Add https to Pi-hole with caddy
We’re huge fans of Pi-hole – mainly for it’s blocking of trackers. I previously published a guide on installing a LetsEncrypt certificate to the standard Lighttpd server to enable access over https. For our use, I’ve now replaced this with the wonderful Caddy server and would recommend this method.
For this guide, I’ll assume you have a standard, running, install of Pi-Hole on CentOS 7 or 8.
Edit Lighttpd Configuration
Open up the configuration in your favourite editor (nano for me):
[user@server ~] sudo nano /etc/lighttpd/lighttpd.confFind the following line:
server.port = 80And alter the port number to 1080
server.port = 1080CTRL+O to save, and CTRL+X to exit.
Restart Lighttpd server:
[user@server ~] sudo systemctl restart lighttpd
Install Caddy
The version of caddy on EPEL is quite old, so we’ll download the binary from the caddy website.
[user@server ~] curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.1.1/caddy_2.1.1_linux_amd64.tar.gz"
Decompress the file
[user@server ~] tar xpf caddy_2.1.1_linux_amd64.tar.gz
Move the file:
[user@server ~] sudo mv caddy /usr/bin/
Test it’s correctly installed:
[user@server ~] caddy version
Add a user and group for caddy:
[user@server ~] sudo groupadd --system caddy [user@server ~] sudo useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy
Configure Caddy
Create a system config:
[user@server ~] sudo nano /etc/systemd/system/caddy.serviceand add the contents of this file: https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service
CTRL+O to save, and CTRL+X to exit.
Now we need to create our Caddyfile
[user@server ~] sudo nano /etc/caddy/CaddyfileChange the domain name to what you have set up to point to your pi-hole and remove the # from the reverse proxy line, altering it so that it reads:
reverse_proxy localhost:1080CTRL+O to save, and CTRL+X to exit.
Set Caddy to load at reboot and start it up:
[user@server ~] sudo systemctl daemon-reload [user@server ~] sudo systemctl enable caddy [user@server ~] sudo systemctl start caddy
You should now be able to access your pi-hole over https – caddy automatically installs a LetsEncrypt certificate and renews it when required.
Recent Posts
Recent Comments
- Aghasi Martirosyan on Create a Swap file on CentOS 7
- Seth on Add LetsEncrypt SSL certificate to Pi-hole
- Phil on Add LetsEncrypt SSL certificate to Pi-hole
- Dave on Add LetsEncrypt SSL certificate to Pi-hole
- john on Create a Swap file on CentOS 7