In this post, I will share My Experience How I Migrate the Existing Server to Nginx. By default, Pi-hole Install and Configure the Lighttpd Server Webadmin Panel.
Before Migrating your Server to Nginx you need to make some changes in Pi-hole Setup File
- Open the File
/etc/pihole/setupVars.conf - replace true with false for the value
INSTALL_WEB_SERVERandLIGHTTPD_ENABLED
INSTALL_WEB_SERVER=false LIGHTTPD_ENABLED=false
- Save the Settings don’t restart the Pi-hole
Setup Nginx
- install Nginx on your web server
- install required PHP packages – I recommend PHP 7.4
- Configure Nginx for Pi-hole web admin
- Create a New File
pihole.conf - Add this Below Configuration to the Newly Created File
server {
listen 80;
listen [::]:80;
server_name blocker.example.com;
root /var/www/html;
index pihole/index.php index.php index.html index.htm;
charset UTF-8;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
add_header Strict-Transport-Security max-age=63072000;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/html;
server_name blocker.example.com;
autoindex off;
index pihole/index.php index.php index.html index.htm;
charset UTF-8;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
add_header Strict-Transport-Security max-age=63072000;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
expires max;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_param FQDN true;
auth_basic "Restricted"; # For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
add_header Strict-Transport-Security max-age=63072000;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}
location /*.js {
index pihole/index.js;
}
location /admin {
root /var/www/html;
index index.php index.html index.htm;
#include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.4-fpm.sock;
#fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
auth_basic "Restricted"; # For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
add_header Strict-Transport-Security max-age=63072000;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/letsencrypt/live/blocker.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blocker.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}- save the Conf File
- For SSL use Certbot – https://certbot.eff.org/instructions
- Create Http Authentication using an apache-utils tool
sudo apt-get install apache2-utils -y htpasswd -c /etc/nginx/.htpasswd username
- verify your Nginx Configuration
nginx -t
Pi-hole Migrate From Lighttpd Server to Nginx
- Stop and Disable the Lighttpd Server
service lighttpd stop systemctl disable lighttpd
- Update ownership and Permission
chown -R www-data:www-data /var/www/html chmod -R 755 /var/www/html
- Admin Panel Access to the database
usermod -aG pihole www-data
- Update the pool Group in PHP-FPM
sed -i 's/group = www-data/group = pihole/g' /etc/php/7.4/fpm/pool.d/www.conf
- Restart the FPM
systemctl restart php7.4-fpm
- Enable Nginx Symlink
sudo ln -s /etc/nginx/sites-available/pihole.conf /etc/nginx/sites-enabled/pihole.conf
- Reload and Restart the Nginx server
service nginx reload service nginx restart
- Finally, restart the Pi-hole and Now it serves the Pi-hole web admin panel via Nginx server
systemctl restart pihole-FTL
- That’s all done – Successfully Migrate From Lighttpd Server to Nginx
if you have doubts regarding this please drop your comments here I will Guide you.
Reference
Had this problem while doing sudo service nginx reload
https://imgur.com/IMgcOuX
Seems issue on Nginx settings
Thank you for sharing your valuable experience 🙂
I modestly suggest to do:
sudo chown www-data:www-data /etc/nginx/.htpasswd