Nginx Proxy Manager with Pi-hole v6
Prerequisites
Before starting, ensure you have:
- Pi-hole v6 running in an LXC, VM, or Docker container
- A working Nginx Proxy Manager installation
- An active DuckDNS account and domain
Step 1: Upload Your SSL Certificates
1. Log in to Nginx Proxy Manager
- Open the Nginx Proxy Manager UI and click the SSL Certificates tab
- Click on the three dots on the right to download your DuckDNS SSL certificates
Nginx Proxy Manager dashboard
Downloading certificates from DuckDNS is a quick process—ensure your internet connection is stable
2. Upload DuckDNS SSL Certificates
if your machine (VM, server, LXC, etc.) has a configured files share folder using protocols like Samba, NFS, or others, you can leverage this feature to easily transfer the downloaded certificates from your laptop to the target system
A network share simplifies file transfers and reduces manual copy errors
3. Edit SSL Certificates for Pi-hole Use
Access the command line on your Pi-hole instance and combine the downloaded certificates:
sudo cat /path/to/certificates/fullchain.pem /path/to/certificates/privkey.pem > /etc/pihole/server.pem
Ensure the file paths are correct to avoid misconfigurations
Step 2: Edit Pi-hole configuration:
Update pihole.toml
- Open the configuration file:
sudo nano /etc/pihole/pihole.toml
- replace domain = pi.hole with your DuckDns domain, for example:
domain = "pihole.example.duckdns.org"
- replace cert=/etc/pihole/tls.pem with:
cert = "/etc/pihole/server.pem" ### CHANGED, default = "/etc/pihole/tls.pem"
- Restart the DNS service:
sudo pihole restartdns
Double-check your modifications in pihole.toml before restarting to prevent service interruptions
Step 3: Configure Nginx Proxy Manager:
Enable the Pi-hole Proxy Host
From the NPM web UI, navigate to the Hosts menu, select Proxy Hosts, and click Add Proxy Host:
Details Section:
- Domain names: pihole.example.duckdns.org
- Scheme: http
- Forward Hostname / IP: Use the IP address of your Pi-hole instance
- Forward Port: Input the port where Pi-hole is running (typically 80 or your custom port) SSL Section:
- Point to your DuckDNS certificate files
- Check all recommended options, such as “Block Common Exploits”
Advanced Section:
To ensure proper redirection to the login page, add the following snippet:
location / {
proxy_pass http://PiHole-IP:80/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}
location /admin {
proxy_pass http://PiHole-IP:80/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}
Incorrect proxy settings may prevent access to the Pi-hole admin page. Verify each parameter
Final Thoughts:
Following these steps will help you create a streamlined and secure setup that integrates DuckDNS, Pi-hole v6, and Nginx Proxy Manager. This organized approach minimizes potential configuration errors.
Remember to verify each step as you go. If you encounter any issues, re-check file paths and service statuses for a quick fix. Enjoy your secure and efficient network setup!