Ubiquity Unifi Controller


Docker Compose (V2, golang):

version: "2.1"
    image: lscr.io/linuxserver/unifi-controller:latest
    container_name: unifi-controller
      - PUID=1000
      - PGID=1000
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      - /mnt/data/unifi/:/config
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped


docker-compose up


docker run -d \
  --name=unifi-controller \
  -e PUID=1000 \
  -e PGID=1000 \
  -e MEM_LIMIT=1024 `#optional` \
  -e MEM_STARTUP=1024 `#optional` \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
  -p 8080:8080 \
  -p 1900:1900/udp `#optional` \
  -p 8843:8843 `#optional` \
  -p 8880:8880 `#optional` \
  -p 6789:6789 `#optional` \
  -p 5514:5514/udp `#optional` \
  -v <path to data>:/config \
  --restart unless-stopped \
cat /tmp/running.cfg


TCP22SSH access (controller & devices)
UDP3478STUN communication (AWS)
TCP8080Device and controller communication
TCP8443controller GUI/API as seen in a web browser
TCP8880HTTP portal redirection.
TCP8843HTTPS portal redirection
TCP6789UniFi mobile speed tes
TCP27117local-bound database communication
UDP5656-5699AP-EDU broadcasting.
UDP10001AP discovery
UDP1900Make controller discoverable on L2 network" in controller settings.


Auf den UAP per ssh anmelden (geht auch über den Controller, Werkzeuge, Debug

In /etc/dropbear/authorized_keys den pub Key per vi eintragen

Danach die Konfig mit

cfgmtd -w -p /etc/

neu einlesen und in den Flash schreiben lassen.



DNS: "unifi" muss auf die Controller IP auflösen

DHCP: Option 43 muss die IP des Controllers liefern, siehe https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless#To_use_DHCP_Option_43
Diskussion zu Option 43: https://serverfault.com/questions/318292/linux-dhcp-server-option-43-vendor-encapsulated-options-how-to-format-encode

Beispiel für dnsmasq:

# unifi controller

Konsole: auf Werkszustand zurück setzen (holt sich die IP per DHCP)

syswrapper.sh restore-default

Adoption auf der AP Seite auslösen

''set-inform http://ip-of-controller:8080/inform ''

UBNT-BZ.v3.9.27# set-inform

Adoption request sent to ''.  Use the controller to complete the adopt process.

1. Factory reset if you have already been trying to get them to work

2. Adopt the APs on a wired ethernet connection. Upgrade them if required to latest firmware.

3. Manually set the Radio Channels (both frequency bands) to be the same on the AP you want to wirelessly uplink and the AP you want to downlink from to be the same. Note that the wireless uplink takes place in the 5GHz band and according to release notes uplinking on a DFS channel is being removed imminently (which somewhat limits options).

4. Do NOT set a static IP address on the AP(s) you want to be wirelessly connected - undocumented quirk it seems!

5. Make sure that in Settings>Site the Uplink Connectivity Monitor is Enabled

6. Remove the wired connection from the AP(s) you want to be wireless and connect just the PoE power and wait for it to reboot.

7. The device to be wirelessly connected should go heartbeat missed, disconnected, isolated - let it do it in its own time

8. In the AP Configuration go to Wireless Uplink and select the link icon on the AP to uplink to. If this box is blank give it a minute or two. if it stays blank something above has probably gone wrong!

9. There will short delay while the AP acting as downlink is provisioned and then within a minute or two the AP being wirelessly connected should come out of Isolation and report Connected (Wirelessly)

10. Resist the temptation to now try setting a static AP or you'll have to start over!

Cloud Key: Als primärer Webserver wird nginx benutzt, einfach die Zertifikate in /etc/nginx tauschen. Das Controller UI ist eine JVM mit einer Spring Boot Applikation (http://spring.io/projects/spring-boot und https://www.torsten-horn.de/techdocs/Spring-Boot.html). Die SSL Zertifikate liegen in einem Java Key Store in /etc/ssl/private/unifi.keystore.jks vor.

Doku https://scotthelme.co.uk/setting-up-https-on-the-unifi-cloudkey/

1. UI stoppen:

service unifi stop 2. Zertifikate und CA in P12 Format wandeln: openssl pkcs12 -export -in unifi.netzwissen.loc.crt -inkey unifi.netzwissen.loc.key -certfile ca_netzwissen_locutus.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise 3. Daraus einen jks erzeugen: keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise name und password wie angegeben beibehalten! 4. UI wieder starten service unifi start

User auflisten

''mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"''

Neuen hash "password" setzen

mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'

Hash erstellen

''# mkpasswd -m sha-512 password -s "ybLXKYjTNj9vv"
  • unifi-controller.txt
  • Zuletzt geändert: 05/03/2024 - 10:52
  • von