axelbd
February 23, 2025, 6:20pm
4
Hello, from my understanding this workaround isn't equivalent from a security point of view. Ability to use Docker Swarm secrets is a must have for me. I'd really like to see this security feature in PiHole v6 as it worked in v5 please.
Other breaking changes about using PiHole in Docker were really well documented and this went smoothly for me so a big thanks for your work
Other references :
Good catch. Unfortunately it was my copy and paste error. The lines are in the compose.yaml file. I corrected the original post.
dev ← lightswitch05:feature/support-docker-secrets-for-web-password
opened 05:43PM - 26 Feb 20 UTC
Support docker secrets for web password.
## Description
This is the init… ial implementation for #556. I wanted to go ahead open a pull request to start discussions about the changes before I spent too much time with tests and documentation.
* If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored.
* If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`.
TODO:
- [ ] Discuss changes with pihole team
- [ ] Update documentation
- [ ] Add tests for `WEBPASSWORD_FILE`
Example using with Docker Secrets:
```yaml
version: "3.3"
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
network_mode: "host"
environment:
WEBPASSWORD_FILE: '/run/secrets/pihole_webpw'
secrets:
- pihole_webpw
# Volumes store your data between container upgrades
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
dns:
- 127.0.0.1
- 1.1.1.1
secrets:
pihole_webpw:
file: my_file_secret.txt
```
## Motivation and Context
This implements request #556
## How Has This Been Tested?
Manually tested at the moment. Need to add actual tests once there has been some discussions on the implementation.
## Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
## Checklist:
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
opened 06:39AM - 15 Jan 20 UTC
closed 06:02PM - 16 Jan 22 UTC
Submitter Attention Required
Hey guys,
I'm using your docker pihole deployment with a docker swarm environ… ment.
I setup a docker secret with a webpassword "test1234".
Then I added everything as described in docker guides to use this docker secret and the service starts without any error. Unfortunately the webpassword isn't the same as I entered in this secret.
The WebGUI always tells me that the password is wrong. I guess there is no support for it right now.
So this should be understood as an improvement/enhancement <3
Thank you all in advance.
EDIT: forgot to post my docker-compose.yml
```
version: '3.1'
services:
pihole:
hostname: pihole
image: pihole/pihole:latest
ports:
- 53:53/tcp
- 53:53/udp
- 67:67/udp
- 443:443/tcp
- 80:80/tcp
network_mode: 'host'
environment:
TZ: 'Europe/Berlin'
IPv6: 'False'
DNSMASQ_USER: 'pihole'
WEBPASSWORD: /run/secrets/pihole_webpw
secrets:
- pihole_webpw
volumes:
- pihole:/etc/pihole
- dnsmasq:/etc/dnsmasq.d
- theme:/var/www/html/admin/style/vendor
dns:
- 127.0.0.1
- 192.168.1.1
restart: unless-stopped
cap_add:
- NET_ADMIN
volumes:
pihole:
dnsmasq:
theme:
secrets:
pihole_webpw:
external: true
```
1 Like
