Install PiHole With SSL On Apache Running Ubuntu Server 20 LTS

This is another quick post to serve as a general note. This post will cover the install of PiHole with SSL on Apache. The guide should work for most Debian-based Linux distributions. We are running PHP7.4 as it’s native to the OS and does not require any PPA addons. You can install PHP8/+ if you like.

Step 1: Bash Into root


1
     sudo bash

Enter your password.

Step 2: Install Apache2


1
     apt-get install apache2 -y

Step 3: Install PHP 7.4


1
2
     apt-get install php -y
     apt-get install php-common php-mysql php-xml php-curl php-cli php-imap php-mbstring php-opcache php-soap php-zip php-intl php-sqlite3 -y

Step 4: Install PiHole


1
     curl -sSL https://install.pi-hole.net | bash

During the course of the install, you will be prompted ~5 times. At the last prompt, you will be asked if you want to install the Lighttpd web server. At this point, you want to select no and complete the install process.

Once completed your PiHole setup should work. and should be accessible via ip/domain.com/admin/

Step 5 Cleanup:

As of today, I have noticed a rare glitch that will cause the folder structure to be odd after the pihole install. This can be easily fixed with the following details.

The default install will create folders like this:


1
2
     pihole folder: /var/www/html/pihole
     admin folder: /var/www/html/admin

Although not a big deal, this causes a problem when trying to access the admin dashboard from the default pihole URL (http://ip/pihole), the link on the page that is supposed to link to the admin page will be broken. At this point, you can update the page link manually in pihole/index.php to forward to the correct URL or you can change/move folders to your liking.

To fix this issue, as root, first we move the folder to the correct directory.


1
     mv /var/www/html/admin /var/www/html/pihole

Second, we update the default pihole root index file links


1
    vim /var/www/www/html/pihole/index.php

We want to edit three lines 77, 81, and 83 to reflect the new URL structure.


1
2
3
4
5
6
7
8
     Line 77:
     <link rel='shortcut icon' href='/pihole/admin/img/favicons/favicon.ico' type='image/x-icon'>

     Line 81:
     <img src='/pihole/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />

     Line 83:
     <a href='/pihole/admin/'>Did you mean to go to the admin panel?</a>

Once done you can consider the process complete.

Step S: Installing SSL on PiHole:

To keep things classy, if not already, bash into root:


1
     sudo bash

Let’s enable the PHP’s SSL module and make our SSL folder to house our certs.


1
2
     a2enmod ssl
     mkdir /etc/apache2/certs/pihole

Now let’s generate our self-signed cert:


1
     openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/certs/pihole/piholio.key -out /etc/apache2/certs/pihole/piholio.crt

Edit our default SSL virtual hosts config:


1
     vim /etc/apache2/sites-available/default-ssl.conf

Replace lines 32 and 33 with the following lines


1
2
     SSLCertificateFile /etc/apache2/certs/pihole/piholio.crt
     SSLCertificateKeyFile /etc/apache2/certs/pihole/piholio.key

Save and exit.

Next, enable SSL and restart the apache service:


1
     a2ensite default-ssl.conf && systemctl restart apache2

At this point, you’ve successfully installed PiHole with SSL. We have another issue, by default apache does not reroute to SSL so you will still be able to visit the non-SSL URL. To fix this we need to enable the Rewrite module and enter our conditions into our domain’s virtual host configuration (or .htaccess).

Let’s enable that rewrite module:


1
2
     a2enmod rewrite
     systemctl restart apache2

Let’s edit our default virtual host file:


1
     vim /etc/apache2/sites-available/000-default.conf

Add the following three lines of code before the </VirtualHost> closing tag.


1
2
3
     RewriteEngine On
     RewriteCond %{HTTPS} off
     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Save the file and restart Apache.


1
     systemctl restart apache2

Your PiHole install should now be “running in SSL”. If anyone viewing my notes has questions feel free to leave a comment.