From 35e7b2a11c2486db39697b3d69bf3e5f744926d1 Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Tue, 17 Jun 2025 14:57:53 -0700 Subject: [PATCH] Supplement docker secrets usage information Docker secrets has a couple of characteristics that may cause baffling errors where configuration looks correct but the pihole container cannot read the secret. The UID and GID of the secret file on the host must be set to the same value used by the pihole process in the container (typically 1000). Signed-off-by: Bradley G Smith --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ab1516d..f7b0492 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ If this variable is not detected and you have not already set one via `pihole se | `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the [API Documentation](https://docs.pi-hole.net/api).

Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`.
Array type configs should be delimited with `;`.| | `PIHOLE_UID` | `1000` | Number | Overrides image's default pihole user id to match a host user id.
**IMPORTANT**: id must not already be in use inside the container!| | `PIHOLE_GID` | `1000` | Number | Overrides image's default pihole group id to match a host group id.
**IMPORTANT**: id must not already be in use inside the container!| -| `WEBPASSWORD_FILE` | unset| `` | Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `FTLCONF_webserver_api_password` is set, `WEBPASSWORD_FILE` is ignored. If `FTLCONF_webserver_api_password` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file, then `FTLCONF_webserver_api_password` will be set to the contents of `WEBPASSWORD_FILE`. | +| `WEBPASSWORD_FILE` | unset| `` | Set an Admin password using Docker secrets with [Swarm](https://docs.docker.com/engine/swarm/secrets/) or [Compose](https://docs.docker.com/compose/how-tos/use-secrets/). If `FTLCONF_webserver_api_password` is set, `WEBPASSWORD_FILE` is ignored. If `FTLCONF_webserver_api_password` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file, then `FTLCONF_webserver_api_password` will be set to the contents of `WEBPASSWORD_FILE`. See [WEBPASSWORD_FILE Example](https://docs.pi-hole.net/docker/configuration/#webpassword_file-example) for additional information.| ### Advanced Variables