Bonsoir à tous,
J’ai monté un pihole avec un ami et tout fonctionnait. N’ayant pas fait de sauvegarde, nous avons sans faire exprès (car nous voulions monter un nextcloud).
J’ai eu des soucis avec le dpkg (j’ai réinitialisé le sources.list) et le problème était résolu.
Aujourd’hui, j’ai mon certificat letsencrypt qui fonctionne mais j’ai une erreur 403 Forbidden quand je lance la page web.
J’ai fait une redirection http =>> https dans le lighttpd.conf
résultat du lighttpd :
# sudo service lighttpd status -l
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-05-25 21:33:50 CEST; 10min ago
Process: 10636 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
Main PID: 10647 (lighttpd)
CGroup: /system.slice/lighttpd.service
└─10647 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
mai 25 21:33:50 black-pearl systemd[1]: Starting Lighttpd Daemon…
mai 25 21:33:50 black-pearl systemd[1]: Started Lighttpd Daemon.
puis error.log
# cat /var/log/lighttpd/error.log
2019-05-24 06:25:02: (server.c.1534) logfiles cycled UID = 0 PID = 5463
2019-05-24 22:27:44: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-24 22:27:45: (log.c.217) server started
2019-05-24 22:35:33: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-24 22:35:33: (log.c.217) server started
2019-05-24 22:38:52: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-24 22:38:52: (log.c.217) server started
2019-05-24 22:41:06: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-24 22:41:06: (log.c.217) server started
2019-05-25 06:25:02: (server.c.1534) logfiles cycled UID = 0 PID = 28907
2019-05-25 20:39:42: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 20:39:43: (log.c.217) server started
2019-05-25 20:44:06: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 20:48:34: (log.c.217) server started
2019-05-25 20:53:55: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 20:53:55: (log.c.217) server started
2019-05-25 20:56:18: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 20:56:19: (log.c.217) server started
2019-05-25 21:23:39: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 21:23:39: (log.c.217) server started
2019-05-25 21:33:50: (server.c.1828) server stopped by UID = 0 PID = 1
2019-05-25 21:33:50: (log.c.217) server started
pihole-FTL.log
# tail -n 20 /var/log/pihole-FTL.log
[2019-05-25 21:33:52.157 10723] Database successfully initialized
[2019-05-25 21:33:52.158 10723] New forward server: 208.67.220.220 (0/4096)
[2019-05-25 21:33:52.159 10723] New forward server: 208.67.222.222 (1/4096)
[2019-05-25 21:33:52.163 10723] Imported 952 queries from the long-term database
[2019-05-25 21:33:52.163 10723] -> Total DNS queries: 952
[2019-05-25 21:33:52.164 10723] -> Cached DNS queries: 326
[2019-05-25 21:33:52.164 10723] -> Forwarded DNS queries: 615
[2019-05-25 21:33:52.164 10723] -> Exactly blocked DNS queries: 11
[2019-05-25 21:33:52.164 10723] -> Unknown DNS queries: 0
[2019-05-25 21:33:52.164 10723] -> Unique domains: 81
[2019-05-25 21:33:52.164 10723] -> Unique clients: 9
[2019-05-25 21:33:52.164 10723] -> Known forward destinations: 2
[2019-05-25 21:33:52.164 10723] Successfully accessed setupVars.conf
[2019-05-25 21:33:52.170 10725] PID of FTL process: 10725
[2019-05-25 21:33:52.170 10725] Listening on port 4711 for incoming IPv4 telnet connections
[2019-05-25 21:33:52.171 10725] Listening on port 4711 for incoming IPv6 telnet connections
[2019-05-25 21:33:52.171 10725] Listening on Unix socket
[2019-05-25 21:33:52.173 10725] Compiled 7 Regex filters and 36 whitelisted domains in 0.9 msec (0 errors)
[2019-05-25 21:33:52.175 10725] /etc/pihole/black.list: parsed 416 domains (took 1.4 ms)
[2019-05-25 21:34:26.397 10725] /etc/pihole/gravity.list: parsed 4782373 domains (took 34220.8 ms)
# curl -I https://pihole.befindit.com/admin/ (qui est mon nom de domaine)
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 345
Date: Sat, 25 May 2019 19:47:53 GMT
Server: lighttpd/1.4.45
lighttpd.conf :
# Pi-hole: A black hole for Internet advertisements
# © 2017 Pi-hole, LLC ([https://pi-hole.net](https://pi-hole.net/))
# Network-wide ad blocking via your own hardware.
# Lighttpd config for Pi-hole
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:
# /etc/lighttpd/external.conf
###############################################################################
server.modules = (
"mod_access",
"mod_accesslog",
"mod_auth",
"mod_expire",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
)
server.document-root = "/var/www/html"
server.error-handler-404 = "pihole/index.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
# Prevent Lighttpd from enabling Let’s Encrypt SSL for every blocked domain
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf’ -a ! -name 'letsencrypt.conf’ -printf 'include "%p"\n’ 2>/dev/null"
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
# Create a response header for debugging using curl -I
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
$HTTP["url"] =~ ".ttf$" {
# Allow Block Page access to local fonts
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}
}
# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/.(.*)" {
url.access-deny = ("")
}
# Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null"
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.engine = "enable"
ssl.use-sslv2 = "enable"
ssl.ca-file = "/etc/letsencrypt/live/pihole.befindit.com/chain.pem"
ssl.pemfile = "/etc/letsencrypt/live/pihole.befindit.com/combined.pem"
}
$HTTP["scheme"] == "http" {
# capture vhost name with regex conditiona -> %0 in redirect pattern
# must be the most inner block to the redirect rule
$HTTP["host"] =~ ". <em>" {
url.redirect = (".</em> " => "https://%0$0")
}
}