The issue I am facing:
I have an external domain e.g. pi.mydomain.com, that I'd like to redirect to the Pi-hole v6 web. I can't get it to work using either lighttpd's mod_proxy or mod_magnet, that is, I can't get lighttpd to work either as a reverse proxy or to display the *.lp (lua) files correctly. I'd like some advice as to which of these techniques is likely to work, or whether I need to look at a different one.
Details about my system:
I'm running Pi-hole v6 under its own webserver, and I also have lighttpd installed successfully running a couple of other external domains of mine. My Pi-hole web displays correctly on a LAN address through port 8080.
What I have changed since installing Pi-hole:
Pi-hole v6 is running successfully on my system both as a DNS and DHCP server.
The solution I've got working is to use lighttpd's mod_proxy. The steps are:
copy /etc/lighttpd/conf-available/10-ssl.conf to /etc/lighttpd/conf-enabled/10-ssl.conf
make sure the contents of 10-ssl.conf are similar to this:
server.modules += ( "mod_proxy" )
$HTTP["host"] == "pi.mydomain.com" {
proxy.balance = "hash"
proxy.server = (
"" => (
"" => (
# host is the LAN IP of pihole
"host" => "192.168.100.97",
"port" => "8080"
)
)
)
}
ensure that webserver.port under All Settings -> Webserver and API is set to 8080 and not 80.
The only negative in this solution is that I can't navigate to pi.mydomain.com to see pihole's web interface—like pihole's domain itself, I have to use pi.mydomain.com/admin.
The reason I want to access the web interface of my pihole installation is to be able to monitor traffic on my LAN when I am outside of it.
I am not exposing any of pihole's network control functionality—DNS and DHCP—outside of my LAN, as I have those ports blocked on my external-facing network interface. Although a malicious actor could conceivably break the password-based security of the web interface, damage to the infrastructure on which my pihole runs would be limited.
Although a malicious actor could conceivably break the password-based security of the web interface, damage to the infrastructure on which my pihole runs would be limited.
As long as you understand the risks with exposing the webui to the internet.
The reason I want to access the web interface of my pihole installation is to be able to monitor traffic on my LAN when I am outside of it.
This is what VPNs are designed to accomplish, while being infinitely more secure. I would recommend something like tailscale or wireguard to connect to your LAN from the internet.
This is what VPNs are designed to accomplish, while being infinitely more secure. I would recommend something like tailscale or wireguard to connect to your LAN from the internet.
Not sure that VPNs were designed to accomplish being able to monitor traffic on my LAN using a web interface, but I do understand what you mean. Thank you for your advice.
