Reverse Proxy stopped working after v6 upgrade

NemoChirp · February 23, 2025, 5:19pm

Expected Behaviour:
I am running Pi-hole version 5 (hostname: server2.xxxxxxxxx.com, IP: 172.16.100.203) on a robust desktop PC with Ubuntu OS. My network is managed by pfSense as the router, with HAProxy (IP: 172.16.100.1) configured as the reverse proxy. The IP for server2.xxxxxxxxx.com has been added to Pi-hole's local DNS records, enabling secure access via Let's Encrypt certificates. I am able to successfully resolve server2.xxxxxxxxx.com to 172.16.100.1 and also utilize Let's Encrypt issued certificate when accessing the Pihole Admin page.

Actual Behaviour:
After the upgrade to v6, server2.xxxxxxxxx.com is now resolving to 172.16.100.203 and longer resolving to 172.16.100.1 (reverse proxy) and also presented with a self-signed cert when accessing the admin page.

Debug Token:
https://tricorder.pi-hole.net/vU4sVjuh/

smurf · February 23, 2025, 5:43pm

during the upgrade pihole create a self-signed cert. TLS/SSL - Pi-hole documentation. Instruction on how to use your own is at the bottom. You have to make a few changes. This is how I did mine Own TLS certificate not used - Help - Pi-hole Userspace

NemoChirp · February 23, 2025, 5:57pm

Everything was working prior to the upgrade. I would prefer to use Let’s Encrypt issued Certificates over Self signed.

smurf · February 23, 2025, 6:07pm

I also use LE. Instructions was provided. Anway good luck

MRSOFT · February 23, 2025, 7:24pm

test with this in edit proxy host / advanced

location / {
proxy_pass http://host:ip/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}

location /admin/ {
proxy_pass http://host:ip/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}

location /api/ {
proxy_pass http://host:ip/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}

tell me

NemoChirp · February 24, 2025, 3:33am

Thanks. I can simply create an entry (172.16.100.1 server2.xxxxxxxxx.com) to the host file on the computer I am going to be using to manage Pi-Hole and problem will be solved. However, we're in the 21st century defeats the purpose of using a DNS server.

Leonald_Eufrasio_Jun · February 25, 2025, 1:44am

Can I put this in NGINX PROXY MANAGER? Or should I change something? I ask because I tried to put these settings in the advanced tab, but it only generated errors.

MRSOFT · February 25, 2025, 2:12pm

You must change the "host:ip" part by replacing it with ip:port of the Pi-hole.

system · March 18, 2025, 2:12pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.