pictl does not find pi-hole when Admin interface hosted in nginx instead of lighttps

[schuettecarsten]

I have disabled lighttpd and use nginx to host the admin website of PiHole.
When setting up pi-cli, I and up in a loop:

root@raspberrypi1:/home/pi/picli/src# ./picli setup
Please enter the IP address of your Pi-Hole: 127.0.0.1
Please enter the port that exposes the web interface (default 80): 8080
Pi-Hole doesn't seem to be alive, check your details and try again!

Please enter the IP address of your Pi-Hole: ^C

Port/IP are valid, nginx ist listening:

root@raspberrypi1:/home/pi/picli/src# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      999        19651      813/pihole-FTL
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      0          300146     3031/nginx: master
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          300144     3031/nginx: master
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      999        19642      813/pihole-FTL
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          16294      759/sshd
tcp        0      0 127.0.0.1:443           0.0.0.0:*               LISTEN      0          300147     3031/nginx: master
tcp6       0      0 ::1:4711                :::*                    LISTEN      999        19649      813/pihole-FTL
tcp6       0      0 :::80                   :::*                    LISTEN      0          300145     3031/nginx: master
tcp6       0      0 :::53                   :::*                    LISTEN      999        19644      813/pihole-FTL
tcp6       0      0 :::22                   :::*                    LISTEN      0          16296      759/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      0          300148     3031/nginx: master

[Reeceeboii]

Not too familiar with how Nginx would interfere in this instance. Have you actually disabled lighttpd entirely and swapped it for Nginx or is Nginx acting as a reverse proxy? This is probably caused by me being overzealous with my verification of a Pi-Hole address. I could probably make it warn users instead of just rejecting it.

My checks are likely specific to lighttpd. If your web interface works then my checks are looking for too specific of a response.

Just to check something, if you send a GET to http://127.0.0.1:8080/admin/api.php is there a is there a X-Pi-hole header in the response? My first guess would be that is missing.

[schuettecarsten]

I just saw that if I use 127.0.0.1 directly, I get a message about host check failure:

Failed Host Check: 127.0.0.1 vs 192.168.178.3, fd00::ba27:ebff:feff:87ba, , pi.hole, localhost

I need to use "localhost" or 192.168.178.3 here:

root@raspberrypi1:/home/pi# curl -ki http://localhost:8080/admin/api.php
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 25 Feb 2021 13:00:43 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=cmq9ctb9m3gpg3ldagttitghda; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

{"domains_being_blocked":2146917,"dns_queries_today":100867,"ads_blocked_today":31078,"ads_percentage_today":30.810869,"unique_domains":4229,"queries_forwarded":38751,"queries_cached":24465,"clients_ever_seen":61,"unique_clients":41,"dns_queries_all_types":100818,"reply_NODATA":4107,"reply_NXDOMAIN":16123,"reply_CNAME":17731,"reply_IP":53307,"privacy_level":0,"status":"disabled","gravity_last_updated":{"file_exists":true,"absolute":1614254919,"relative":{"days":0,"hours":0,"minutes":52}}}

No X-Pi-hole header found.

[Reeceeboii]

Yep:

Pi-CLI/src/api.go

Lines 233 to 236 in 8ce9f69

	// do the provided address & port actually point to a Pi-Hole?
	func validatePiHoleDetails(res *http.Response) bool {
	return res.StatusCode == 200 && res.Header.Get("X-Pi-hole") != ""
	}

The missing header is making Pi-CLI think there's nothing there when there clearly is. I'll implement a fix that makes this check less strict. I think checking for a HTTP 200 is probably fine for most cases.

Leave it with me.

[Reeceeboii]

@schuettecarsten Please try the executables at #17. This PR should hopefully rectify the issue

https://github.com/Reeceeboii/Pi-CLI/releases/tag/Pre-release