Pi-hole via Traefik in Docker?
fedilink
10
Pi-hole via Traefik in Docker?
fedilink

I’m trying to access my Pi-hole container from pihole.mydomain.com without any ports or /admin, and I swear the multitude of posts on the internet make this seem really straightforward. Perhaps it is and I’m being dumb, but I cannot get it to work.

Below is my current docker-compose for both Traefik and Pi-hole:

version: "3.7"

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - medianet
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /path/to/traefik:/etc/traefik
      - /path/to/shared:/shared
      - /path/to/traefik/logs/traefik.log:/etc/traefik/logs/traefik.log
      - /path/to/traefik/logs/access.log:/etc/traefik/logs/access.log
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USER_PASS}
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)
      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=cloudflare
      - traefik.http.routers.traefik-secure.tls.domains[0].main=${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${TRAEFIK_BASE_DNS}
      - traefik.http.routers.traefik-secure.service=api@internal

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole.entrypoints=https
      - traefik.http.routers.pihole.tls=true
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80

The Pi-hole one will load the login page and, upon entering the password and logging in, it will simply bring me back to the login page. So just keeps looping around.

The Traefik config is working with lots of other containers, all of which are using SSL certificates, so I’m pretty sure my Traefik config is okay.

I’ve tried middlewares to addprefix=/admin, which just ends up looping round with multiple /admin prefixes and also doesn’t work.

Anybody got any ideas?

I’m aware I don’t have to put Pi-hole behind SSL as I’m not exposing any of this stuff to the open internet (ports 80 and 443 are not forwarded on my router, and I’m using local DNS records in Pi-hole to access via subdomains).

Happy to post my traefik.yml and config.yml files if needed.

UPDATE: I seem to have figured it out! Below is my final Pi-hole docker-compose - the Traefik one remains unchanged from the original post:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    networks:
      - medianet
      - npm_network
    domainname: mydomain.com
    hostname: pihole
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
      - WEBPASSWORD=${WEBPASSWORD}
      - FTLCONF_LOCAL_IPV4=192.168.1.116
      - WEBTHEME=default-auto
      - DNSMASQ_LISTENING=ALL
      - VIRTUAL_HOST=pihole.mydomain.com
    volumes:
      - /path/to/pihole:/etc/pihole
      - /path/to/pihole/dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      - NET_ADMIN
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=http
      - traefik.http.routers.pihole.rule=Host(`pihole.mydomain.com`)
      - traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.pihole.middlewares=pihole-https-redirect
      - traefik.http.routers.pihole.service=pihole
      - traefik.http.routers.pihole-secure.entrypoints=https
      - traefik.http.routers.pihole-secure.rule=Host(`pihole.mydomain.com`)
      - traefik.http.routers.pihole-secure.tls=true
      - traefik.http.routers.pihole-secure.service=pihole
      - traefik.http.services.pihole.loadbalancer.server.port=80
@nyar@lemmy.world
link
fedilink
English
11Y

I have a similar issue with traefik where it will navigate to the login page but has issues with going beyond it. If I login to the page, then load another tab with the same page, that page also then needs a login. If you find a solution to your issue please let me know.

schmurnan
creator
link
fedilink
English
21Y

Will definitely let you know if I figure it out, for sure.

@rambos@lemmy.world
link
fedilink
English
11Y

Im using npm with letsenrypt for local network only, but couldnt find a way to use pihole gui without /admin. So I have bookmarked pihole.domain/admin

schmurnan
creator
link
fedilink
English
11Y

Thanks. Yeah it’s really frustrating. There are guides out there that show that it’s possible, but I think I’m missing something somewhere. I’m combining guides together so more than likely I’ve missed a step somewhere.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 61 users / day
  • 98 users / week
  • 231 users / month
  • 844 users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 8.7K Comments
  • Modlog