Nginx Configuration

Tad edited this page Oct 9, 2018 · 17 revisions
Note
If you’re using php5, change all instances of php7.0-fpm to php5-fpm and change /run/php/php7.0-fpm.sock to /var/run/php5-fpm.sock
  1. service lighttpd stop #stop default lighttpd

  2. apt-get -y install nginx php7.0-fpm php7.0-zip apache2-utils #install necessary packages

  3. systemctl disable lighttpd #disable lighttpd at startup

  4. systemctl enable php7.0-fpm #enable php7.0-fpm at startup

  5. systemctl enable nginx #enable nginx at startup

  6. edit /etc/nginx/sites-available/default to:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        server_name _;
        autoindex off;

        index pihole/index.php index.php index.html index.htm;

        location / {
                expires max;
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                auth_basic "Restricted"; #For Basic Auth
                auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location /*.js {
                index pihole/index.js;
                auth_basic "Restricted"; #For Basic Auth
                auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location /admin {
                root /var/www/html;
                index index.php index.html index.htm;
                auth_basic "Restricted"; #For Basic Auth
                auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
        }

        location ~ /\.ht {
                deny all;
        }
}
  1. htpasswd -c /etc/nginx/.htpasswd exampleuser #create username for authentication for the admin - we don’t want other people in our network change our black and whitelist ;)

  2. chown -R www-data:www-data /var/www/html #change ownership of html directory to nginx user

  3. chmod -R 755 /var/www/html #make sure html directory is writable

  4. service php7.0-fpm start #start php7.0-fpm daemon

  5. service nginx start #start nginx webserver

  6. If you want to use your custom domain to access admin page (e.g.: http://mydomain.internal/admin/settings.php instead of http://pi.hole/admin/settings.php), make sure mydomain.internal is assigned to server_name in /etc/nginx/sites-available/default. E.g.: server_name mydomain.internal;

  7. If you want to use block page for any blocked domain subpage (aka Nginx 404), add this to Pihole server block in your Nginx configuration file:

    error_page 404 /pihole/index.php
  8. When using nginx to front pihole, Let’s Encrypt can be used to directly configure nginx. Make sure to use your hostname instead of _ in server_name _; line above.

    add-apt-repository ppa:certbot/certbot
    apt-get install certbot python-certbot-nginx
    
    certbot --nginx -m "$email" -d "$domain" -n --agree-tos --no-eff-email
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.