Pi-hole SSL Auto Assinado

Acesse Local DNS > DNS Records

$ sudo mkdir /etc/lighttpd/ssl

$ sudo su

# cd /etc/ssl

# sudo openssl genrsa -aes256 -out pi.hole.local.domain.key 4096

Enter PEM pass phrase: Insira um password

# sudo openssl rsa -in pi.hole.local.domain.key -out pi.hole.local.domain.key

Enter pass phrase for filter.local.matrix.key: Insira o password

# sudo openssl req -new -key pi.hole.local.domain.key -out pi.hole.local.domain.csr

....

Common Name (e.g. server FQDN or YOUR name) []: pi.hole.local.domain

# sudo openssl x509 -days 3650 -in pi.hole.local.domain.csr -out pi.hole.local.domain.crt -req -signkey pi.hole.local.domain.key

# cat pi.hole.local.domain.key pi.hole.local.domain.crt > pi.hole.local.domain.pem

# chmod 400 pi.hole.local.domain.pem

# mv pi.hole.local.domain.pem /etc/lighttpd/ssl

# chown www-data -R /etc/lighttpd/ssl

# Ctrl+d

Enable SSL

# apt install lighttpd-mod-openssl

$ sudo vi /etc/lighttpd/conf-enabled/20-pihole-external.conf

$ vi /etc/lighttpd/external.conf

server.errorlog := "/var/log/lighttpd/20-error-pihole.log"

server.modules += ( "mod_openssl" )

# Ensure the Pi-hole Block Page knows that this is not a blocked domain

#setenv.add-environment = ("fqdn" => "true")

# Enable the SSL engine with self-signed certificate, only for this specific host

$SERVER["socket"] == ":443" {

ssl.engine = "enable"

ssl.pemfile = "/etc/ssl/pi.hole.local.domain.pem"

ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3", "Options" => "-ServerPreference")

}

# Redirect HTTP to HTTPS

$HTTP["scheme"] == "http" {

$HTTP["host"] =~ ".*" {

url.redirect = (".*" => "https://%0$0")

}

url.redirect = ("^/$" => "/admin" )

$ sudo ln -s /etc/lighttpd/conf-available/20-pihole-external.conf /etc/lighttpd/conf-enabled/20-pihole-external.conf

# sudo systemctl restart lighttpd.service

Agora é possível testar e validar que o site é redirecionado para https acesse http://pi.hole ou http://pi.hole.local.domain e será redirecionado para a pagina com serviço SSL.

AVALIAR

sudo apt-get reinstall lighttpd-mod-openssl

cd /etc/lighttpd/certs

openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 999 -nodes

chmod 400 lighttpd.pem

sudo nano /etc/lighttpd/external.conf

$SERVER["socket"] == ":443" {

ssl.engine = "enable"

ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"

}

$HTTP["scheme"] == "http" {

$HTTP["host"] =~ ".*" {

url.redirect = (".*" => "https://%0$0")

}

sudo service lighttpd restart

Page updated

Google Sites

Report abuse