[{"data":1,"prerenderedAt":406},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2019\u002F09\u002F22\u002Fsecuring-pi-hole-admin-with-ssl\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":392,"description":213,"embedImage":393,"extension":394,"image":393,"intro":395,"meta":396,"navigation":397,"path":398,"seo":399,"series":393,"sitemap":400,"stem":401,"tags":402,"__hash__":405},"content\u002F2019\u002F09\u002F22\u002Fsecuring-pi-hole-admin-with-ssl.md","Securing pi-hole admin with SSL",{"type":208,"value":209,"toc":387},"minimark",[210,214,217,230,238,241,246,253,299,302,325,328,332,343,347,354,365,373,376,383],[211,212,213],"p",{},"I recently added a running copy of pi-hole onto a spare raspberry pi to test.",[211,215,216],{},"One thing I wanted to do was to make the admin view work with https.",[211,218,219,229],{},[220,221,228],"a",{"href":222,"rel":223,"target":227},"https:\u002F\u002Fdiscourse.pi-hole.net\u002Ft\u002Fenabling-https-for-your-pi-hole-web-interface\u002F5771",[224,225,226],"nofollow","noopener","noreferer","_blank","This FAQ on enabling SSL"," has most of the information needed.",[211,231,232,233,237],{},"However - I am not using letsencrypt for this sort if internal setup - instead I have set up a ",[220,234,236],{"href":235},"\u002F2019\u002F09\u002F18\u002Finternal-certificate-authority-with-openssl-and-caman\u002F","local CA",".",[211,239,240],{},"So - for this setup there were three steps:",[242,243,245],"h2",{"id":244},"certificates","Certificates",[211,247,248,249,252],{},"Using the ",[220,250,251],{"href":235},"caman setup"," - add and sign a new certificate:",[254,255,260],"pre",{"className":256,"code":257,"language":258,"meta":259,"style":259},"language-shell shiki shiki-themes github-dark","cd caman\n.\u002Fcaman new pi-hole.my.local.domain\n.\u002Fcaman sign pi-hole.my.local.domain\n","shell","",[261,262,263,276,289],"code",{"__ignoreMap":259},[264,265,268,272],"span",{"class":266,"line":267},"line",1,[264,269,271],{"class":270},"sDLfK","cd",[264,273,275],{"class":274},"sU2Wk"," caman\n",[264,277,279,283,286],{"class":266,"line":278},2,[264,280,282],{"class":281},"svObZ",".\u002Fcaman",[264,284,285],{"class":274}," new",[264,287,288],{"class":274}," pi-hole.my.local.domain\n",[264,290,292,294,297],{"class":266,"line":291},3,[264,293,282],{"class":281},[264,295,296],{"class":274}," sign",[264,298,288],{"class":274},[211,300,301],{},"Now we need two files on the pi-hole machine.",[303,304,305,316],"ul",{},[306,307,308,309,312,313],"li",{},"Copy the CA certificate ",[261,310,311],{},"ca\u002Fca.crt.pem"," to ",[261,314,315],{},"\u002Fetc\u002Flighttpd\u002Ffullchain.pem",[306,317,318,319,312,322],{},"Copy the site certificate ",[261,320,321],{},"store\u002Fpi-hole.my.local.domain\u002F_date_\u002Fpi-hole.my.local.domain.keycrt.pem",[261,323,324],{},"\u002Fetc\u002Flighttpd\u002Fcombined.pem",[211,326,327],{},"Note you need the keycrt.pem in combined - both key and certificate",[242,329,331],{"id":330},"lighttpd-externalconf","Lighttpd external.conf",[211,333,334,335,339,340,237],{},"Copy the suggested config from ",[220,336,338],{"href":222,"rel":337,"target":227},[224,225,226],"the FAQ"," and change the domain to ",[261,341,342],{},"pi-hole.my.local.domain",[242,344,346],{"id":345},"lighttpd-modules","Lighttpd modules",[211,348,349,350,353],{},"At this point - when I did a config check (",[261,351,352],{},"lighttpd -t -f \u002Fetc\u002Flighttpd\u002Flighttpd.conf",") and it said I needed to enable the SSL module.",[211,355,356,357,360,361,364],{},"I did so with ",[261,358,359],{},"lighty-enable-mod ssl",". However - this added two things to ",[261,362,363],{},"\u002Fetc\u002Flighttpd\u002Fconf-enabled\u002F10-ssl.conf"," (symlinked in from conf-available by the call to lighty-enable-mod) - the first loads the SSL module - the second tries to use a server.pem certificate on 0.0.0.0:443. I only want the module loading so I changed the file to simply be:",[254,366,371],{"className":367,"code":369,"language":370},[368],"language-text","server.modules += ( \"mod_openssl\" )\n","text",[261,372,369],{"__ignoreMap":259},[211,374,375],{},"And then restarted with service lighttpd restart",[211,377,378,379,382],{},"That was enough to get ",[261,380,381],{},"https:\u002F\u002Fpi-hole.my.local.domain\u002Fadmin"," to work.",[384,385,386],"style",{},"html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":259,"searchDepth":278,"depth":278,"links":388},[389,390,391],{"id":244,"depth":278,"text":245},{"id":330,"depth":278,"text":331},{"id":345,"depth":278,"text":346},"2019-09-22 12:20 +0200",null,"md","I recently added a running copy of pi-hole onto a spare raspberry pi to test. Moving it to https",{},true,"\u002F2019\u002F09\u002F22\u002Fsecuring-pi-hole-admin-with-ssl",{"title":206,"description":213},{"loc":398},"2019\u002F09\u002F22\u002Fsecuring-pi-hole-admin-with-ssl",[403,404],"pi-hole","ssl","rAgMhPUvUpPjxq7-4Z88OBLyuTZ7IiJnimr_MLXYup8",1775293008860]