Use nginx reverse proxy

General Beta 6.0
1

Hello,
how to use PiHole 6 with a nginx reverse proxy? My current configuration does not work.

server {
# Block forbidden country (include at all servers)
include includes/geoblock.conf;
server_name *****;

root /var/www/html/admin;

index index.php index.html index.htm index.nginx-debian.html;

location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ =404;
	proxy_read_timeout 300;
}

location ~ \.php$ {
	include snippets/fastcgi-php.conf;

	# With php-fpm (or other unix sockets):
	fastcgi_pass unix:/run/php/php8.1-fpm.sock;
	fastcgi_read_timeout 300;
	# With php-cgi (or other tcp sockets):
	# fastcgi_pass 127.0.0.1:9000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/*****-0005/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/*****-0005/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = *****) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name *****;
return 404; # managed by Certbot
}

2

What do you want to achieve? There are indications in your configuration that you do want to post the web interface on the public internet? Please be aware that this is absolutely not recommended and something we do not give support on. The (by far!) best approach it to use a lightweight VPN such as Wireguard to achieve a DNS-server-on-the-go.

On other means: Pi-hole v6.0 does not use any PHP, so this rule won't hit anything.

3

I just want to access the web interface via a public domain. Hence, a VPN should not necessary. I already using a nginx server and some other web pages. It is already mentioned in the documentation for PiHole (NGINX - Pi-hole documentation), so why should it not be used in PiHole 6? There are some users who want to use this.

4

As previously noted:

5

Well, I have similar problems using an Apache reverse proxy.

Creating two different reverse proxy w two pretty generic paths like api and admin is not a proper action, but necessary, bc some urls are absolute and not honoring the prefix in the toml-config.