RasenChidoriSS

joined 1 year ago
 

GUI does not load behind reverse proxy

Hi all, recently spun up Pihole via Docker and it works great! ...Except when accessing behind a reverse proxy. All GUI resources fail to load with a 502 error. I use Nginx Proxy Manager to proxy to pihole.local.mydomain.com with the following configuration:

    location / {
      proxy_pass http://PiholeIP:PiholePort/admin/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_hide_header X-Frame-Options;
      proxy_set_header X-Frame-Options "SAMEORIGIN";
      proxy_read_timeout 90;
    }
    location /admin {
      proxy_pass http://PiholeIP:PiholePort/admin/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_hide_header X-Frame-Options;
      proxy_set_header X-Frame-Options "SAMEORIGIN";
      proxy_read_timeout 90;
    }

The website is accessible, but no GUI elements are available. Has anyone run into a similar issue? I've reviewed a number of threads so far, but most of the issues seem to be about accessing Pihole from behind a reverse proxy at all, not that the GUI fails to load once accessing it.

[–] [email protected] 1 points 1 year ago (1 children)

Thank you! This is the most appealing option to me right now. I’m having trouble understanding how all my internal traffic could be routed via my internal DNS though. NPM listens on both 80 and 443. Is the idea to have NPM listen on 443 and and my local DNS on 80, then I configure my router to use local DNS to route my traffic accordingly?

 

I've got Nginx Proxy Manager set up and it's working wonderfully. However, I have some services I want to be able to access via reverse proxy, so I have SSL and can use a hostname to direct me to a service, but I only want to be able to access them via VPN. My best idea to make this work is to configure access so that only connections from my local network can access certain proxy hosts. This gives all external traffic a 403 on connection attempt. Is this the best or only way to go about it? Short of additional services such as Authelia and Fail2Ban of course, but I wanted to know if I have the right idea.