Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- STEP 1
- certbot certonly --standalone --preferred-challenges http --agree-tos --email admin@subnet.web.id -d subnet.web.id
- STEP 2
- $HTTP["host"] == "subnet.web.id" {
- # Ensure the Pi-hole Block Page knows that this is not a blocked domain
- setenv.add-environment = ("fqdn" => "true")
- # Enable the SSL engine with a LE cert, only for this specific host
- $SERVER["socket"] == ":443" {
- ssl.engine = "enable"
- ssl.pemfile = "/etc/letsencrypt/live/subnet.web.id/fullchain.pem"
- ssl.privkey = "/etc/letsencrypt/live/subnet.web.id/privkey.pem"
- ssl.cipher-list = "HIGH"
- }
- # Redirect HTTP to HTTPS
- $HTTP["scheme"] == "http" {
- $HTTP["host"] =~ ".*" {
- url.redirect = (".*" => "https://%0$0")
- }
- }
- }
- STEP 3
- apt install lighttpd-mod-openssl
- STEP 4
- chmod g+w /etc/pihole
- STEP 5
- sed -i '$ a BLOCKINGMODE=IP-NODATA-AAAA' /etc/pihole/pihole-FTL.conf
- sed -i '$ a RATE_LIMIT=0/0' /etc/pihole/pihole-FTL.conf
- sed -i 's/memory_limit = 128M/memory_limit = 1024M/g' /etc/php/7.4/cgi/php.ini
- STEP 6
- edns-packet-max=1232
- dns-forward-max=1024
- /etc/dnsmasq.d/99-edns.conf
- STEP 7
- service pihole-FTL restart
- service unbound restart
- /etc/init.d/lighttpd reload
Add Comment
Please, Sign In to add comment
