I’m a huge fan of WireGuard and of the PiHole’s blocklists. I run several VPNs in different countries, because I need to be able to access geoblocked websites for work. Usually, the servers don’t have anything else on them, so running the default install scripts is all it takes to get up and running.
Unfortunately, this time around I already had an Apache server running on the box I was setting up.
I like to be able to use the web admin since it’s a quick and easy way of seeing what’s blocked, and Apache wasn’t playing nice with the lighttpd instance PiHole uss by default.
There are a few ways around this. One is to change the port the existing lighttpd instance runs on:
sed -i "s/server.port = 80/server.port = INSERTNEWPORTHERE/" /etc/lighttpd /lighttpd.conf
service lighttpd restart
Another option is to add your pi.hole page to your existing Apache config file. This file is usually found
in the directory /etc/apache2/sites-available but the name of the file could vary depending on your setup::
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName pihole
ServerAlias pi.hole
DocumentRoot /var/www/vpn
<Directory /var/www/vpn/>
Options FollowSymLinks MultiViews
AllowOverride all
Order deny,allow
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/pihole_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/pihole_access.log combined
</VirtualHost>
By default, PiHole stores its admin panel pages in /var/www/html. This isn’t ideal if you’re running other sites on the server so I’ve moved the files to a more recognizeable folder, you can choose any folder name that makes sense to you.
Make sure the files are readable by the user Apache is running under (usually www-data), and that the only files in the /var/www/html folder are the ones associated with PiHole. As obvious as it sounds, don’t do this if you have other sites in that directory!
In your /var/www directory:
mkdir vpn
mv html/* vpn
chown -R www-data vpn
After doing this, be sure to restart apache:
sudo service apache2 restart
Test your PiHole Admin page, and also test any other sites you’ve got running on Apache to make sure they’re all fully functional.
There’s no need to restart PiHole or PiVPN since all you’ve changed is the admin panel. If you’d mistakenly installed lighttpd (as I did yesterday when I was running the setup scripts, because I wasn’t paying attention) be sure to stop the service/remove it if necessary.
PiHole Blocklist Suggestions
I’ve been running PiHoles for quite a while now and I’ve found the stock blocklist to be decent enough most of the time. I’ve added a few annoying domains that my phone pings a lot to a blackhole, and had to whitelist a few addresses to get FaceBook Messenger Lite working on my work phone, but beyond that running stock has been good enough for me.
With that said, I run a PinePhone and a Graphene’d Pixel for personal stuff, and have a stock Android for work but I don’t run much “privacy invading” software on that. If you’re using a lot of the more mainstream social media apps, or play a lot of games, you might have to spend more time whitelisting things.
If you feel the stock blocklist isn’t good enough, this extensive list of PiHole blocklists could be useful for you. Be aware that there may be lots of duplication if you run several lists, and if you do want to run privacy-unfriendly apps it may take some trial and error to figure out what to unblock to get them running.
I combine a PiHole with uBlock Origin for an ad and tracker-free browsing experience, and it’s quite jarring when you use someone else’s device and are reminded of how ad-ridden the web can be.