Skip to content

Updates Docker Secrets usage information #1851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Updates Docker Secrets usage information #1851

wants to merge 1 commit into from

Conversation

buckaroogeek
Copy link

Docker secrets has a couple of characteristics that may cause baffling errors where configuration looks correct but the pihole container cannot read the secret. The UID and GID of the secret file on the host must be set to the same value used by the pihole process in the container (typically 1000).

Description

Amends the WEBPASSWORD_FILE variable description to provide both Swarm and Compose related links. Directs reader to a docker secrets section in Tips and Tricks.

Adds Tips and Tricks content for docker secrets noting the requirement that the UID for the secrets file must be the same as the pihole process in the container. Otherwise the process will not be able to read the file.

Motivation and Context

Adds useful information that will reduce baffling problems reading a Docker secrets file (WEBPASSWORD_FILE).

How Has This Been Tested?

Tested on my two pihole instances (synology docker host).

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ X] Amend readme with additional content.

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • [ x] I have updated the documentation accordingly.

@buckaroogeek buckaroogeek requested a review from a team as a code owner June 17, 2025 22:08
yubiuser
yubiuser reviewed Jul 1, 2025
View reviewed changes
Copy link
Member

@yubiuser yubiuser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR.

I would not put so much info in this readme as it's already quite long and most users probably won't use the secret file.
Instead, I'd link to link to the documentation at

https://docs.pi-hole.net/docker/configuration/#ftlconf_webserver_api_password-examples

and add the necessary info (e.g. UID/GID) there.

@buckaroogeek
Copy link
Author

Glad to make the changes. I was thinking that the permissions issue was not immediately obvious to me so a note might help clarify this for others.

Perhaps I should close this PR as unneeded and generate replacements?

@yubiuser
Copy link
Member

yubiuser commented Jul 1, 2025

so a note might help clarify this for others

It is, but I think the readme is not the best place for it.

Perhaps I should close this PR as unneeded and generate replacements?

You could modify the PR to link to the documentation and open a PR at https://github.com/pi-hole/docs

@buckaroogeek
Supplement docker secrets usage information
8c8a70b 
Docker secrets has a couple of characteristics that may cause baffling
errors where configuration looks correct but the pihole container cannot
read the secret. The UID and GID of the secret file on the host must be
set to the same value used by the pihole process in the container
(typically 1000).

Signed-off-by: Bradley G Smith <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yubiuser yubiuser yubiuser left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@buckaroogeek @yubiuser