Unable to connect to the Pi-hole dashboard

The issue I am facing:

I’m unable to connect to the Pi-hole dashboard/interface

Details about my system:

Raspberry Pi 5 Model B Rev 1.1 running on Raspberry Pi OS (64-bit)
Pi-hole v6 docker hosted on IP 192.168.0.50:8080 and 192.168.0.51:8080
Apache2 server which uses 192.168.0.50 on ports 80 and 443

What I have changed since installing Pi-hole:

Summary (I used Google AI Chat to help me with everything so far):

Initial setup and first attempt

1. Objective: Set up a Pi-hole container using Docker Compose with DHCP and a custom dashboard port (8080).

2. Configuration: Your Docker host is at 192.168.0.50, and you chose a static IP of 192.168.0.51 for the Pi-hole container.

3. Networking Strategy: Use a macvlan network (pihole_macvlan) to give the container its own unique IP on the local network, bypassing the limitations of the default bridge network.

4. Issue: After creating the container, you were unable to reach the dashboard at http://192.168.0.51:8080/admin from your host machine.

Troubleshooting macvlan communication (Solution 1)

1. Reason for Failure: The Linux kernel intentionally prevents direct communication between a host and a container on a macvlan network for security and isolation purposes.

2. Action Taken: You tried a workaround ("macvlan shim") by creating a second macvlan interface (macvlan_shim) on the host with a dedicated IP (192.168.0.52) and a route to the container's IP (192.168.0.51).

3. Result: This approach failed, and you requested a way to undo the changes.

4. Undo Action: You were instructed on how to remove the new macvlan interface and route, and to use docker-compose down to remove the failed Pi-hole container.

Troubleshooting host access with dual networks (Solution 2)

1. New Strategy: A dual-network approach was proposed. The container would connect to the existing pihole_macvlan for DNS and DHCP traffic from other network devices, and also to the default Docker bridge network for dashboard access from the host.

2. Initial Attempt: You tried to implement this solution but received the error network pihole_macvlan declared as external, but could not be found.

3. Reason for Failure: Docker Compose could not find the pihole_macvlan network because it had not been created. You had removed it during the cleanup of Solution 1.

4. Corrective Action: You ran docker network create to recreate the pihole_macvlan network.

5. Second Attempt (Incorrect ports mapping): You ran docker-compose up -d with a ports mapping of "192.168.0.50:8080:80/tcp".

6. Issue: You were still unable to reach the dashboard from the host at http://192.168.0.50:8080/admin, receiving a "took too long to respond" timeout error.

7. Corrective Action: The ports mapping was corrected to a standard format ("8080:80/tcp"), which binds to the host's bridge network interface instead of a specific IP.

Final connection issue

1. Final Attempt: After correcting the docker-compose.yml file, you still could not reach the dashboard from the host, but this time with a "connection refused" error when trying http://192.168.0.51:8080/admin.

2. Diagnosis: A "connection refused" error indicates that the web server inside the Pi-hole container is not active or is not listening on the expected port. You also confirmed that no firewalls were active on the host machine.

3. Next Steps (Proposed): The current path forward involves a more detailed investigation inside the container, including:

• Checking container logs (docker logs pihole).

• Running the Pi-hole debug utility (pihole -d).

• Manually verifying the listening port with netstat inside the container.

• As a last resort, attempting to use a different port to rule out a conflict.

Right now my docker-compose.yml file is this

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      pihole_macvlan:
        ipv4_address: 192.168.0.51 # The static IP for the container
      # Use the default bridge network for host access to the dashboard
      default:
    environment:
      WEBPASSWORD: "fakepassword"
      TZ: 'America/Chicago' # Time zone
      FTLCONF_WEBPORT: 8080 # Set the admin dashboard port to 8080
      DNSMASQ_LISTENING: all
      PIHOLE_DNS_: "1.1.1.1;1.0.0.1"
      DHCP_START: 192.168.0.100 # Range of IP addresses to lease
      DHCP_END: 192.168.0.254
      DHCP_ROUTER: 192.168.0.1 # router's IP address
      DHCP_ACTIVE: "true"
      DHCP_v6: "true" # Enable IPv6 DHCP
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
    ports:
      - "8080:80/tcp"

networks:
  pihole_macvlan:
    external: true

And here is my most recent debug token: https://tricorder.pi-hole.net/ntEb4nsg/

In general, accessing Pi-hole's web interface would not depend on Docker's network mode.

When creating a macvlan container, you'd only need to create a shim network if you'd want to communicate with the container from the host that runs it.
Why do you have to access P-hole's web UI from your Pi-hole host machine?
Servers typically avoid unnecessary software like browsers.
Are you running your Pi-hole on a desktop OS?

Your compose file is seriously flawed.
It is using v5 env vars for a v6 container (see also Upgrading from v5.x - Pi-hole documentation), and some of your env var names are even completely made up (FTLCONF_WEBPORT,DHCP_v6 ) , i.e. they never have been used by Pi-hole.

To investigate why you fail to access Pi-hole's UI, you should start afresh with a simple configuration based on Pi-hole's sample from GitHub - pi-hole/docker-pi-hole: The official Pi-hole Docker image from pi-hole.net.
macvlan is a good choice if you want to run Pi-hole as DHCP server, so stick with your macvlan network.
Since you are not using a bridge network mode, but macvlan, you should omit the ports: section entirely - Docker will it ignore it anyway in that case.

It's not clear which env vars have been configured for your Pi-hole container in each of your failed attempts, but if you indeed relied either on port mapping (ignored with macvlan driver) or on FTLCONF_WEBPORT (not a valid Pi-hole env var, and never was) to switch to port 8080, that could already explain inability to access http://192.168.0.51:8080/admin from any machine - use FTLCONF_webserver_port instead.

Ok, I decided to completely delete my pihole container and create a new one using Running Pi-Hole as a Docker Container - Pi My Life Up as a guide, as well as copying the compose example at GitHub - pi-hole/docker-pi-hole: The official Pi-hole Docker image from pi-hole.net, which I edited to fit my needs. E.g. changing 443:443 and 80:80 to 8080:443 and 8080:80 since my Apache server is running on those ports. However, when I ran docker compose up -d I got the following:

[+] Running 12/12
 ✔ pihole Pulled                                                                    32.0s 
   ✔ 6e174226ea69 Pull complete                                                      4.9s 
   ✔ c0718569ee37 Pull complete                                                      8.2s 
   ✔ 4f4fb700ef54 Pull complete                                                      8.3s 
   ✔ 0ba4efd56e55 Pull complete                                                      8.4s 
   ✔ c9b50597eb01 Pull complete                                                      8.4s 
   ✔ f2bb5ccf7baa Pull complete                                                     13.2s 
   ✔ 1939a3628018 Pull complete                                                     16.6s 
   ✔ df32990f7d7d Pull complete                                                     16.7s 
   ✔ c1615406f17c Pull complete                                                     18.8s 
   ✔ d7cf3ffd383d Pull complete                                                     18.9s 
   ✔ aacfa594e884 Pull complete                                                     31.3s 
[+] Running 1/2
 ✔ Network pihole_default  Created                                                   0.1s 
 ⠧ Container pihole        Starting                                                  1.7s 
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint pihole (ecb249da98f247c8a67eaf8c1624b78b357f9bac3a0ca1e46dbc58e85efbb05a): Bind for 0.0.0.0:8080 failed: port is already allocated

Here is my compose.yml file

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "8080:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "8080:443/tcp"
      # Uncomment the line below if you are using Pi-hole as your DHCP server
      - "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'America/Chicago'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'fakepassword'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and >
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped

The port is already allocated because you are using the same port (8080) twice.

Replace 8080:443 with 8443:443 or some other port.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.