Is it easy to set up SSL on a PiHole? I wanted to get Adguard home setup (similar to Pihole) but the complexity of setting up secure connections and I’m like, “yeah, nobody in my family is going to be able to fix this if something happens when I’m not around”. 😂
I recommend setting it up with a let’s encrypt cert via tailscale, that way not only you get a proper cert for free without opening your pihole to the internet, but also you get a way to use it when you are not at home, but if you are using a raspberry pi 1 or any other pi from the SD card I recommend using Log2ram in order to preserve the SD card
Edit: forgot to add that you should install zram-tools and run
sudo dphys-swapfile unistall
on a first gen pi since the low ram can increase the tendency to swap especially with unbound and that can also kill your SD card prematurely
However, if you’re going the self-signed certificate route, consider to make your own mini-CA with root-CA + intermediate CA added in your trust store on every device and all your services behind a reverse proxy. The only thing you need to worry about is the certificates’ validity !
Is it easy to set up SSL on a PiHole? I wanted to get Adguard home setup (similar to Pihole) but the complexity of setting up secure connections and I’m like, “yeah, nobody in my family is going to be able to fix this if something happens when I’m not around”. 😂
I recommend setting it up with a let’s encrypt cert via tailscale, that way not only you get a proper cert for free without opening your pihole to the internet, but also you get a way to use it when you are not at home, but if you are using a raspberry pi 1 or any other pi from the SD card I recommend using Log2ram in order to preserve the SD card
Edit: forgot to add that you should install zram-tools and run
sudo dphys-swapfile unistallon a first gen pi since the low ram can increase the tendency to swap especially with unbound and that can also kill your SD card prematurely
They even have a full tutorial on it here.
However, if you’re going the self-signed certificate route, consider to make your own mini-CA with root-CA + intermediate CA added in your trust store on every device and all your services behind a reverse proxy. The only thing you need to worry about is the certificates’ validity !