Pihole & reverse proxy caddy for https

Does anyone out there host pihole on a vps and to user caddy to reverse proxy from lighttpd to get the admin panel with https?

I slightly changed the config provided in the guide provided above. It reverse proxies it out to pihole.domain.xx
If so, did anyone figure out any bugs? It seems like if a domain is on a blocklist, the page where you could whitelist it doesn't load up. Instead I get a problem with the certificates provided by caddy (letsencrypt).

Caddy binds to port 80, 443 and reverse proxies internally 1080 (the port is closed in ufw, so that you can't visit domain.xx/admin).

Expected Behaviour:

Redirect to admin page where you could whitelist a website with password.
Gets me 404 Error obviously from caddy; as it means this site isnt served on this server.

Actual Behaviour:

Wrong certificate error, wich shows mine provided by caddy using lets encrypt.

Debug Token:

8l2q0o4qma

Do you mean the block page ?
Thats generated by the 404 error handler in the lighttpd web daemon:

pi@noads:~ $ cat /etc/lighttpd/lighttpd.conf
server.document-root        = "/var/www/html"
server.error-handler-404    = "pihole/index.php"

Could try configure caddy to do the same ?

Blocked domains through https wont get the block page displayed:

1 Like

See also:

2 Likes

Thank you for your suggestion.

My Caddyfile looks like:

pihole.xyz.xx {
root /var/www/html

    proxy / localhost:1080/admin {
    transparent
  }
    errors {
    404 /pihole/index.php
}
    rewrite {
    ext js
    to index.js
  }
}

The 404 error handle basically seems to change nothing at all.

This is the error I get, with and without having the 404 error configured:
HTTP:

HTTPS:

I mean now I get that I have to live with that error when sites are served over https.
But I'm curious why http error 404 doesn't change anything.

Maybe I'll try to implement it using lighttpd. I'll try to figure out if its possible to use the certificates used and managed by caddy. But I don't really see much advantages of doing it. Looks like I'm best served by sticking with caddy. Its more a cosmetic thing that the error page is working, im fine with it anyways as I know what I'll have to do. @Mcat12

@WaLLy3K wrote the guide, so he might know how to handle that error.

Sad to say that I have no idea how I'd begin to approach this :sweat_smile:

The error is because the client is asking for www.alohatube.com at the IP address handled by Caddy. Since Caddy only knows about pihole.xyz.xx it responds with a generic response that the alohatube.com domain is not known to Caddy, which is true. With that Caddy configuration the only time the /pihole/index.php would be served is if you had a client try to access pihole.xyz.xx/invalidpage.

3 Likes

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.