[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ sudo pihole -a -p
Enter New Password (Blank for no password):
Confirm Password:
[✓] New password set
To forcefully block domains via regex you can do the following:
[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ pihole -up
[✓] Update local cache of available packages
[i] Existing PHP installation detected : PHP version 7.4.28
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for whiptail
[✓] Checking for ca-certificates
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: up to date
[i] FTL: up to date
[✓] Everything is up to date!
Now if we want to have a https interface we do the following;
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl disable lighttpd.service --now
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ apt install nginx php7.4-{fpm,cgi,xml,sqlite3,intl} apache2-utils socat -y
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl enable nginx php7.4-fpm --now
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ vim /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name ns1.void.yt;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ns1.void.yt;
ssl_certificate /root/.acme.sh/ns1.void.yt/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/ns1.void.yt/ns1.void.yt.cer;
ssl_certificate_key /root/.acme.sh/ns1.void.yt/ns1.void.yt.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
ssl_stapling on;
ssl_stapling_verify on;
resolver 80.67.188.188 80.67.169.40 valid=300s;
resolver_timeout 10s;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
root /var/www/html;
server_name _;
autoindex off;
index pihole/index.php index.php index.html index.htm;
location / {
expires max;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_param FQDN true;
auth_basic "Restricted"; # For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
}
location /*.js {
index pihole/index.js;
auth_basic "Restricted"; # For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
}
location /admin {
root /var/www/html;
index index.php index.html index.htm;
auth_basic "Restricted"; # For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
}
location ~ /\.ht {
deny all;
}
}
:wq
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ nginx -t
nginx: [emerg] cannot load certificate "/root/.acme.sh/ns1.void.yt/fullchain.cer": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/root/.acme.sh/ns1.void.yt/fullchain.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ wget -O - https://get.acme.sh | sh
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ zsh
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ acme.sh --set-default-ca --server letsencrypt
[Sun 03 Apr 2022 09:05:46 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ systemctl stop nginx
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ acme.sh --issue --standalone -d ns1.void.yt -k 4096
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl start nginx
[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ htpasswd -c /etc/nginx/.htpasswd nothing
New password:
Re-type new password:
Adding password for user nothing
then we make pihole update automatically every day via cronjob and test it:
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ crontab -e
0 0 * * * /usr/local/bin/pihole -up
0 0 * * * /usr/local/bin/pihole -g
:wq
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ wget https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz -q
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
cronitor
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ sudo cronitor configure --api-key 1234567890
Configuration File:
/etc/cronitor/cronitor.json
Version:
28.8
API Key:
1234567890
Ping API Key:
Not Set
Environment:
Not Set
Hostname:
ns2
Timezone Location:
{Etc/UTC}
Debug Log:
Off
[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ cronitor select
✔ /usr/local/bin/pihole -up
----► Running command: /usr/local/bin/pihole -up
[✓] Update local cache of available packages
[i] Existing PHP installation detected : PHP version 7.4.28
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for whiptail
[✓] Checking for ca-certificates
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: up to date
[i] FTL: up to date
[✓] Everything is up to date!
----► ✔ Command successful Elapsed time 3.345s
If you want to host a public pihole, then you need to tick the following option:
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
