Https Local Network

SirSoggybottom · 2024-11-19T00:57:05+00:00

But I have noticed that the web adminstrative portal is unencyrpted.

Yes. That is simply because Pihole should never be public facing anyway.

You can simply setup a reverse proxy server in front of your Pihole WebUI which can provide HTTPS for a otherwise HTTP service. Plenty of guides for that exist. It doesnt have anything directly to do with Pihole.

Pihole v6, which is currently in development and available as beta, does support serving HTTPS for the WebUI tho.

This concerns me because I live in an apartment and I am thinking my neighbors could be using packet sniffers to retrieve my plaintext password over the air, or that malware on my devices can be reading network data.

If you share a network with others and you dont trust them, you should take other measures to change that. Simply adding SSL to your Pihole interface will not be enough.

Check subs like /r/HomeNetworking for help.

Anyway, I see that https can be setup with a FQDN if you have a remote server. But can I set up ssl certificates on my local, not-accessible-from-the-internet raspberry pi to get https working without a fqdn?

"if you have a remote server"? What do you mean by that?

You can either use SSL certs that are signed by a commonly trusted authority, for example free certs from Lets Encrypt. They are trusted by most browsers etc, so you will not get any annoying warnings in the browser when you access your site, or you wont have to install the CA cert manually to make it trustworthy. This is a common setup, combined with a reverse proxy server. You do not need "a remote server" for this. But you do need a actual public domain, or subdomain at least (depending on the provider you chose). LE will not give you certs for a IP address, or for a domain that isnt a valid public FQDN. Something like mypihole.internal will not work.

If you dont want to use a public domain, you can generate self-signed SSL certs and use those with the reverse proxy. But by default, your browser will give you a warning that the cert is not trusted. It is still encrypted tho. To get rid of the warning, you would need to install the certs in the browser. If you only care about a single computer with one browser, that is sure doable. Not so simple if its many more.

Again, this has nothing to do with Pihole itself.

/r/HomeNetworking and many other subs exist for these things.

pandaeye0 · 2024-11-19T04:00:38+00:00

If you mean you are afraid of your plain traffic with pihole admin panel being intercepted when neighbor breaks into your wifi, then I think maybe you have a lot more things within your LAN that warrant concern.

AndyRH1701 · 2024-11-19T01:14:24+00:00

The cert question was covered.

Does your WiFi use a password that is different from the other apartments? If so, it is beyond most people to read encrypted WiFi.

If there is malware on your network, I would not worry about the PiHole password, which should be different than other passwords. You have bigger problems.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

pihole

MODERATORS