Ubiquity Unifi Controller

Allgemeine Doku

Troubleshooting https://help.ubnt.com/hc/en-us/sections/200887574-UniFi-Troubleshooting

config.properties:https://help.ubnt.com/hc/en-us/articles/205146040-UniFi-config-properties-File-Explanation

Betrieb in Docker Container

https://docs.linuxserver.io/images/docker-unifi-controller

Docker Compose (V2, golang):

---
version: "2.1"
services:
  unifi-controller:
    image: lscr.io/linuxserver/unifi-controller:latest
    container_name: unifi-controller
    environment:
      - PUID=1000
      - PGID=1000
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
    volumes:
      - /mnt/data/unifi/:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped

Danach

docker-compose up

Dauerbetreib

docker run -d \
  --name=unifi-controller \
  -e PUID=1000 \
  -e PGID=1000 \
  -e MEM_LIMIT=1024 `#optional` \
  -e MEM_STARTUP=1024 `#optional` \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
  -p 8080:8080 \
  -p 1900:1900/udp `#optional` \
  -p 8843:8843 `#optional` \
  -p 8880:8880 `#optional` \
  -p 6789:6789 `#optional` \
  -p 5514:5514/udp `#optional` \
  -v <path to data>:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/unifi-controller:latest

Aktuelle Config

cat /tmp/running.cfg

Ports

Typ	Port	Zweck
TCP	22	SSH access (controller & devices)
UDP	3478	STUN communication (AWS)
TCP	8080	Device and controller communication
TCP	8443	controller GUI/API as seen in a web browser
TCP	8880	HTTP portal redirection.
TCP	8843	HTTPS portal redirection
TCP	6789	UniFi mobile speed tes
TCP	27117	local-bound database communication
UDP	5656-5699	AP-EDU broadcasting.
UDP	10001	AP discovery
UDP	1900	Make controller discoverable on L2 network" in controller settings.

Custom SSH Keys

https://help.ubnt.com/hc/en-us/articles/235247068-UniFi-Add-Custom-SSH-Keys-to-Your-UniFi-Devices

Auf den UAP per ssh anmelden (geht auch über den Controller, Werkzeuge, Debug

In /etc/dropbear/authorized_keys den pub Key per vi eintragen

Danach die Konfig mit

cfgmtd -w -p /etc/

neu einlesen und in den Flash schreiben lassen.

Adoption

https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-Uni

Voraussetzungen:

DNS: "unifi" muss auf die Controller IP auflösen

DHCP: Option 43 muss die IP des Controllers liefern, siehe https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless#To_use_DHCP_Option_43
Diskussion zu Option 43: https://serverfault.com/questions/318292/linux-dhcp-server-option-43-vendor-encapsulated-options-how-to-format-encode

Beispiel für dnsmasq:

# unifi controller
dhcp-option=vendor:ubnt,43,"192.168.72.8"

Konsole: auf Werkszustand zurück setzen (holt sich die IP per DHCP)

syswrapper.sh restore-default

Adoption auf der AP Seite auslösen

''set-inform http://ip-of-controller:8080/inform ''

UBNT-BZ.v3.9.27# set-inform http://192.168.72.8:8080/inform

Adoption request sent to 'http://192.168.72.8:8080/inform'.  Use the controller to complete the adopt process.

Wireless Uplink

Factory reset if you have already been trying to get them to work
Adopt the APs on a wired ethernet connection. Upgrade them if required to latest firmware.
Manually set the Radio Channels (both frequency bands) to be the same on the AP you want to wirelessly uplink and the AP you want to downlink from to be the same. Note that the wireless uplink takes place in the 5GHz band and according to release notes uplinking on a DFS channel is being removed imminently (which somewhat limits options).
Do NOT set a static IP address on the AP(s) you want to be wirelessly connected - undocumented quirk it seems!
Make sure that in Settings>Site the Uplink Connectivity Monitor is Enabled
Remove the wired connection from the AP(s) you want to be wireless and connect just the PoE power and wait for it to reboot.
The device to be wirelessly connected should go heartbeat missed, disconnected, isolated - let it do it in its own time
In the AP Configuration go to Wireless Uplink and select the link icon on the AP to uplink to. If this box is blank give it a minute or two. if it stays blank something above has probably gone wrong!
There will short delay while the AP acting as downlink is provisioned and then within a minute or two the AP being wirelessly connected should come out of Isolation and report Connected (Wirelessly)
Resist the temptation to now try setting a static AP or you'll have to start over!

Cloud-Key: ordentliche Zertifikate

Cloud Key: Als primärer Webserver wird nginx benutzt, einfach die Zertifikate in /etc/nginx tauschen. Das Controller UI ist eine JVM mit einer Spring Boot Applikation (http://spring.io/projects/spring-boot und https://www.torsten-horn.de/techdocs/Spring-Boot.html). Die SSL Zertifikate liegen in einem Java Key Store in /etc/ssl/private/unifi.keystore.jks vor.

Doku https://scotthelme.co.uk/setting-up-https-on-the-unifi-cloudkey/

UI stoppen:

service unifi stop 2. Zertifikate und CA in P12 Format wandeln: openssl pkcs12 -export -in unifi.netzwissen.loc.crt -inkey unifi.netzwissen.loc.key -certfile canetzwissenlocutus.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise 3. Daraus einen jks erzeugen:keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise name und password wie angegeben beibehalten! 4. UI wieder starten service unifi start

Admin Reset über Mongodb

User auflisten

''mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"''

Neuen hash "password" setzen

mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'

Hash erstellen

''# mkpasswd -m sha-512 password -s "ybLXKYjTNj9vv"