Rafael Cavalcanti

Linux enthusiast and human being.

github email
Web server and Pi Hole - a how-to
Jul 19, 2018
4 minutes read

On the previous post, we talked about how I set up a web server alongside Pi Hole. On this one, I will guide you step by step on how to do it on Raspbian Stretch.

Step 1 – Set the secondary IP

If you configured the Pi Hole properly, your Pi should already have a static IP. On this step, we’ll give it another static IP, the one that will be used by your web apps.

To do this, on Raspbian Stretch we’ll edit /etc/network/interfaces.

(You could also place a new file under /etc/network/interfaces.d/, but for the sake of a simpler explanation we’ll do the former.)

Before we start, I don’t know if I need to remember you, and I think I don’t, but I will. Please make a copy of the original file before editing it. Also, be careful if doing this remotely, since we are editing the network configuration and a mistake could make you lose your connection to the Pi.

Alright, having said that, one approach is to have something like this:

# /etc/network/interfaces

auto wlan0
allow-hotplug eth0
iface wlan0 inet static

iface wlan0 inet static

Each iface block sets one of the static IPs. On this example, is the IP we already had and is the new one we pick. Be sure to choose an address no other device is using on your network.

The interface we are configuring in this example is wlan0. If your Pi is connected by Ethernet, change it for eth0.

We also set the DNS for, so the Pi uses the Pi Hole to resolve the names he needs. The gateway and the netmask should be set accordingly to your network.

Needless to say, don’t just copy and paste this example configuration. When you first open the file, it’ll probably have the first iface block already set for your needs. Just paste the second one, changing the needed values.

Pro-tip: be sure not to add a second gateway line, or you encounter an error.

OK, have you done the proper configuration, restart your network (or reboot your system):

$ sudo systemctl restart network

Your Pi now have two IPs. Let’s check it.

$ ip a

If all went well, you’ll see both IPs in two lines starting with inet. For our example:

inet brd scope global wlan0
   valid_lft forever preferred_lft forever
inet brd scope global secondary wlan0
   valid_lft forever preferred_lft forever

These instructions are based on the Debian Wiki. If you are stuck, please refer to it.

Step 2 - Bind Lighttpd to the primary IP

Now we’re going to make Lighttpd bind only to the primary IP. This step is much more straight-forward.

To achieve it, we used to edit /etc/lighttpd/lighttpd.conf. This had the inconvenience that whenever Pi Hole updated, the file would be overwritten and all the changes lost. So every month or so, we would have to revert the relevant lines.

However, since Pi Hole 4.2.2 this problem is gone. Now, Lighttpd config sources a separate file, allowing us to permanently store our modifications in it.

This file is /etc/lighttpd/external.conf. So just open it and add this line, replacing by your Pi’s primary IP:

server.bind = ""

If for whatever reason you are using an older version of Pi Hole, simply add that line to lighttpd.conf.

Let’s restart Lighttpd:

$ sudo systemctl restart lighttpd

Now the Pi Hole admin console should only be available on your primary IP.

Step 3 - Bind your web server to the secondary IP

Finally, we need to make your web server bind only to the secondary IP. How to do this, obviously, depends on which web server you pick and your specific configuration.

However, the procedure is analogous to what we did on step 2. Edit the configuration of the chosen server and bind it to your Pi’s secondary IP.

For example, on Nginx, you do it using the listen directive.


After making the needed modifications, start the web server and everything should work as we wanted.

But what if I want Pi Hole to use the secondary IP?

If, for whatever reason, you want your web apps to use the primary address and Pi Hole the secondary, the procedure is similar, with the added step of reconfiguring Pi Hole.

First, follow the guide normally, but binding Lighttpd to the secondary IP and your web server to the primary.

Then, reconfigure Pi Hole to point it to the new IP. Run:

$ pihole -r

And give it the secondary IP.

This step is necessary because Pi Hole resolves the blocked domains to that IP. That’s how you get the “Pi Hole blocked” page, which is served by Lighttpd.

(Updated on 2019/03/01.)

Back to posts

comments powered by Disqus