Rafael Cavalcanti

Linux enthusiast and human being.

github email
Web server and Pi Hole - a how-to
Jul 19, 2018
4 minutes read

On the previous post, we talked about how I set up a web server alongside Pi Hole. On this one, I will guide you step by step on how to do it on Raspbian Stretch.

Step 1 – Set the secondary IP

If you configured the Pi Hole properly, your Pi should already have a static IP. On this step, we’ll give it another static IP, the one that will be used by your web apps.

To do this, on Raspbian Stretch we’ll edit /etc/network/interfaces.

(You could also place a new file under /etc/network/interfaces.d/, but for the sake of a simpler explanation we’ll do the former.)

Before we start, I don’t know if I need to remember you, and I think I don’t, but I will. Please make a copy of the original file before editing it. Also, be careful if doing this remotely, since we are editing the network configuration and a mistake could make you lose your connection to the Pi.

Alright, having said that, one approach is to have something like this:

# /etc/network/interfaces

auto wlan0
allow-hotplug eth0
iface wlan0 inet static
    address 10.0.0.10
    netmask 255.255.255.0
    gateway 10.0.0.1
    dns-nameservers 127.0.0.1

iface wlan0 inet static
    address 10.0.0.11
    netmask 255.255.255.0
    dns-nameservers 127.0.0.1

Each iface block sets one of the static IPs. On this example, 10.0.0.10 is the IP we already had and 10.0.0.11 is the new one we pick. Be sure to choose an address no other device is using on your network.

The interface we are configuring in this example is wlan0. If your Pi is connected by Ethernet, change it for eth0.

We also set the DNS for 127.0.0.1, so the Pi uses the Pi Hole to resolve the names he needs. The gateway and the netmask should be set accordingly to your network.

Needless to say, don’t just copy and paste this example configuration. When you first open the file, it’ll probably have the first iface block already set for your needs. Just paste the second one, changing the needed values.

Pro-tip: be sure not to add a second gateway line, or you encounter an error.

OK, have you done the proper configuration, restart your network (or reboot your system):

$ sudo systemctl restart network

Your Pi now have two IPs. Let’s check it.

$ ip a

If all went well, you’ll see both IPs in two lines starting with inet. For our example:

...
inet 10.0.0.10/24 brd 192.168.0.255 scope global wlan0
   valid_lft forever preferred_lft forever
inet 10.0.0.11/24 brd 192.168.0.255 scope global secondary wlan0
   valid_lft forever preferred_lft forever
...

These instructions are based on the Debian Wiki. If you are stuck, please refer to it.

Step 2 - Bind Lighttpd to the primary IP

Now we’re going to make Lighttpd bind only to the primary IP. This step is much more straight-forward. We’ll edit /etc/lighttpd/lighttpd.conf.

Search for the lines that start with server.foobar, and add this one, replacing 10.0.0.10 by your Pi’s primary IP:

server.bind = "10.0.0.10"

Restart Lighttpd:

$ sudo systemctl restart lighttpd

Now the Pi Hole admin console should only be available on your primary IP.

Step 3 - Bind your web server to the secondary IP

Finally, we need to make your web server bind only to the secondary IP. How to do this, obviously, depends on which web server you pick and your specific configuration.

However, the procedure is analogous to what we did on step 2. Edit the configuration of the chosen server and bind it to your Pi’s secondary IP.

For example, on Nginx, you do it using the listen directive.

listen 10.0.0.11:80

After making the needed modifications, start the web server and everything should work as we wanted.

Maintenance

As I mentioned on the previous post, when Pi Hole updates its web interface, it replaces the Lighttpd configuration. At those moments, you’ll have to re-add the server.bind line or restore the previous configuration file, which is left in /etc/lighttpd with a suffix.

That doesn’t happen very often, but if you are like me you’ll write a small script to automate the process.

But what if I want Pi Hole to use the secondary IP?

If, for whatever reason, you want your web apps to use the primary address and Pi Hole the secondary, the procedure is similar, with the added step of reconfiguring Pi Hole.

First, follow the guide normally, but binding Lighttpd to the secondary IP and your web server to the primary.

Then, reconfigure Pi Hole to point it to the new IP. Run:

$ pihole -r

And give it the secondary IP.

This step is necessary because Pi Hole resolves the blocked domains to that IP. That’s how you get the “Pi Hole blocked” page, which is served by Lighttpd.



Back to posts


comments powered by Disqus