Pi-Hole Install Crashes Nginx

Creating a bug report/issue

Required Information

• DietPi version | G_DIETPI_VERSION_CORE=8 G_DIETPI_VERSION_SUB=14 G_DIETPI_VERSION_RC=2 G_GITBRANCH='master' G_GITOWNER='MichaIng' G_LIVE_PATCH_STATUS[0]='not applicable'

• Distro version | bullseye 0

• Kernel version | Linux Piper 5.15.84-v8+ #1613 SMP PREEMPT Thu Jan 5 12:03:08 GMT 2023 aarch64 GNU/Linux

• SBC model | RPi 4 Model B (aarch64)

• Power supply used | RPi Official USB-C

• SD card used | none; 1TB Sata 2.5" (enclosed) used.

Additional Information (if applicable)

• Software title | Pi-Hole
• Was the software title installed freshly or updated/migrated?
  It is a clean install from DietPi-Software
• Can this issue be replicated on a fresh installation of DietPi?
  Yes
  ← If you sent a “dietpi-bugreport”, please paste the ID here →
• Bug report ID | 71209e97-3862-4cca-ba50-e60a1de6f031

Steps to reproduce

1. Install Pi-Hole with Nginx, alone or with companion like Nextcloud
2. Install Unbound with it, as choice during Pi-Hole install

Expected behaviour

• Pi-Hole creates correct Nginx config/doesn’t break anything
• Pi-Hole and other services are available through Nginx

Actual behaviour

• Pi-Hole Installation breaks NGINX functionality, nothing is available
• Nginx and all other services function again upon removal of Pi-Hole

Extra details

• sudo nginx -t responds with: nginx: [emerg] unknown "frame_option" variable
• Pi-Hole script prompts to uninstall these packages: git iproute2 dialog ca-certificates cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps jq grep dnsutils
• If Pi-Hole is allowed to uninstall stated packages (above), system (sometimes) breaks and needs full reinstall. We really shouldn’t be removing things like sudo, dialog, or others…
• No issues seem to occur if the chosen web-server is Apache; this is an issue dependent on Nginx. I like Nginx…

Pihole deletes packages when you install it?
I only know about their uninstall script, which deletes a lot of stuff if you are not careful

there seems to be a bug introduced with latest version.

As workaround go into /etc/nginx/sites-dietpi/dietpi-pihole.conf and disable following 2 options.

#	set $frame_options "deny";
#	add_header X-Frame-Options "$frame_option";

Restart Nginx afterwards

Uncomment those two lines again and replace frame_option with frame_options (“s” was missing).

I fixed the config in our master branch (from where it is downloaded on install), so a reinstall or fresh install of Pi-hole will now also have it fixed.

Many thanks for reporting .

The Pi-Hole script gives the option to remove packages on uninstall that are listed as dependencies. This is in nature good, but the list of dependencies is large and can remove things like sudo. I think we should “fool-proof” this a little more for those not looking, and possibly remove some of the packages from the list.

Thanks; I installed everything this morning fresh and it works now.

This is an issue at PiHole side and out of our scope. We tried to convince them to change but without success

Okay, thanks for letting me know. I am glad that DietPi already investigated this.

Hello. Sorry for bringing this up again but it seems that my pihole and nginx don’t like each other.

• I can access the pihole user interface by going to pi.hole/admin, but can’t from 192.168.[restofip]/admin. Also my nextcloud stopped working (yesterday?) which I think is connected to this.

I tried reinstalling both, without success.

Let me know what else I can show…

There is no real relation between PiHole and Nginx. PiHole web interface is a simple web app, like Nextcloud, that require a web server like Apache or Nginx to be able to be displayed. As you are able to reach pi.hole/admin indicates the web server running and working. Otherwise, this would be failing as well. How do you try reaching NC? Did you activate any special setting on your web server? What changed the last days that could be related to your issue?

That’s the million euro question… Of the more substantial things I did:

• installed arp-scan (uninstalled it now)
• installed and configured Navidrome (stopped and disabled the service now).
• there were some updates to PHP (7.4)

And right now I can’t get to http://pi.hole/admin any more. Really not sure why. I know pihole is running since all my DNS domains work, so it’s just nginx. Trying to reinstall PHP now using dietpi-software reinstall 89.

But I doesn’t seem to be possible to run nginx in interactive mode…

OK, we’re getting somewhere. After reinstalling PHP, nginx failed to start:
nginx[11576]: nginx: [emerg] bind() to 0.0.0.0:80 failed(98: Address already in use). Reinstalling nginx using dietpi-software did not help.
I then purged nginx using dietpi-software and then installed it again - still it was failing to run.

I saw that one of my devices (projector) was connected to dietpi (by its standby wifi) using port 80 without nginx running. Turned it off; this did not help at all.

After rebooting when all of these things were done, nginx got up. Pihole did too but it did not work. pihole -d returned these errors:

1. [✗] tcp:0.0.0.0:80 is in use by nginx (Prerequisites - Pi-hole documentation)
2. [✗] Web interface X-Header: X-Header does not match or could not be retrieved. HTTP/1.1 302 Found Server: nginx Date: Sat, 04 Mar 2023 21:25:58 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=06d9vosk2fmkd1lvtafn8n7dst; path=/; HttpOnly; SameSite=Strict Location: login.php
   And some irrelevant errors for lighttpd (which doesn’t exist).
   Error 2 is related to what you wrote above, so then I tried editing the lines again, but found /etc/nginx/sites-dietpi to be empty. I copied the needed nginx conf files from a backup (those without the need to edit them already) and error 2 disappeared, but error 1 stayed.

The error when I was trying to go to pi.hole/admin is “DNS_PROBE_FINISHED_NXDOMAIN” and if by IP it is “ERR_CONNECTION_REFUSED”.

Right now I think it’s something connected to pihole’s webserver and nginx’s webserver fighting each other for port 80, but I really don’t know a lot about networking.

There is no PiHole own web server. If you use our PiHole install script, PiHole is installed without web server stack, as we use our DietPi functionality to install user defined web server module. Could it be that you installed lighttpd? Did you execute any PiHole repair steps?

Ok. I tried pihole repair but it did nothing.

After stopping nginx, then pihole, then starting nginx, then pihole, I know pihole is running as I can ping local domains.

But there is another twist. I can view pi.hole/admin when connected through wireguard (10.9.x.x) but not when connected via my router (192.168.3.x).

I can also view local domain-based if my IP is 10.9.x.x.

Here are the lines from the block of code responsible for blocking outside traffic:

allow 127.0.0.0/8;
        allow 192.168.0.0/16;
        allow 10.0.0.0/8;
        allow 172.16.0.0/12;
        allow ::1/128;
        allow fe80::/10;
        allow fc00::/7;
        deny all;

EDIT: ok, fixed this with selecting “Permit all origins” in pihole, which somehow got reset when reinstalling.

But the primary thing still exists: nextcloud access from the Internet stopped working for some reason, as well as the nginx homepage. I will check my port forwards on routers, but I don’t think they changed.

EDIT2: now it works but I did not do absolutely anything. I am at a loss. The only thing I needed to do again is install the letsencrypt certificate.

EDIT3: I suppose the culprit is navidrome, apparently everything stopped working around 8:41 AM (it’s 0:32 AM next day now). I’ll check detailed logs, but it was then that everything became “unavailable” for home assistant…

Indeed, strange behavior. You can check status of running services as follow

dietpi-services status

As well check kernel logs and /or system logs

dmesg -l 0,1,2,3
journalctl

Just to avoid a misunderstanding on PiHole functionality.

PiHole DNS resolution and PiHole web interface are two different thinks. Both are independent features and can work without the other.

Yup, I used dmesg and journalctl extensively, but there was nothing pointing to an issue there. I made a mistake of rebooting the pi before looking at them more carefully though.

When this was happening, all the relevant services were running (active). I am just curious why nginx would not start because “address was already in use” - I did not have any other running services which I read could interfere (apache, lighttpd).

Anyway, the first command only shows 1 thing right now:
bcm2708_fb soc:fb: Unable to determine number of FBs. Disabling driver.
Same as here. Weird reboot behaviour on RPi 4 B - #2 by Joulinar
Doesn’t seem relevant as it’s a headless server.

if this happens again, you can use following command to check ports in use

ss -tulpn | grep LISTEN

Will do, thank you!

One more thing: any idea why the sites-dietpi configs were not deployed after uninstalling and reinstalling?

The sequence of what I did was:

dietpi-software reinstall 85 93
dietpi-software reinstall 85
dietpi-software uninstall 85
dietpi-software install 85
dietpi-software reinstall 89

With other commands in between (but I never removed anything from the folder /etc/nginx/sites-dietpi.

The folder is removed on uninstall. And this you did

PiHole web server configuration is pulled on install/reinstall only. It is not done on install of Nginx, because we don’t pull all kind of configs. This is triggered by the dedicated app only.