Install PiHole With SSL On Apache Running Ubuntu Server 20 LTS

This is another quick post to serve as a general note. This post will cover the install of PiHole with SSL on Apache. The guide should work for most Debian-based Linux distributions. We are running PHP7.4 as it’s native to the OS and does not require any PPA addons. You can install PHP8/+ if you like.

Step 1: Bash Into root

sudo bash

Enter your password.

Step 2: Install Apache2

apt-get install apache2 -y

Step 3: Install PHP 7.4

apt-get install php -y
apt-get install php-common php-mysql php-xml php-curl php-cli php-imap php-mbstring php-opcache php-soap php-zip php-intl php-sqlite3 -y

Step 4: Install PiHole

curl -sSL https://install.pi-hole.net | bash

During the course of the install, you will be prompted ~5 times. At the last prompt, you will be asked if you want to install the Lighttpd web server. At this point, you want to select no and complete the install process.

Once completed your PiHole setup should work. and should be accessible via ip/domain.com/admin/

Step 5 Cleanup:

As of today, I have noticed a rare glitch that will cause the folder structure to be odd after the pihole install. This can be easily fixed with the following details.

The default install will create folders like this:

pihole folder: /var/www/html/pihole
admin folder: /var/www/html/admin

Although not a big deal, this causes a problem when trying to access the admin dashboard from the default pihole URL (http://ip/pihole), the link on the page that is supposed to link to the admin page will be broken. At this point, you can update the page link manually in pihole/index.php to forward to the correct URL or you can change/move folders to your liking.

To fix this issue, as root, first we move the folder to the correct directory.

mv /var/www/html/admin /var/www/html/pihole

Second, we update the default pihole root index file links

vim /var/www/www/html/pihole/index.php

We want to edit three lines 77, 81, and 83 to reflect the new URL structure.

#Line 77: 
<link rel='shortcut icon' href='/pihole/admin/img/favicons/favicon.ico' type='image/x-icon'>

#Line 81:
<img src='/pihole/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash">

#Line 83:
<a href='/pihole/admin/'>Did you mean to go to the admin panel?</a>

Once done you can consider the process complete.

Step S: Installing SSL on PiHole:

To keep things classy, if not already, bash into root:

sudo bash

Let’s enable the PHP’s SSL module and make our SSL folder to house our certs.

a2enmod ssl
mkdir /etc/apache2/certs/pihole

Now let’s generate our self-signed cert:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/certs/pihole/piholio.key -out /etc/apache2/certs/pihole/piholio.crt

Edit our default SSL virtual hosts config:

vim /etc/apache2/sites-available/default-ssl.conf

Replace lines 32 and 33 with the following lines

SSLCertificateFile /etc/apache2/certs/pihole/piholio.crt
SSLCertificateKeyFile /etc/apache2/certs/pihole/piholio.key

Save and exit.

Next, enable SSL and restart the apache service:

a2ensite default-ssl.conf && systemctl restart apache2

At this point, you’ve successfully installed PiHole with SSL. We have another issue, by default apache does not reroute to SSL so you will still be able to visit the non-SSL URL. To fix this we need to enable the Rewrite module and enter our conditions into our domain’s virtual host configuration (or .htaccess).

Let’s enable that rewrite module:

a2enmod rewrite
systemctl restart apache2

Let’s edit our default virtual host file:

vim /etc/apache2/sites-available/000-default.conf

Add the following three lines of code before the </VirtualHost> closing tag.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Save the file and restart Apache.

systemctl restart apache2

Your PiHole install should now be “running in SSL”. If anyone viewing my notes has questions feel free to leave a comment.

Published by

Miguel

I’m a bilingual Network Engineer. I have over 20 Years of Professional experience in Computer Science & Information Technology. I currently own and operate Web Semantics (www.websemantics.com) in Vancouver, Washington. I provide bilingual (English & Spanish) enterprise-level IT support to small and medium-sized businesses across the West Coast. *** Soy un ingeniero de redes bilingüe. Tengo más de 20 años de experiencia profesional en ciencias de la computación y tecnología de la información. Actualmente poseo y opero Web Semantics (www.websemantics.com) en Vancouver, Washington. Proporciono soporte de IT/Informática bilingüe (inglés y español) a nivel empresarial a pequeñas y medianas empresas en toda la costa oeste.

Leave a Reply