Secure Web interface and updates?

Hi all,

I want to have a secure Pi-hole web interface to avoid having clear text password going through my network.

Do you have a simple documentation for a low knowledge linux user? my Pi-hole is installed on a ubuntu 20.04 server.

When SSL is implemented, will the command pihole -up break the SSL config in case of upgrade?

Looking forward to know your experiences :slight_smile:

Please consider to search the forums before you open a new topic.

Pi-hole itself doesn't support HTTPS.
You may find topics from other users in our community having succeeded configuring a HTTPS webserver for Pi-hole's web interface.

See e.g. Enabling HTTPS for your Pi-hole Web Interface

Thanks Bucking_Horn for your reply.

Is it a specific reason that Pi-hole doesn't support HTTPS?

For the guys who put it in place. Did an upgrade break your HTTPS config?

Perhaps, if Pi-hole's lighttpd is handling HTTPS, but that would very much depend on the actual configuration used to make it work.

Not very likely if you opt for another webserver (but note that Pi-hole only provides support for lighttpd).

Yes. You will need to use a self-signed certificate. Those cannot be trusted by design because there is no higher authority that can confirm you are the legit owner of pi.hole.

Hence, your browser will show a warning like

when you enable HTTPS on your Pi-hole. Doesn't look very trustworthy, does it?

That's exactly the reason why it is not shipped by default. I should also point out that sending password in cleartext shouldn't be an issue in your local network if properly shielded. Having said that, I should also point out that the currently under development next-generation of Pi-hole (version 6.0) already has replaces plain password by a challenge-response mechanism.

Users that add HTTPS intentionally will (= should) know that this is intentionally and can add proper exceptions on their devices.

Thanks for all your responses.

I don't know about the certificate alerts thing. I personnaly feel safer on a "custom" certificate accepted than a non https connection.

My NAS also shows these certificate alerts because it's local but at least I know all my communication with it are secured and I guess it's the same for all people how have a personnal NAS.

Good news for futur Pi-hole 6. Do we have a roadmap or something?

I'll take a while and it's ready when it's ready. We have a working prototype, but a lot of recent changes made during the last v5.x updates need to be merged into v6.0. And even after this, a lot of work needs to be done.

You can follow the development here

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.