openssl req -new -newkey rsa:4096 -keyout key.pem -noenc -out csr.pem -sha512 \
-addext 'subjectAltName = DNS:foo.example.com, DNS:bar.example.com, IP:192.0.2.35' \
-subj '/C=IN/ST=State/L=Location/O=Organization/OU=OrgUnit/CN=foo.example.com/emailAddress=foo@example.com'This creates a new RSA4096 key in key.pem and the corresponding CSR in csr.pem. The CSR can then be verified:
| use-application-dns.net | |
| apollo-apps.playcannonball.net.domain.name | |
| apollo-apps.playcannonball.net | |
| mobile.pipe.aria.microsoft.com.domain.name | |
| ssl.google-analytics.com.domain.name | |
| vortex.data.microsoft.com.domain.name | |
| app-measurement.com.domain.name | |
| ae.gsecondscreen.com.domain.name | |
| reports.crashlytics.com.domain.name | |
| apollo-games.playcannonball.net |
This Nginx Configuration sets up Pi-hole behind HTTPS using an Nginx reverse proxy for secure credential transmission when accessing the UI.
Using the NXDOMAIN blocking mode makes sure that Pi-hole is not serving empty HTML pages for every ad.
Since I use ufw on my Raspberry Pi, the following rules are needed for the setup to work (SSH is optional):
sudo ufw status
Status: active