Previous Page

nothing@nowhere - 2022-04-01

pihole Setup

Initial Setup


[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate

[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash

[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ sudo pihole -a -p
Enter New Password (Blank for no password):
Confirm Password:
  [✓] New password set

	

To forcefully block domains via regex you can do the following:


[ nowhere.yt ] [ /dev/pts/1 ] [~]
→ pihole -up
  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.4.28
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail
  [✓] Checking for ca-certificates

  [i] Checking for updates...
  [i] Pi-hole Core:     up to date
  [i] Web Interface:    up to date
  [i] FTL:              up to date

  [✓] Everything is up to date!

Now if we want to have a https interface we do the following;



[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl disable lighttpd.service --now

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ apt install nginx php7.4-{fpm,cgi,xml,sqlite3,intl} apache2-utils socat -y

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl enable nginx php7.4-fpm --now

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ vim /etc/nginx/sites-available/default
	


server {
    listen 80;
    listen [::]:80;
    server_name ns1.void.yt;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ns1.void.yt;

    ssl_certificate /root/.acme.sh/ns1.void.yt/fullchain.cer;
    ssl_trusted_certificate /root/.acme.sh/ns1.void.yt/ns1.void.yt.cer;
    ssl_certificate_key /root/.acme.sh/ns1.void.yt/ns1.void.yt.key;

    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    ssl_ecdh_curve auto;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 80.67.188.188 80.67.169.40 valid=300s;
    resolver_timeout 10s;

    add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
    add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
    add_header X-Content-Type-Options nosniff; #MIME-type sniffing
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

    root /var/www/html;
    server_name _;
    autoindex off;

    index pihole/index.php index.php index.html index.htm;

    location / {
        expires max;
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param FQDN true;
        auth_basic "Restricted"; # For Basic Auth
        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
    }

    location /*.js {
        index pihole/index.js;
        auth_basic "Restricted"; # For Basic Auth
        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
    }

    location /admin {
        root /var/www/html;
        index index.php index.html index.htm;
        auth_basic "Restricted"; # For Basic Auth
        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
    }

    location ~ /\.ht {
        deny all;
    }
}
	
:wq

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ nginx -t
nginx: [emerg] cannot load certificate "/root/.acme.sh/ns1.void.yt/fullchain.cer": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/root/.acme.sh/ns1.void.yt/fullchain.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ wget -O -  https://get.acme.sh | sh

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ zsh

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ acme.sh --set-default-ca  --server  letsencrypt
[Sun 03 Apr 2022 09:05:46 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ systemctl stop nginx

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ acme.sh --issue --standalone -d ns1.void.yt -k 4096

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ systemctl start nginx

[ nowhere.yt ] [ /dev/pts/2 ] [~]
→ htpasswd -c /etc/nginx/.htpasswd nothing
New password:
Re-type new password:
Adding password for user nothing

then we make pihole update automatically every day via cronjob and test it:


[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ crontab -e

 0 0 * * * /usr/local/bin/pihole -up
 0 0 * * * /usr/local/bin/pihole -g
:wq

[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ wget https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz -q

[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
cronitor

[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ sudo cronitor configure --api-key 1234567890

Configuration File:
/etc/cronitor/cronitor.json

Version:
28.8

API Key:
1234567890

Ping API Key:
Not Set

Environment:
Not Set

Hostname:
ns2

Timezone Location:
{Etc/UTC}

Debug Log:
Off

[ ns2.void.yt ] [ /dev/pts/0 ] [~]
→ cronitor select

✔ /usr/local/bin/pihole -up
----► Running command: /usr/local/bin/pihole -up

  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.4.28
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail
  [✓] Checking for ca-certificates

  [i] Checking for updates...
  [i] Pi-hole Core:     up to date
  [i] Web Interface:    up to date
  [i] FTL:              up to date

  [✓] Everything is up to date!

----► ✔ Command successful    Elapsed time 3.345s

If you want to host a public pihole, then you need to tick the following option:

Nihilism

Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)