bgsmith
February 23, 2025, 12:26am
1
I have been using the Docker Compose Secrets with my V5 pi-hole running in a container. My compose.yaml file has these fragments for example:
environment:
ServerIP: 192.168.110.201
VIRTUAL_HOST: pihole.lan
WEBPASSWORD: pihole_webpasswd
TZ: 'America/Los_Angeles'
secrets:
- pihole_webpasswd
restart: unless-stopped
...
secrets:
pihole_webpasswd:
file: ./pihole_password.txt
This makes secret management simple and reasonable secure.
This no longer works in pi-hole v6. The following fragment, for example, simply uses the secret token (pihole_webpasswd) as the password. Adding support for FTLCONF_webserver_api_password_FILE similar to the prior WEBPASSWORD_FILE would be helpful.
FTLCONF_webserver_api_password: pihole_webpasswd
TZ: 'America/Los_Angeles'
secrets:
- pihole_webpasswd
restart: unless-stopped
...
secrets:
pihole_webpasswd:
file: ./pihole_password.txt
thank you
In your second example, you appear to be missing:
secrets:
- pihole_webpasswd
Is that what it is not working?
(I've never used this method before so forgive me if I sound stupid here...
jfb
February 23, 2025, 12:46am
3
Is another option to change the Docker Compose Secrets script to work with Pi-hole V6?
You can use a .env file to do that:
There is no replacement for WEBPASSWORD_FILE and I'm not sure if the compose file allows to use an external file like you are trying.
Compose files can use .env files to store environment variables.
Try adding a file called .env on the same directory where your compose file is.
Then add something like this in the file:
PASSWORD=My_Password_1234
Now change your compose file to use the variable, like this:
FTLCONF_weserver_api_password: "${PASSWORD}"
bgsmith
February 23, 2025, 3:35pm
6
Good catch. Unfortunately it was my copy and paste error. The lines are in the compose.yaml file. I corrected the original post.
bgsmith
February 23, 2025, 3:36pm
7
Since this is a built-in feature of Compose, I suspect not.
bgsmith
February 23, 2025, 4:49pm
8
Thanks for the link. I will revert to using .env method to set a password that Pi-hole V6 can consume. I have a github repo with my compose file so I do not want to embed the password directly in the yaml file. Using .env is more or less about as secure as using compose secrets capability.
The repo is at: GitHub - buckaroogeek/unifi-pihole-doh-docker: Docker compose yaml file and supporting information that manages several applications on a Synology NAS
bgsmith
February 23, 2025, 7:33pm
9
Many thanks for the PR and merge. I will be testing shortly.
I'm not sure how I managed to merge it, but it wasn't supposed to be - PR reverted because the tests were failing....
However, if you want to try it yourself before it makes it's way back into the development tag, you can clone the repo and test with a local build bef
git clone https://github.com/pi-hole/docker-pi-hole
cd docker-pi-hole
git checkout password_file
./build.sh
)