# pihole Setup ![](0.png) ## **Initial Setup** ![]() [ nowhere.yt ] [ /dev/pts/1 ] [~] → sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate [ nowhere.yt ] [ /dev/pts/1 ] [~] → curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash [ nowhere.yt ] [ /dev/pts/1 ] [~] → sudo pihole -a -p Enter New Password (Blank for no password): Confirm Password: [✓] New password set To forcefully block domains via regex you can do the following: ![](1.png) ![](2.png) [ nowhere.yt ] [ /dev/pts/1 ] [~] → pihole -up [✓] Update local cache of available packages [i] Existing PHP installation detected : PHP version 7.4.28 [✓] Checking for git [✓] Checking for iproute2 [✓] Checking for whiptail [✓] Checking for ca-certificates [i] Checking for updates... [i] Pi-hole Core: up to date [i] Web Interface: up to date [i] FTL: up to date [✓] Everything is up to date! Now if we want to have a https interface we do the following; ![]() [ nowhere.yt ] [ /dev/pts/2 ] [~] → systemctl disable lighttpd.service --now [ nowhere.yt ] [ /dev/pts/2 ] [~] → apt install nginx php7.4-{fpm,cgi,xml,sqlite3,intl} apache2-utils socat -y [ nowhere.yt ] [ /dev/pts/2 ] [~] → systemctl enable nginx php7.4-fpm --now [ nowhere.yt ] [ /dev/pts/2 ] [~] → vim /etc/nginx/sites-available/default server { listen 80; listen [::]:80; server_name ns1.void.yt; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ns1.void.yt; ssl_certificate /root/.acme.sh/ns1.void.yt/fullchain.cer; ssl_trusted_certificate /root/.acme.sh/ns1.void.yt/ns1.void.yt.cer; ssl_certificate_key /root/.acme.sh/ns1.void.yt/ns1.void.yt.key; ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_ecdh_curve auto; ssl_stapling on; ssl_stapling_verify on; resolver 80.67.188.188 80.67.169.40 valid=300s; resolver_timeout 10s; add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking add_header X-Content-Type-Options nosniff; #MIME-type sniffing add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; root /var/www/html; server_name _; autoindex off; index pihole/index.php index.php index.html index.htm; location / { expires max; try_files $uri $uri/ =404; } location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_param FQDN true; auth_basic "Restricted"; # For Basic Auth auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth } location /*.js { index pihole/index.js; auth_basic "Restricted"; # For Basic Auth auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth } location /admin { root /var/www/html; index index.php index.html index.htm; auth_basic "Restricted"; # For Basic Auth auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth } location ~ /\.ht { deny all; } } :wq [ nowhere.yt ] [ /dev/pts/2 ] [~] → nginx -t nginx: [emerg] cannot load certificate "/root/.acme.sh/ns1.void.yt/fullchain.cer": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/root/.acme.sh/ns1.void.yt/fullchain.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed [ nowhere.yt ] [ /dev/pts/2 ] [~] → wget -O - https://get.acme.sh | sh [ nowhere.yt ] [ /dev/pts/2 ] [~] → zsh [ nowhere.yt ] [ /dev/pts/2 ] [~] → acme.sh --set-default-ca --server letsencrypt [Sun 03 Apr 2022 09:05:46 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory [ ns2.void.yt ] [ /dev/pts/0 ] [~] → systemctl stop nginx [ nowhere.yt ] [ /dev/pts/2 ] [~] → acme.sh --issue --standalone -d ns1.void.yt -k 4096 [ nowhere.yt ] [ /dev/pts/2 ] [~] → nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [ nowhere.yt ] [ /dev/pts/2 ] [~] → systemctl start nginx [ nowhere.yt ] [ /dev/pts/2 ] [~] → htpasswd -c /etc/nginx/.htpasswd nothing New password: Re-type new password: Adding password for user nothing then we make pihole update automatically every day via cronjob and test it: [ ns2.void.yt ] [ /dev/pts/0 ] [~] → crontab -e 0 0 * * * /usr/local/bin/pihole -up 0 0 * * * /usr/local/bin/pihole -g :wq [ ns2.void.yt ] [ /dev/pts/0 ] [~] → wget https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz -q [ ns2.void.yt ] [ /dev/pts/0 ] [~] → sudo tar xvf linux_amd64.tar.gz -C /usr/bin/ cronitor [ ns2.void.yt ] [ /dev/pts/0 ] [~] → sudo cronitor configure --api-key 1234567890 Configuration File: /etc/cronitor/cronitor.json Version: 28.8 API Key: 1234567890 Ping API Key: Not Set Environment: Not Set Hostname: ns2 Timezone Location: {Etc/UTC} Debug Log: Off [ ns2.void.yt ] [ /dev/pts/0 ] [~] → cronitor select ✔ /usr/local/bin/pihole -up ----► Running command: /usr/local/bin/pihole -up [✓] Update local cache of available packages [i] Existing PHP installation detected : PHP version 7.4.28 [✓] Checking for git [✓] Checking for iproute2 [✓] Checking for whiptail [✓] Checking for ca-certificates [i] Checking for updates... [i] Pi-hole Core: up to date [i] Web Interface: up to date [i] FTL: up to date [✓] Everything is up to date! ----► ✔ Command successful Elapsed time 3.345s If you want to host a public pihole, then you need to tick the following option: ![](3.png)