|
Size: 2502
Comment: copy install notes from vector
|
Size: 2905
Comment: add notes on hosting it on docket
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| I really just want to buy a cloud key because I think it'll be easier. -_- | I almost just want to buy a cloud key because I think it'll be easier. -_- <<TableOfContents>> = Hosted as a docker container = This turns out to be the nicest solution yet. You need a decently beefy host to run it, but I find it less annoying than the raw Java app in a .deb that needs fiddly backups and upgrades periodically. Via: https://hub.docker.com/r/linuxserver/unifi-controller Details on deployment are here: [[servers/illustrious#Unifi_controller]] |
I almost just want to buy a cloud key because I think it'll be easier. -_-
Contents
Hosted as a docker container
This turns out to be the nicest solution yet. You need a decently beefy host to run it, but I find it less annoying than the raw Java app in a .deb that needs fiddly backups and upgrades periodically.
Via: https://hub.docker.com/r/linuxserver/unifi-controller
Details on deployment are here: servers/illustrious#Unifi_controller
DIY controller stuff
On any sort of OS:
Some easy guides:
Easy-UBNT for supported OSes: https://community.ui.com/questions/Easy-UBNT-Install-Update-and-Secure-UBNT-Software/9ccb57b3-b9a7-4e42-9bae-2306efd8243f
Controller on an RPi, with Pi-hole: https://community.ui.com/questions/Step-By-Step-Tutorial-Guide-Raspberry-Pi-with-UniFi-Controller-and-Pi-hole-from-scratch-headless/e8a24143-bfb8-4a61-973d-0b55320101dc
I should really setup pihole one of these days, and then I can also use it for dnsmasq and local DNS that doesn't die when the internet goes down. Just get DNS off the USG, I already don't use it as it is.
Installation on vector
I used the Easy Update Script mentioned above to install the controller on servers/vector, then import the old site config.
- Grow partition with cfdisk, then FS with resize2fs
- bash unifi-6.2.17.sh
- Setup new empty site, create local admin account
- Import site from old controller
- Update DNS to point unifi to vector
A real signed SSL cert for the controller
This SSL cert command doesn't frikken work, yet it should be exactly the perfect method. -_-
java -jar /usr/lib/unifi/lib/ace.jar import_key_cert STAR_thighhighs_top.key.stripped STAR_thighhighs_top.crt
Instead I used this script, it's stashed in /root/unifi-import-cert.sh
# Backup previous keystore
cp /var/lib/unifi/keystore /var/lib/unifi/keystore.backup.$(date +%F_%R)
# Convert cert to PKCS12 format
openssl pkcs12 -export \
-inkey /etc/ssl/STAR_thighhighs_top.key \
-in /etc/ssl/STAR_thighhighs_top.crt \
-out /etc/ssl/STAR_thighhighs_top.p12 \
-name unifi -password pass:unifi
# Install certificate
keytool -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /var/lib/unifi/keystore \
-srckeystore /etc/ssl/STAR_thighhighs_top.p12 \
-srcstoretype PKCS12 \
-srcstorepass unifi \
-alias unifi \
-noprompt
# Restart UniFi controller
systemctl restart unifi