External Pihole behind Traefik redirect /admin

Hi all,

i have pihole installed on a different machine, so pi hole do not run as a docker container next to Traefik.
What i have done is, that i added pihole as an external router to my config.yml.

If i access the URL via my browser, i can see the start page of pihole, but after fill in my admin credentials,
the site will always redirect to /admin

So, i navigate to

https://pihole.local.localdomain.com

I can see the pihole admin page.

But after i fill in my admin credentials, i will be redirected to

https://pihole.local.localdomain.com/admin

which is not available. White screen, no admin interface annymore.

If i then delete the /admin from the URL, i can see the admin panel again and i am logged in....

How is it possible with Traefik that there is not redirect to /admin, so i only want to use the URL
without /admin.

Is that possible?

Here is my config

http:
  routers:
    pihole:
      entryPoints:
        - "https"
      rule: "Host(`pihole.local.localdomain.com`)"
      middlewares:
        - default-headers
        - replacepathregex-pihole
        - addprefix-pihole
        - https-redirectscheme
      tls: {}
      service: pihole

  services:

    pihole:
      loadBalancer:
        servers:
          - url: "http://xxx.xxx.xxx.xxx:80"
        passHostHeader: true


  middlewares:

    addprefix-pihole:
      addPrefix:
        prefix: "/admin"

    replacepathregex-pihole:
      replacePathRegex:
         regex: "^/admin/(.*)"
         replacement: "/$$1"

    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

Thanks and regards
Dan

Why do you have this? Messing with paths for a full-blown application usually does not work. Apps are mostly not path-aware and will redirect or link to fixed paths, which then don’t work anymore.

Best practice for multiple services on the same (reverse proxy) server is to use sub-domains.

I use the subdomain pihole.local.localdomain.... For each Service behind Traefik an own local subdomain. That just works fine for all my Services, execp pihole, because if i will open the sudomain for pihole and enter my credentials, pihole will redirect me to /admin, which does not exist. So i want to redirect back to the subdomain of pihole. But that isn't working....

Have you removed those?

Yes, still not working. Same effect as before.... .

Without the path manipulation your config looks okay, have you restarted Traefik?

Check Traefik debug log and access log. Check your target service log.

I had the same issue yesterday. The redirects don't get updated and pihole redirects you to the wrong pages constantly.

If you're willing to have /admin put in the URL automatically you can also just use the following middleware to redirect from the root to /admin automatically

    pihole-redirect:
      redirectRegex:
        regex: "^https?://pihole.domain.tld/$"
        replacement: "https://pihole.domain.tld/admin/"

Hi,

thanks, this works fine.

The only thing is now, that always the path /admin is there.
It is ok for me..... But is there no way to work only with the base URL, without the addition of
the path /admin in the URL...?

Thanks and regards
dan

the setup below seems to be working for me.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-internal
  name: pihole-dashboard
  namespace: pihole
spec:
  routes:
  - kind: Rule
    match: Host(`pihole.redacted.tld`)
    middlewares:
    - name: dashboard-redirect
    - name: dashboard-prefix
    services:
    - name: pihole-tcp
      port: 80
  tls: {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-redirect
  namespace: pihole
spec:
  redirectRegex:
    regex: /admin/$
    replacement: /
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-prefix
  namespace: pihole
spec:
  addPrefix:
    prefix: /admin

that worked great for me. thank you @ajschmidt8
Here's a version for others not using k8s

http:
  routers:
    pihole:
      entryPoints:
        - websecure
      rule: "Host(`dns.domain.tld`)"
      service: pihole
      tls: 
        certResolver: le
      middlewares:
        - pihole-redirectregex
        - pihole-addprefix

  middlewares:
    pihole-addprefix:
      addPrefix:
        prefix: /admin
    pihole-redirectregex:
      redirectRegex:
        regex: /admin/$
        replacement: /

I was wondering if anything has changed with version 3. I recently started using Traefik and I used this exact configuration for my PiHole. The initial redirect to the https://nn.acb.xyz/admin works fine but as soon as I login I get the following:

Failed Host Check: nn.acb.xyz vs 192.168.10.07, pihole, pi.hole, localhost

(where 192.168.10.07 is my pihole IP)

I am not sure what is going wrong here. Any tips?

I kept getting 307 redirections in a loop to the same address because I had put the redirectRegex middleware before the addPrefix !
By the way, when you need to log back in after a period of inactivity, you will be redirected to a /admin/dns_records.php for example. This page does not exist as the /admin is supposed to be removed and the proposed solutions above do not help when there is anything after it.
So here is my regex solution:

http:
  middlewares:
    pihole-redirect:
      redirectRegex:
        regex: "^https?://([\\w.-]+)/admin(.*)$"
        replacement: "https://${1}${2}"
    pihole-prefix:
      addPrefix:
        prefix: /admin

Regex explanations: The ${1} and ${2} in the replace correspond respectively to the first and second capturing groups (in parentheses). For the first it can only match the host part with word characters (double escape for yaml), dots and minus signs while the second matches anything that may follow /admin. The first question mark matches http and https.
PS: If you truly need to support http, create a capture group http(s?) in the regex and the replacement string should look like this "http${1}://${2}${3}"