How I Supercharged My Pi-hole Setup with Nginx Proxy Manager

#Pi-hole#Unbound#Nginx Proxy Manager#DNS Server#Raspberry Pi#Reverse Proxy#Network Security#Custom Domains#Docker#Home Server#Ad Blocking#Local DNS

pi-hole-nginx-setup

After setting up Pi-hole and Unbound as my own DNS server (check out the original post here for the full scoop on that), I couldn’t help but think, “What else can I add to make this setup even better?” Enter Nginx Proxy Manager! With this addition, I can now create custom, friendly URLs for all the services running on my Raspberry Pi, all accessible in one place and wrapped in a secure HTTPS connection.

This guide takes you through every step of adding Nginx Proxy Manager to your Pi-hole and Unbound setup. Don’t worry—adding Nginx Proxy Manager won’t mess with Pi-hole’s powerful DNS-blocking capabilities. It just gives us a sleek way to access different services without hassle, making the Pi-hole-powered home network more polished and professional. Ready to level up your Pi-hole game? Let’s dive in!

Step 1: Pi-hole and Unbound Installation Recap

Before diving into Nginx Proxy Manager, let’s recap the core DNS setup. Here’s what we already have in place:

  • Pi-hole serves as the primary DNS server, filtering out ads and handling DNS queries across the network.
  • Unbound is our recursive DNS resolver, working alongside Pi-hole to provide DNS lookups without relying on third-party DNS servers.

The default setup has the Pi-hole web interface running on port 80, but since Nginx Proxy Manager will use that port, we’ll need to adjust it.

If you haven’t set up Pi-hole and Unbound yet, I recommend following this setup guide first to get your Raspberry Pi ready to go.

Step 2: Install Nginx Proxy Manager Using Docker

Now, let’s bring Nginx Proxy Manager (NPM) into the mix. NPM will be our reverse proxy, allowing us to manage custom hostnames and secure access to services on the Pi with SSL—all through a slick web interface.

  1. Install Docker: First, if Docker isn’t already installed on your Raspberry Pi, let’s get it set up.

    curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $USER

  2. Create a Directory for Nginx Proxy Manager: Next, make a directory for Nginx Proxy Manager’s configuration files.

    mkdir ~/nginx-proxy-manager
cd ~/nginx-proxy-manager

  3. Set Up Docker Compose File: In this directory, create a docker-compose.yml file for Nginx Proxy Manager:

    version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      - '80:80'    # HTTP port
      - '81:81'    # Admin interface port
      - '443:443'  # HTTPS port
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

  4. Start Nginx Proxy Manager: With the Docker Compose file in place, start up Nginx Proxy Manager:

    docker compose up -d

  5. Access the Nginx Proxy Manager Web Interface: Nginx Proxy Manager is now running! Access the admin interface at http://192.168.1.99:81 (substitute 192.168.1.99 with your Pi’s IP address) and log in with the default credentials:

    • Email: admin@example.com
    • Password: changeme

    Be sure to update your password after logging in for security.

Step 3: Change Pi-hole’s Web Interface Port to Avoid Conflicts

Since Nginx Proxy Manager is using ports 80 and 443, we need to move Pi-hole’s web interface to a different port to avoid conflicts. Don’t worry—this will not impact Pi-hole’s DNS functionality, which operates on port 53 independently of the web interface.

  1. Modify Pi-hole’s Lighttpd Configuration: Open Pi-hole’s Lighttpd configuration file:

    sudo nano /etc/lighttpd/lighttpd.conf

    Change the line that specifies the server port from 80 to 8081:

    server.port = 8081

  2. Restart Lighttpd: Save and close the file, then restart Lighttpd to apply the change:

    sudo systemctl restart lighttpd

  3. New Access URL for Pi-hole: Now, the Pi-hole web interface is available at http://192.168.1.99:8081/admin.

Step 4: Configure Nginx Proxy Manager to Proxy Pi-hole and Other Services

With Nginx Proxy Manager running, we can now set up custom hostnames to access Pi-hole and any other services on the Raspberry Pi.

  1. Add a Proxy Host for Pi-hole:

    • In the Nginx Proxy Manager interface, go to Proxy Hosts > Add Proxy Host.
    • Domain Names: Enter a custom domain for Pi-hole, like pihole.yourdomain.com.
    • Scheme: Select http.
    • Forward Hostname / IP: Enter 127.0.0.1 (assuming Pi-hole is on the same Raspberry Pi as Nginx Proxy Manager).
    • Forward Port: Enter 8081 (the port we just set for Pi-hole’s web interface).
    • Websockets Support: You can enable this if needed, although Pi-hole doesn’t require it.

  2. Enable SSL for Pi-hole:

    • Go to the SSL tab in the proxy host configuration.
    • Select Request a new SSL Certificate and enable Force SSL to ensure all traffic to Pi-hole is secure.
    • Agree to the Let’s Encrypt terms, then click Save.
    • Now you can securely access Pi-hole’s web interface at https://pihole.yourdomain.com/admin.

  3. Add Other Services: You can repeat these steps for any other applications you want to access through custom hostnames on your Raspberry Pi. Each service can have its own hostname, SSL, and unique forwarding port.

Step 5: Set Up Local DNS Records in Pi-hole for Custom Hostnames

Since Pi-hole is the DNS server for your network, you’ll need to add local DNS records for each custom hostname. This ensures that devices on your network can resolve these names to the Raspberry Pi’s IP address.

  1. Access Pi-hole’s Local DNS Settings: In the Pi-hole admin interface (http://192.168.1.99:8081/admin), go to Local DNS > DNS Records.

  2. Add DNS Entries for Each Hostname: For each custom hostname you set up in Nginx Proxy Manager (e.g., pihole.yourdomain.com or app1.yourdomain.com), add an entry:

    • Domain: Enter the full domain name, like pihole.yourdomain.com.
    • IP Address: Enter 192.168.1.99 (the Raspberry Pi’s IP address).
    • Save each DNS entry.

This configuration ensures that requests for pihole.yourdomain.com (and other custom hostnames) will be resolved to the Raspberry Pi, allowing Nginx Proxy Manager to route them to the correct service.

Testing and Verification

With everything set up, it’s time to test it out:

  • Access Pi-hole: Open https://pihole.yourdomain.com/admin in your browser. You should be able to see the Pi-hole admin interface secured by SSL.
  • Access Other Services: Test other custom hostnames you configured in Nginx Proxy Manager to confirm they’re working as expected.

Summary: Pi-hole Still Rocks as a DNS Server!

Adding Nginx Proxy Manager to this setup has streamlined access to Pi-hole and other services on my Raspberry Pi, but it doesn’t affect Pi-hole’s core role as a DNS server. Here’s what remains unchanged:

  • DNS Service: Pi-hole still filters DNS requests on port 53, blocking ads and handling domain resolution across the network.
  • Web Interface: We only changed the web interface port for Pi-hole (to 8081) to avoid conflicts with Nginx Proxy Manager. This doesn’t impact Pi-hole’s DNS capabilities.

With Nginx Proxy Manager, I’ve added a user-friendly, secure way to manage multiple services, all while keeping Pi-hole’s powerful DNS filtering intact. Now I can enjoy easy, hostname-based access to my Raspberry Pi’s services without the fuss of remembering ports or IPs. It’s a small change with a big payoff—definitely worth the effort!