Details about my system:
Pi-Hole + FRITZ!Box + Unbound combination
What I have changed since installing Pi-hole:
The port for the web admin interface is listening for HTTPS only on port 8443, instead of 80/443.
Installed Baikal + Apache, with address "https://bai.kal" (HTTPS only, in Apache config)
Installed UFW - Pi-Hole DNS is currently running just fine, and traffic is allowed in and out according to the proper rules.
Added bai.kal as a local DNS record to the Pi-Hole (192.168.178.20 bai.kal).
Guest network / VPN tunnels of FRITZ!Box use Pi-Hole as the upstream DNS server
Home network uses Pi-Hole as a DNS distributed via FRITZ!Box DHCP
The issue I am facing:
When I enter my Pi-Hole's local network IP address or Apache web address with port 8443, e.g. https://bai.kal:8443, then the browser lands on the default Apache index.php, located in /var/www/html/index.php
I only want:
https://bai.kal to land on '/var/www/baikal/html/' (as defined in my customized Apache default config file)
https://pi.hole:8443 to land on '/var/www/html/pihole/admin' (Which it does)
I do NOT want:
https://192.168.178.20:8443 (IP of Pi-Hole) to land on '/var/www/html/index.php'
https://bai.kal:8443 to land on '/var/www/html/index.php'
My first idea to fix my problem was to move the Web Admin Interface '/var/www/html/admin' to '/var/www/pihole' with [webserver.paths] in pihole.toml, and keep 000-default.conf of Apache pointing to the index.php file as a fallback for faulty vhosts, but this cannot be done as of now, since it is bugged (see When the webroot is moved from /var/www/html, pihole will not update · Issue #6005 · pi-hole/pi-hole · GitHub).
What confuses me is, that when I connect to the pihole with an address other than https://pi.hole:8443, let's say with address https://bai.kal:8443, The (what I presume is the) built-in Pi-Hole HTTP server does not redirect me to the admin web interface, but instead redirects me to the index.php file stored in the root folder, in which the admin folder of the web interface resides. Same goes for the local network address with port 8443.
When I enter https://pi.hole:8443, it correctly redirects me to https://pi.hole:8443/admin/login.
In my mind, because Pi-Hole has a built in HTTP server dedicated to processing web requests for the admin web interface, it should only point that traffic towards the admin web interface, not the root directory (/var/www/html) in which the web interface (admin) folder resides, no matter where the traffic is coming from.
Is there a reason behind the current implementation? Is it perhaps inherited from legacy versions, where Pi-Hole used lighttpd to serve its web interface, and traffic coming from other addresses than pi.hole should be pointed to the root folder instead? Or are my insights wrong?
If I am right, my opinion is that all traffic going towards the Pi-Hole HTTP server port should directly point towards the admin panel (/var/www/html/admin/login), no matter from which domain you visit that port.
My question is, is there any way to block HTTP(S) traffic coming from anything but https://pi.hole:8443, or to at least direct that traffic to the admin (login) panel, preferrably with the built-in HTTP server? Or should I wait for the aforementioned bug to be fixed, and then move the admin folder out of /var/www/html?