Add https to Pi-hole with caddy
We’re huge fans of Pi-hole – mainly for it’s blocking of trackers. I previously published a guide on installing a LetsEncrypt certificate to the standard Lighttpd server to enable access over https. For our use, I’ve now replaced this with the wonderful Caddy server and would recommend this method.
For this guide, I’ll assume you have a standard, running, install of Pi-Hole on CentOS 7 or 8.
Edit Lighttpd Configuration
Open up the configuration in your favourite editor (nano for me):
[user@server ~] sudo nano /etc/lighttpd/lighttpd.conf
Find the following line:
server.port = 80
And alter the port number to 1080
server.port = 1080
CTRL+O to save, and CTRL+X to exit.
Restart Lighttpd server:
[user@server ~] sudo systemctl restart lighttpd
Install Caddy
The version on EPEL is quite old, so we’ll download the binary from the caddy website.
[user@server ~] curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.1.1/caddy_2.1.1_linux_amd64.tar.gz"
Decompress the file
[user@server ~] tar xpf caddy_2.1.1_linux_amd64.tar.gz
Move the file:
[user@server ~] sudo mv caddy /usr/bin/
Test it’s correctly installed:
[user@server ~] caddy version
Add a user and group:
[user@server ~] sudo groupadd --system caddy [user@server ~] sudo useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy
Configuration
Create a system config:
[user@server ~] sudo nano /etc/systemd/system/caddy.service
and add the contents of this file: https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service
CTRL+O to save, and CTRL+X to exit.
Now we need to create our Caddyfile
[user@server ~] sudo mkdir /etc/caddy
[user@server ~] sudo nano /etc/caddy/Caddyfile
Enter the following (replacing with your own hostname):
hostname.ext
reverse_proxy localhost:1080
CTRL+O to save, and CTRL+X to exit.
Set Caddy to load at reboot and start it up:
[user@server ~] sudo systemctl daemon-reload [user@server ~] sudo systemctl enable caddy [user@server ~] sudo systemctl start caddy
You should now be able to access your pi-hole over https – caddy automatically installs a LetsEncrypt certificate and renews it when required.
Recent Posts
Recent Comments
- anonymous1024 on Pi-hole vs AdGuard Home
- Konrad on Add https to Pi-hole with caddy
- jolu on Add LetsEncrypt SSL certificate to Pi-hole
- Mike on Add https to Pi-hole with caddy
- Kamyar on Pi-hole vs AdGuard Home
6 Comments. Leave new
I was able to follow all the steps and everything seemed to work except the step where I checked the version of Caddy. When I type “caddy version”, I receive “cannot execute binary file: Exec format error”. Besides that, I was able to follow all the rest of the steps. The big problem is that nothing seems to have changed. On my local network, I still have to access pi-hole via an IP address, but now I have to tack on the port 1080. In my pi-hole, I have set my pi-hole host name to its local IP address in Local DNS –> DNS Records.
Any help would be appreciated.
Hi Daniel,
This guide is for CentOS – would I be correct in assuming you’re running Raspbidian on a Raspberry Pi?
I am getting an SSL error after setting up Caddy
ERR_SSL_PROTOCOL_ERROR
Hi, me too. How did you fix this?
Hi,
I’m a bit confused with this part where you need to put your hostame in Caddyfile.
I’m running Pi hole on aws and I’m not sure what should I put as hostname in the file.
Is it the fqdn that I use to access admin page or is it the hostname which can be extracted from server when you type hostname in terminal.
Thank you in advance.
You need to put there whatever domain name you want the certificate to be generated for – so based on what you wrote FQDN you use to access the admin page.