| /etc/lighttpd/conf-available/16-pihole-https.conf and symlink the file to "/etc/lighttpd/conf-enabled/" directory | |
| # Ensure the Pi-hole Block Page knows that this is not a blocked domain | |
| setenv.add-environment = ("fqdn" => "true") | |
| # Enable the SSL certificate | |
| $SERVER["socket"] == ":443" { | |
| ssl.engine = "enable" | |
| ssl.pemfile = "/etc/lighttpd/ssl/combined.pem" | |
| } | |
| # Redirect HTTP to HTTPS | |
| $HTTP["scheme"] == "http" { | |
| $HTTP["host"] =~ ".*" { | |
| url.redirect = (".*" => "https://%0$0") | |
| } | |
| } |
systemctl daemon-reload
systemctl start tailscale-cert.service
systemctl enable tailscale-cert.timer
sudo nano /etc/lighttpd/conf-available/16-pihole-https.conf
sudo ln -s /etc/lighttpd/conf-available/16-pihole-https.conf /etc/lighttpd/conf-enabled/
sudo service lighttpd restart
sudo apt install lighttpd-mod-openssl
| # /etc/systemd/system/tailscale-cert.service | |
| [Unit] | |
| Description=Tailscale SSL Service Renewal | |
| After=network.target | |
| After=syslog.target | |
| [Service] | |
| Type=oneshot | |
| User=root | |
| Group=root | |
| WorkingDirectory=/etc/ssl/private/ | |
| Environment="HOSTNAME=device-hostname" | |
| Environment="DOMAIN=foobar.ts.net" | |
| ExecStart=tailscale cert ${HOSTNAME}.${DOMAIN} | |
| ExecStartPost=/bin/sh -c 'cat ${HOSTNAME}.${DOMAIN}.key ${HOSTNAME}.${DOMAIN}.crt > /etc/lighttpd/ssl/combined.pem' | |
| [Install] | |
| WantedBy=multi-user.target |
| # /etc/systemd/system/tailscale-cert.timer | |
| [Unit] | |
| Description=Renew Tailscale cert | |
| [Timer] | |
| OnCalendar=monthly | |
| Unit=tailscale-cert.service | |
| [Install] | |
| WantedBy=basic.target |