AbsolutelyClawless

The bizarre thing is I already had it set up in a way it shouldn’t have hijacked it. Worked perfectly fine for a long time. Evil DNS forces at it again!

Pihole is my DNS server (Unbound + Local).

I fixed it? After the issue appeared I changed Raspi’s hostname to FQDN, i.e. pihole.my.domain. So it sort of makes sense that it bypassed Nginx. I changed it back to how it was before (just “pihole” and instead of my.domain I added “home.arpa” as local domain). And now it’s back to normal. Which makes about zero sense to me, because I basically just changed it back how it was both before and after the issue started.

Thanks for the help! It didn’t even occur to me to look if Nginx was being bypassed.

Hm, looks like you’re right. For some reason it’s completely bypassing Nginx. Traceroute to all my other proxied services points to nginx.my.domain, except pihole, which points to pihole.my.domain. There have been no changes to my configuration, this is odd.

The FQDN resolves fine. I can still reach Pihole over https://pihole.my.domain and click on “Proceed to pihole.my.domain (Risky)”, but the browser fetches Pihole’s self-signed certificate instead of my.domain and throws a warning about certificate validity. Which it absolutely shouldn’t, because Nginx conf for Pihole points to port 80, not port 443.