niammuddin

install pihole

Jan 25th, 2022 (edited)
606
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. STEP 1
  2. certbot certonly --standalone --preferred-challenges http --agree-tos --email admin@subnet.web.id -d subnet.web.id
  3.  
  4. STEP 2
  5. $HTTP["host"] == "subnet.web.id" {
  6.   # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  7.   setenv.add-environment = ("fqdn" => "true")
  8.  
  9.   # Enable the SSL engine with a LE cert, only for this specific host
  10.   $SERVER["socket"] == ":443" {
  11.     ssl.engine = "enable"
  12.     ssl.pemfile = "/etc/letsencrypt/live/subnet.web.id/fullchain.pem"
  13.     ssl.privkey =  "/etc/letsencrypt/live/subnet.web.id/privkey.pem"
  14.     ssl.cipher-list = "HIGH"
  15.   }
  16.  
  17.   # Redirect HTTP to HTTPS
  18.   $HTTP["scheme"] == "http" {
  19.     $HTTP["host"] =~ ".*" {
  20.       url.redirect = (".*" => "https://%0$0")
  21.     }
  22.   }
  23. }
  24.  
  25. STEP 3
  26. apt install lighttpd-mod-openssl
  27.  
  28. STEP 4
  29. chmod g+w /etc/pihole
  30.  
  31. STEP 5
  32. sed -i '$ a BLOCKINGMODE=IP-NODATA-AAAA' /etc/pihole/pihole-FTL.conf
  33. sed -i '$ a RATE_LIMIT=0/0' /etc/pihole/pihole-FTL.conf
  34. sed -i 's/memory_limit = 128M/memory_limit = 1024M/g' /etc/php/7.4/cgi/php.ini
  35.  
  36. STEP 6
  37. edns-packet-max=1232
  38. dns-forward-max=1024
  39. /etc/dnsmasq.d/99-edns.conf
  40.  
  41. STEP 7
  42. service pihole-FTL restart
  43. service unbound restart
  44. /etc/init.d/lighttpd reload
  45.  
  46.  
  47.  
RAW Paste Data Copied