This Nginx Configuration sets up Pi-hole behind HTTPS using an Nginx reverse proxy for secure credential transmission when accessing the UI.
Using the NXDOMAIN blocking mode makes sure that Pi-hole is not serving empty HTML pages for every ad.
Since I use
ufw on my Raspberry Pi, the following rules are needed for the setup to work (SSH is optional):
sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 443/tcp ALLOW Anywhere
From Anywhere is fine because I'm behind a NAT and no incoming connections are allowed from the internet.
We also need to set
server.port = 3000 in
/etc/lighttpd/lighttpd.conf to enable Pi-hole
to run on a port different than
80. The only problem, however, is that
overwritten whenever Pi-hole is updated.