External Pihole behind Traefik redirect /admin

danyo2008 · February 1, 2023, 11:27am

Hi all,

i have pihole installed on a different machine, so pi hole do not run as a docker container next to Traefik.
What i have done is, that i added pihole as an external router to my config.yml.

If i access the URL via my browser, i can see the start page of pihole, but after fill in my admin credentials,
the site will always redirect to /admin

So, i navigate to

https://pihole.local.localdomain.com

I can see the pihole admin page.

But after i fill in my admin credentials, i will be redirected to

https://pihole.local.localdomain.com/admin

which is not available. White screen, no admin interface annymore.

If i then delete the /admin from the URL, i can see the admin panel again and i am logged in....

How is it possible with Traefik that there is not redirect to /admin, so i only want to use the URL
without /admin.

Is that possible?

Here is my config

http:
  routers:
    pihole:
      entryPoints:
        - "https"
      rule: "Host(`pihole.local.localdomain.com`)"
      middlewares:
        - default-headers
        - replacepathregex-pihole
        - addprefix-pihole
        - https-redirectscheme
      tls: {}
      service: pihole

  services:

    pihole:
      loadBalancer:
        servers:
          - url: "http://xxx.xxx.xxx.xxx:80"
        passHostHeader: true


  middlewares:

    addprefix-pihole:
      addPrefix:
        prefix: "/admin"

    replacepathregex-pihole:
      replacePathRegex:
         regex: "^/admin/(.*)"
         replacement: "/$$1"

    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

Thanks and regards
Dan

bluepuma77 · February 1, 2023, 2:15pm

Why do you have this? Messing with paths for a full-blown application usually does not work. Apps are mostly not path-aware and will redirect or link to fixed paths, which then don’t work anymore.

Best practice for multiple services on the same (reverse proxy) server is to use sub-domains.

danyo2008 · February 1, 2023, 2:24pm

I use the subdomain pihole.local.localdomain.... For each Service behind Traefik an own local subdomain. That just works fine for all my Services, execp pihole, because if i will open the sudomain for pihole and enter my credentials, pihole will redirect me to /admin, which does not exist. So i want to redirect back to the subdomain of pihole. But that isn't working....

bluepuma77 · February 1, 2023, 2:39pm

Have you removed those?

danyo2008 · February 1, 2023, 8:59pm

Yes, still not working. Same effect as before.... .

bluepuma77 · February 2, 2023, 10:20am

Without the path manipulation your config looks okay, have you restarted Traefik?

Check Traefik debug log and access log. Check your target service log.

RWL-Dittrich · February 2, 2023, 11:22am

I had the same issue yesterday. The redirects don't get updated and pihole redirects you to the wrong pages constantly.

If you're willing to have /admin put in the URL automatically you can also just use the following middleware to redirect from the root to /admin automatically

    pihole-redirect:
      redirectRegex:
        regex: "^https?://pihole.domain.tld/$"
        replacement: "https://pihole.domain.tld/admin/"

danyo2008 · February 3, 2023, 5:33am

Hi,

thanks, this works fine.

The only thing is now, that always the path /admin is there.
It is ok for me..... But is there no way to work only with the base URL, without the addition of
the path /admin in the URL...?

Thanks and regards
dan

ajschmidt8 · April 30, 2023, 10:01pm

the setup below seems to be working for me.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-internal
  name: pihole-dashboard
  namespace: pihole
spec:
  routes:
  - kind: Rule
    match: Host(`pihole.redacted.tld`)
    middlewares:
    - name: dashboard-redirect
    - name: dashboard-prefix
    services:
    - name: pihole-tcp
      port: 80
  tls: {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-redirect
  namespace: pihole
spec:
  redirectRegex:
    regex: /admin/$
    replacement: /
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-prefix
  namespace: pihole
spec:
  addPrefix:
    prefix: /admin

weskezm99 · July 22, 2023, 12:26pm

that worked great for me. thank you @ajschmidt8
Here's a version for others not using k8s

http:
  routers:
    pihole:
      entryPoints:
        - websecure
      rule: "Host(`dns.domain.tld`)"
      service: pihole
      tls: 
        certResolver: le
      middlewares:
        - pihole-redirectregex
        - pihole-addprefix

  middlewares:
    pihole-addprefix:
      addPrefix:
        prefix: /admin
    pihole-redirectregex:
      redirectRegex:
        regex: /admin/$
        replacement: /