use-application-dns.net/
*** [ DIAGNOSING ]: contents of /etc/lighttpd
-rw-r--r-- 1 root root 0 Jan 9 15:23 /etc/lighttpd/external.conf
-rw-r--r-- 1 root root 4066 Jan 9 15:23 /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_access",
"mod_accesslog",
"mod_auth",
"mod_expire",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
)
server.document-root = "/var/www/html"
server.error-handler-404 = "/pihole/index.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = (
"application/json",
"application/vnd.ms-fontobject",
"application/xml",
"font/eot",
"font/opentype",
"font/otf",
"font/ttf",
"image/bmp",
"image/svg+xml",
"image/vnd.microsoft.icon",
"image/x-icon",
"text/css",
"text/html",
"text/javascript",
"text/plain",
"text/xml"
)
mimetype.assign = (
".ico" => "image/x-icon",
".jpeg" => "image/jpeg",
".jpg" => "image/jpeg",
".png" => "image/png",
".svg" => "image/svg+xml",
".css" => "text/css; charset=utf-8",
".html" => "text/html; charset=utf-8",
".js" => "text/javascript; charset=utf-8",
".json" => "application/json; charset=utf-8",
".map" => "application/json; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
".eot" => "application/vnd.ms-fontobject",
".otf" => "font/otf",
".ttc" => "font/collection",
".ttf" => "font/ttf",
".woff" => "font/woff",
".woff2" => "font/woff2"
)
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
$HTTP["url"] =~ "^/admin/" {
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}
}
$HTTP["url"] =~ "^/admin/\.(.*)" {
url.access-deny = ("")
}
expire.url = ( "" => "access plus 0 seconds" )
include_shell "cat external.conf 2>/dev/null"
*** [ DIAGNOSING ]: contents of /etc/cron.d
-rw-r--r-- 1 root root 1755 Dec 26 16:41 /etc/cron.d/pihole
32 4 * * 7 root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
00 00 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
@reboot root /usr/sbin/logrotate /etc/pihole/logrotate
*/10 * * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
56 19 * * * root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote
@reboot root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote reboot
*** [ DIAGNOSING ]: contents of /var/log/lighttpd
*** [ DIAGNOSING ]: contents of /var/log
-rw-r--r-- 1 pihole pihole 109574 Jan 9 15:23 /var/log/pihole-FTL.log
-----head of pihole-FTL.log------
[2021-01-09 14:33:32.350 358M] ########## FTL started! ##########
[2021-01-09 14:33:32.350 358M] FTL branch: master
[2021-01-09 14:33:32.351 358M] FTL version: v5.3.4
[2021-01-09 14:33:32.351 358M] FTL commit: fc3bb0f
[2021-01-09 14:33:32.351 358M] FTL date: 2020-12-25 19:23:09 +0100
[2021-01-09 14:33:32.351 358M] FTL user: root
[2021-01-09 14:33:32.351 358M] Compiled for aarch64 (compiled on CI) using aarch64-linux-gnu-gcc (Debian 6.3.0-18) 6.3.0 20170516
[2021-01-09 14:33:32.351 358M] Starting config file parsing (/etc/pihole/pihole-FTL.conf)
[2021-01-09 14:33:32.351 358M] SOCKET_LISTENING: only local
[2021-01-09 14:33:32.351 358M] AAAA_QUERY_ANALYSIS: Show AAAA queries
[2021-01-09 14:33:32.351 358M] MAXDBDAYS: max age for stored queries is 365 days
[2021-01-09 14:33:32.351 358M] RESOLVE_IPV6: Resolve IPv6 addresses
[2021-01-09 14:33:32.351 358M] RESOLVE_IPV4: Resolve IPv4 addresses
[2021-01-09 14:33:32.351 358M] DBINTERVAL: saving to DB file every minute
[2021-01-09 14:33:32.351 358M] DBFILE: Using /etc/pihole/pihole-FTL.db
[2021-01-09 14:33:32.351 358M] MAXLOGAGE: Importing up to 24.0 hours of log data
[2021-01-09 14:33:32.351 358M] PRIVACYLEVEL: Set to 0
[2021-01-09 14:33:32.351 358M] IGNORE_LOCALHOST: Show queries from localhost
[2021-01-09 14:33:32.351 358M] BLOCKINGMODE: Null IPs for blocked domains
[2021-01-09 14:33:32.352 358M] ANALYZE_ONLY_A_AND_AAAA: Disabled. Analyzing all queries
[2021-01-09 14:33:32.352 358M] DBIMPORT: Importing history from database
[2021-01-09 14:33:32.352 358M] PIDFILE: Using /run/pihole-FTL.pid
[2021-01-09 14:33:32.352 358M] PORTFILE: Using /run/pihole-FTL.port
[2021-01-09 14:33:32.352 358M] SOCKETFILE: Using /run/pihole/FTL.sock
[2021-01-09 14:33:32.352 358M] SETUPVARSFILE: Using /etc/pihole/setupVars.conf
[2021-01-09 14:33:32.352 358M] MACVENDORDB: Using /etc/pihole/macvendor.db
[2021-01-09 14:33:32.352 358M] GRAVITYDB: Using /etc/pihole/gravity.db
[2021-01-09 14:33:32.352 358M] PARSE_ARP_CACHE: Active
[2021-01-09 14:33:32.352 358M] CNAME_DEEP_INSPECT: Active
[2021-01-09 14:33:32.352 358M] DELAY_STARTUP: No delay requested.
[2021-01-09 14:33:32.352 358M] BLOCK_ESNI: Enabled, blocking _esni.{blocked domain}
[2021-01-09 14:33:32.353 358M] NICE: Cannot change niceness to -10 (permission denied)
[2021-01-09 14:33:32.353 358M] MAXNETAGE: Removing IP addresses and host names from network table after 365 days
[2021-01-09 14:33:32.353 358M] NAMES_FROM_NETDB: Enabled, trying to get names from network database
[2021-01-09 14:33:32.353 358M] EDNS0_ECS: Overwrite client from ECS information
-----tail of pihole-FTL.log------
[2021-01-09 15:23:41.777 534M] New upstream server: 9.9.9.10:53 (0/512)
[2021-01-09 15:23:41.777 534M] New upstream server: 149.112.112.10:53 (1/512)
[2021-01-09 15:23:41.778 534M] New upstream server: 149.112.112.112:53 (2/512)
[2021-01-09 15:23:41.778 534M] New upstream server: 208.67.222.222:53 (3/512)
[2021-01-09 15:23:41.779 534M] New upstream server: 208.67.220.220:53 (4/512)
[2021-01-09 15:23:41.780 534M] Resizing "FTL-strings" from 4096 to (8192 * 1) == 8192 (/dev/shm: 626.7KB used, 67.1MB total)
[2021-01-09 15:23:41.782 534M] New upstream server: 9.9.9.9:53 (5/512)
[2021-01-09 15:23:41.786 534M] Resizing "FTL-strings" from 8192 to (12288 * 1) == 12288 (/dev/shm: 630.8KB used, 67.1MB total)
[2021-01-09 15:23:41.796 534M] Resizing "FTL-strings" from 12288 to (16384 * 1) == 16384 (/dev/shm: 634.9KB used, 67.1MB total)
[2021-01-09 15:23:41.805 534M] Resizing "FTL-queries" from 262144 to (8192 * 64) == 524288 (/dev/shm: 639.0KB used, 67.1MB total)
[2021-01-09 15:23:41.818 534M] Resizing "FTL-strings" from 16384 to (20480 * 1) == 20480 (/dev/shm: 901.1KB used, 67.1MB total)
[2021-01-09 15:23:41.834 534M] Resizing "FTL-queries" from 524288 to (12288 * 64) == 786432 (/dev/shm: 905.2KB used, 67.1MB total)
[2021-01-09 15:23:41.837 534M] Resizing "FTL-strings" from 20480 to (24576 * 1) == 24576 (/dev/shm: 1.2MB used, 67.1MB total)
[2021-01-09 15:23:41.886 534M] Imported 12032 queries from the long-term database
[2021-01-09 15:23:41.886 534M] -> Total DNS queries: 12032
[2021-01-09 15:23:41.886 534M] -> Cached DNS queries: 2803
[2021-01-09 15:23:41.886 534M] -> Forwarded DNS queries: 5868
[2021-01-09 15:23:41.886 534M] -> Blocked DNS queries: 3016
[2021-01-09 15:23:41.887 534M] -> Unknown DNS queries: 0
[2021-01-09 15:23:41.887 534M] -> Unique domains: 970
[2021-01-09 15:23:41.887 534M] -> Unique clients: 13
[2021-01-09 15:23:41.887 534M] -> Known forward destinations: 6
[2021-01-09 15:23:41.887 534M] Successfully accessed setupVars.conf
[2021-01-09 15:23:41.887 534M] *************************************************************************
[2021-01-09 15:23:41.887 534M] * WARNING: Required Linux capability CAP_NET_ADMIN not available *
[2021-01-09 15:23:41.887 534M] *************************************************************************
[2021-01-09 15:23:41.887 534M] *************************************************************************
[2021-01-09 15:23:41.887 534M] * WARNING: Required Linux capability CAP_SYS_NICE not available *
[2021-01-09 15:23:41.887 534M] *************************************************************************
[2021-01-09 15:23:41.892 536M] PID of FTL process: 536
[2021-01-09 15:23:41.893 536/T537] Listening on port 4711 for incoming IPv4 telnet connections
[2021-01-09 15:23:41.893 536M] INFO: FTL is running as root
[2021-01-09 15:23:41.894 536/T539] Listening on Unix socket
[2021-01-09 15:23:41.894 536M] Reloading DNS cache
[2021-01-09 15:23:41.895 536M] Blocking status is enabled
*** [ DIAGNOSING ]: contents of /dev/shm
-rw------- 1 root root 176128 Jan 9 15:23 /dev/shm/FTL-clients
-rw------- 1 root root 144 Jan 9 15:23 /dev/shm/FTL-counters
-rw------- 1 root root 4096 Jan 9 15:23 /dev/shm/FTL-dns-cache
-rw------- 1 root root 98304 Jan 9 15:23 /dev/shm/FTL-domains
-rw------- 1 root root 56 Jan 9 15:23 /dev/shm/FTL-lock
-rw------- 1 root root 45056 Jan 9 15:23 /dev/shm/FTL-overTime
-rw------- 1 root root 4096 Jan 9 15:23 /dev/shm/FTL-per-client-regex
-rw------- 1 root root 786432 Jan 9 15:23 /dev/shm/FTL-queries
-rw------- 1 root root 12 Jan 9 15:23 /dev/shm/FTL-settings
-rw------- 1 root root 24576 Jan 9 15:23 /dev/shm/FTL-strings
-rw------- 1 root root 20480 Jan 9 15:23 /dev/shm/FTL-upstreams
*** [ DIAGNOSING ]: Pi-hole diagnosis messages
*** [ DIAGNOSING ]: Locale
LANG=
*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 380166 Jan 9 15:24 /var/log/pihole.log
-----head of pihole.log------
Jan 9 14:33:32 dnsmasq[360]: started, version pi-hole-2.82 cachesize 10000
Jan 9 14:33:32 dnsmasq[360]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify dumpfile
Jan 9 14:33:32 dnsmasq[360]: using only locally-known addresses for domain use-application-dns.net
Jan 9 14:33:32 dnsmasq[360]: using nameserver 149.112.112.10#53
Jan 9 14:33:32 dnsmasq[360]: using nameserver 9.9.9.10#53
Jan 9 14:33:32 dnsmasq[360]: using nameserver 149.112.112.112#53
Jan 9 14:33:32 dnsmasq[360]: using nameserver 9.9.9.9#53
Jan 9 14:33:32 dnsmasq[360]: using nameserver 208.67.220.220#53
Jan 9 14:33:32 dnsmasq[360]: using nameserver 208.67.222.222#53
Jan 9 14:33:32 dnsmasq[360]: read /etc/hosts - 7 addresses
Jan 9 14:33:32 dnsmasq[360]: read /etc/pihole/custom.list - 0 addresses
Jan 9 14:33:32 dnsmasq[360]: read /etc/pihole/local.list - 2 addresses
Jan 9 14:33:32 dnsmasq[360]: query[A] xray.mail.ru from 192.168.178.33
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 149.112.112.10
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 9.9.9.10
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 149.112.112.112
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 9.9.9.9
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 208.67.220.220
Jan 9 14:33:32 dnsmasq[360]: forwarded xray.mail.ru to 208.67.222.222
Jan 9 14:33:32 dnsmasq[360]: reply xray.mail.ru is <CNAME>
********************************************
********************************************