If you search the Internet you will find lots of ways to use HTTPS in Pihole, but most of them are incomplete and will not work or will break after an Pihole update.
So here is an easy way that will resist Pihole updates and works 100%.
First make sure that the openssl mod is installed, in standard Pihole installs it is missing:
sudo apt-get reinstall lighttpd-mod-openssl
SSL Certificate (self signed)
cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 999 -nodes
chmod 400 lighttpd.pem
Edit /etc/lighttpd/external.conf and add:
sudo nano /etc/lighttpd/external.conf
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}
Do NOT edit the /etc/lighttpd/lighttpd.conf it will be overwritten by Pihole updates !!!
sudo service lighttpd restart
If you want Pihole HTTPS ONLY, just add:
sudo nano /etc/lighttpd/external.conf
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
That will redirect HTTP to HTTPS.
Et voila…thats it, have fun !!!
Hello Ingo, thank you for your instruction. But I think there is a problem with directory of the file external.conf.
When you look in the file „/etc/lighttpd/lighttpd.conf“ there is a line with „include „/etc/lighttpd/conf-enabled/*.conf“. That means you have to put the file external.conf in the directory „/etc/lighttpd/conf-enabled“. Otherwise the file will not be used for the configuration.
You are 100 percent right, I must have made a mistake, thank you.