1

I'm trying to run Moode and PiHole on a Raspberry Pi (4 & 3B+) in my local network. Moode is running fine and I can access it via moode.local in my home network. Trying to access the pihole site via moode.local:8080 always results in *[error] 20680#20680: 46 directory index of "/var/www/html/" is forbidden, client: 2a0a:a549:e319:0:79a5:98fb:538:2c6f, server: _, request: "GET / HTTP/1.1", host: "moode.local:8080".

Can someone please tell me what I'm doing wrong?

default.conf

##
# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

}

pihole.conf

server {
   listen 8080 default_server;
   listen [::]:8080 default_server;

   root /var/www/html;
   server_name _;
   autoindex off;
   error_page 404 /pihole/index.php;

   index index.php index.html index.htm;

   location / {
       expires max;
       try_files $uri $uri/ =404;
   }

   location ~ \.php$ {
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_param FQDN true;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location /*.js {
       index index.js;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location /admin {
       root /var/www/html;
       index index.php index.html index.htm;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location ~ /\.ht {
       deny all;
   }
}

I set the permissions:

sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
sudo usermod -aG pihole www-data

I tried to set up a subdomain with similar results.

Thomas
  • 41
  • 3

1 Answers1

1

I think I found my mistake:

The automatic installation for PiHole didn't install the index.php in the subdirectory of /var/www/html/pihole. After copying it from another installation and modifying the lines root, index and index in location /.js* I am able to access PiHole now.

Maybe this helps someone else. Here is the modified

pihole.conf

server {
   listen 8080 default_server;
   listen [::]:8080 default_server;

   root /var/www/html;
   server_name _;
   autoindex off;
   error_page 404 /pihole/index.php;

   index pihole/index.php index.html index.htm;

   location / {
       expires max;
       try_files $uri $uri/ =404;
   }

   location ~ \.php$ {
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_param FQDN true;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location /*.js {
       index pihole/index.js;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location /admin {
       root /var/www/html;
       index index.php index.html index.htm;
#        auth_basic "Restricted"; # For Basic Auth
#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
   }

   location ~ /\.ht {
       deny all;
   }
}

And in case someone is looking for the mentioned

index.php

<?php
/* Pi-hole: A black hole for Internet advertisements
*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
*  Network-wide ad blocking via your own hardware.
*
*  This file is copyright under the latest version of the EUPL.
*  Please see LICENSE file for your rights under this license. */

// Sanitize SERVER_NAME output
$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
// Remove external ipv6 brackets if any
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);

// Set landing page location, found within /var/www/html/
$landPage = "../landing.php";

// Define array for hostnames to be accepted as self address for splash page
$authorizedHosts = [ "localhost" ];
if (!empty($_SERVER["FQDN"])) {
    // If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
    // append $serverName to $authorizedHosts
    array_push($authorizedHosts, $serverName);
} else if (!empty($_SERVER["VIRTUAL_HOST"])) {
    // Append virtual hostname to $authorizedHosts
    array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
}

// Determine block page type
if ($serverName === "pi.hole"
    || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
    // Redirect to Web Interface
    header("Location: /admin");
    exit();
} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
    // When directly browsing via IP or authorized hostname
    // Render splash/landing page based off presence of $landPage file
    // Unset variables so as to not be included in $landPage or $splashPage
    unset($authorizedHosts);
    // If $landPage file is present
    if (is_file(getcwd()."/$landPage")) {
        unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
        include $landPage;
        exit();
    }
    // If $landPage file was not present, Set Splash Page output
    $splashPage = <<<EOT
    <!doctype html>
    <html lang='en'>
        <head>
            <meta charset='utf-8'>
            <meta name='viewport' content='width=device-width, initial-scale=1'>
            <title>● $serverName</title>
            <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
            <style>
                html, body { height: 100% }
                body { margin: 0; font: 13pt "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; }
                body { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
                p { margin: 0; }
                a { color: #3c8dbc; text-decoration: none; }
                a:hover { color: #72afda; text-decoration: underline; }
                #splashpage { display: flex; align-items: center; justify-content: center; }
                #splashpage img { margin: 5px; width: 256px; }
                #splashpage b { color: inherit; }
            </style>
        </head>
        <body id='splashpage'>
            <div>
            <img src='/admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
            <br>
            <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
            <a href='/admin'>Did you mean to go to the admin panel?</a>
            </div>
        </body>
    </html>
EOT;
    exit($splashPage);
}

header("HTTP/1.1 404 Not Found");
exit();
?>
Thomas
  • 41
  • 3