This Nginx Configuration sets up Pi-hole behind HTTPS using an Nginx reverse proxy for secure credential transmission when accessing the UI.
Using the NXDOMAIN blocking mode makes sure that Pi-hole is not serving empty HTML pages for every ad.
Since I use ufw
on my Raspberry Pi, the following rules are needed for the setup to work (SSH is optional):
sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
53/tcp ALLOW Anywhere
53/udp ALLOW Anywhere
443/tcp ALLOW Anywhere
From Anywhere
is fine because I'm behind a NAT and no incoming connections are allowed from the internet.
We also need to set server.port = 3000
in /etc/lighttpd/lighttpd.conf
to enable Pi-hole
to run on a port different than 80
. The only problem, however, is that lighttpd.conf
gets
overwritten whenever Pi-hole is updated.