On the previous post, we talked about how I set up a web server alongside Pi Hole. On this one, I will guide you step by step on how to do it on Raspbian Stretch.
Step 1 – Set the secondary IP
If you configured the Pi Hole properly, your Pi should already have a static IP. On this step, we’ll give it another static IP, the one that will be used by your web apps.
To do this, on Raspbian Stretch we’ll edit
(You could also place a new file under
/etc/network/interfaces.d/, but for the sake of a simpler explanation we’ll do the former.)
Before we start, I don’t know if I need to remember you, and I think I don’t, but I will. Please make a copy of the original file before editing it. Also, be careful if doing this remotely, since we are editing the network configuration and a mistake could make you lose your connection to the Pi.
Alright, having said that, one approach is to have something like this:
# /etc/network/interfaces auto wlan0 allow-hotplug eth0 iface wlan0 inet static address 10.0.0.10 netmask 255.255.255.0 gateway 10.0.0.1 dns-nameservers 127.0.0.1 iface wlan0 inet static address 10.0.0.11 netmask 255.255.255.0 dns-nameservers 127.0.0.1
iface block sets one of the static IPs. On this example,
10.0.0.10 is the IP we already had and
10.0.0.11 is the new one we pick. Be sure to choose an address no other device is using on your network.
The interface we are configuring in this example is
wlan0. If your Pi is connected by Ethernet, change it for
We also set the DNS for
127.0.0.1, so the Pi uses the Pi Hole to resolve the names he needs. The gateway and the netmask should be set accordingly to your network.
Needless to say, don’t just copy and paste this example configuration. When you first open the file, it’ll probably have the first
iface block already set for your needs. Just paste the second one, changing the needed values.
Pro-tip: be sure not to add a second
gateway line, or you encounter an error.
OK, have you done the proper configuration, restart your network (or reboot your system):
$ sudo systemctl restart network
Your Pi now have two IPs. Let’s check it.
$ ip a
If all went well, you’ll see both IPs in two lines starting with
inet. For our example:
... inet 10.0.0.10/24 brd 192.168.0.255 scope global wlan0 valid_lft forever preferred_lft forever inet 10.0.0.11/24 brd 192.168.0.255 scope global secondary wlan0 valid_lft forever preferred_lft forever ...
These instructions are based on the Debian Wiki. If you are stuck, please refer to it.
Step 2 - Bind Lighttpd to the primary IP
Now we’re going to make Lighttpd bind only to the primary IP. This step is much more straight-forward.
To achieve this, we used to edit
/etc/lighttpd/lighttpd.conf. This had the inconvenience that whenever Pi Hole updated, that file would be overwritten and all the changes lost. So every month or so, we would have to put the changes back in place.
However, since Pi Hole 4.2.2 this problem is gone. Now, the Lighttpd config sources a separate file, allowing us to permanently place in it the changes we want.
This file is
/etc/lighttpd/external.conf. So just open it and add this line, replacing
10.0.0.10 by your Pi’s primary IP:
server.bind = "10.0.0.10"
If for whatever reason you are using an older version of Pi Hole, simply add that line to
Now, restart Lighttpd:
$ sudo systemctl restart lighttpd
Now the Pi Hole admin console should only be available on your primary IP.
Step 3 - Bind your web server to the secondary IP
Finally, we need to make your web server bind only to the secondary IP. How to do this, obviously, depends on which web server you pick and your specific configuration.
However, the procedure is analogous to what we did on step 2. Edit the configuration of the chosen server and bind it to your Pi’s secondary IP.
For example, on Nginx, you do it using the
After making the needed modifications, start the web server and everything should work as we wanted.
But what if I want Pi Hole to use the secondary IP?
If, for whatever reason, you want your web apps to use the primary address and Pi Hole the secondary, the procedure is similar, with the added step of reconfiguring Pi Hole.
First, follow the guide normally, but binding Lighttpd to the secondary IP and your web server to the primary.
Then, reconfigure Pi Hole to point it to the new IP. Run:
$ pihole -r
And give it the secondary IP.
This step is necessary because Pi Hole resolves the blocked domains to that IP. That’s how you get the “Pi Hole blocked” page, which is served by Lighttpd.
(Updated on 2019/03/01.)