Meidokon Wiki
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Useful(?) links

  • furinkan's stuff

  • Postfix snippets

  • SystemInfo

  • This sidebar

Navigation

  • FrontPage
  • RecentChanges
  • FindPage
  • HelpContents
Revision 3 as of 2023-07-16 11:46:09
MeidokonWiki:
  • UnifiController

I almost just want to buy a cloud key because I think it'll be easier. -_-

Contents

  1. Hosted as a docker container
  2. DIY controller stuff
  3. Installation on vector
  4. A real signed SSL cert for the controller

Hosted as a docker container

This turns out to be the nicest solution yet. You need a decently beefy host to run it, but I find it less annoying than the raw Java app in a .deb that needs fiddly backups and upgrades periodically.

Via: https://hub.docker.com/r/linuxserver/unifi-controller

Details on deployment are here: servers/illustrious#Unifi_controller

DIY controller stuff

On any sort of OS:

  • https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776

  • https://get.glennr.nl/unifi/install/unifi-5.13.32.sh

Some easy guides:

  • Easy-UBNT for supported OSes: https://community.ui.com/questions/Easy-UBNT-Install-Update-and-Secure-UBNT-Software/9ccb57b3-b9a7-4e42-9bae-2306efd8243f

  • Controller on an RPi, with Pi-hole: https://community.ui.com/questions/Step-By-Step-Tutorial-Guide-Raspberry-Pi-with-UniFi-Controller-and-Pi-hole-from-scratch-headless/e8a24143-bfb8-4a61-973d-0b55320101dc

I should really setup pihole one of these days, and then I can also use it for dnsmasq and local DNS that doesn't die when the internet goes down. Just get DNS off the USG, I already don't use it as it is.

Installation on vector

I used the Easy Update Script mentioned above to install the controller on servers/vector, then import the old site config.

  • wget https://get.glennr.nl/unifi/install/unifi-6.2.17.sh

  • Grow partition with cfdisk, then FS with resize2fs
  • bash unifi-6.2.17.sh
  • Setup new empty site, create local admin account
  • Import site from old controller
  • Update DNS to point unifi to vector

A real signed SSL cert for the controller

This SSL cert command doesn't frikken work, yet it should be exactly the perfect method. -_-

java -jar /usr/lib/unifi/lib/ace.jar import_key_cert STAR_thighhighs_top.key.stripped STAR_thighhighs_top.crt

Instead I used this script, it's stashed in /root/unifi-import-cert.sh 

# Backup previous keystore
cp /var/lib/unifi/keystore /var/lib/unifi/keystore.backup.$(date +%F_%R)

# Convert cert to PKCS12 format
openssl pkcs12 -export \
        -inkey /etc/ssl/STAR_thighhighs_top.key \
        -in /etc/ssl/STAR_thighhighs_top.crt \
        -out /etc/ssl/STAR_thighhighs_top.p12 \
        -name unifi -password pass:unifi

# Install certificate
keytool -importkeystore \
        -deststorepass aircontrolenterprise \
        -destkeypass aircontrolenterprise \
        -destkeystore /var/lib/unifi/keystore \
        -srckeystore /etc/ssl/STAR_thighhighs_top.p12 \
        -srcstoretype PKCS12 \
        -srcstorepass unifi \
        -alias unifi \
        -noprompt

# Restart UniFi controller
systemctl restart unifi
  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01
MoinMoin Release 1.9.11 [Revision release], Copyright by Juergen Hermann et al.