I almost just want to buy a cloud key because I think it'll be easier. -_-

Hosted as a docker container

This turns out to be the nicest solution yet. You need a decently beefy host to run it, but I find it less annoying than the raw Java app in a .deb that needs fiddly backups and upgrades periodically.

Via: https://hub.docker.com/r/linuxserver/unifi-controller

Details on deployment are here: servers/illustrious#Unifi_controller

DIY controller stuff

On any sort of OS:

• https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776

• https://get.glennr.nl/unifi/install/unifi-5.13.32.sh

Some easy guides:

• Easy-UBNT for supported OSes: https://community.ui.com/questions/Easy-UBNT-Install-Update-and-Secure-UBNT-Software/9ccb57b3-b9a7-4e42-9bae-2306efd8243f

• Controller on an RPi, with Pi-hole: https://community.ui.com/questions/Step-By-Step-Tutorial-Guide-Raspberry-Pi-with-UniFi-Controller-and-Pi-hole-from-scratch-headless/e8a24143-bfb8-4a61-973d-0b55320101dc

I should really setup pihole one of these days, and then I can also use it for dnsmasq and local DNS that doesn't die when the internet goes down. Just get DNS off the USG, I already don't use it as it is.

Installation on vector

I used the Easy Update Script mentioned above to install the controller on servers/vector, then import the old site config.

• wget https://get.glennr.nl/unifi/install/unifi-6.2.17.sh

• Grow partition with cfdisk, then FS with resize2fs
• bash unifi-6.2.17.sh
• Setup new empty site, create local admin account
• Import site from old controller
• Update DNS to point unifi to vector

A real signed SSL cert for the controller

This SSL cert command doesn't frikken work, yet it should be exactly the perfect method. -_-

java -jar /usr/lib/unifi/lib/ace.jar import_key_cert STAR_thighhighs_top.key.stripped STAR_thighhighs_top.crt

Instead I used this script, it's stashed in /root/unifi-import-cert.sh

# Backup previous keystore
cp /var/lib/unifi/keystore /var/lib/unifi/keystore.backup.$(date +%F_%R)

# Convert cert to PKCS12 format
openssl pkcs12 -export \
        -inkey /etc/ssl/STAR_thighhighs_top.key \
        -in /etc/ssl/STAR_thighhighs_top.crt \
        -out /etc/ssl/STAR_thighhighs_top.p12 \
        -name unifi -password pass:unifi

# Install certificate
keytool -importkeystore \
        -deststorepass aircontrolenterprise \
        -destkeypass aircontrolenterprise \
        -destkeystore /var/lib/unifi/keystore \
        -srckeystore /etc/ssl/STAR_thighhighs_top.p12 \
        -srcstoretype PKCS12 \
        -srcstorepass unifi \
        -alias unifi \
        -noprompt

# Restart UniFi controller
systemctl restart unifi