Ubiquity Unifi Controller
Allgemeine Doku
Troubleshooting https://help.ubnt.com/hc/en-us/sections/200887574-UniFi-Troubleshooting
config.properties:https://help.ubnt.com/hc/en-us/articles/205146040-UniFi-config-properties-File-Explanation
Betrieb in Docker Container
https://docs.linuxserver.io/images/docker-unifi-controller
Docker Compose (V2, golang):
---
version: "2.1"
services:
unifi-controller:
image: lscr.io/linuxserver/unifi-controller:latest
container_name: unifi-controller
environment:
- PUID=1000
- PGID=1000
- MEM_LIMIT=1024 #optional
- MEM_STARTUP=1024 #optional
volumes:
- /mnt/data/unifi/:/config
ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp #optional
- 8843:8843 #optional
- 8880:8880 #optional
- 6789:6789 #optional
- 5514:5514/udp #optional
restart: unless-stopped
Danach
docker-compose up
Dauerbetreib
docker run -d \ --name=unifi-controller \ -e PUID=1000 \ -e PGID=1000 \ -e MEM_LIMIT=1024 `#optional` \ -e MEM_STARTUP=1024 `#optional` \ -p 8443:8443 \ -p 3478:3478/udp \ -p 10001:10001/udp \ -p 8080:8080 \ -p 1900:1900/udp `#optional` \ -p 8843:8843 `#optional` \ -p 8880:8880 `#optional` \ -p 6789:6789 `#optional` \ -p 5514:5514/udp `#optional` \ -v <path to data>:/config \ --restart unless-stopped \ lscr.io/linuxserver/unifi-controller:latest
Aktuelle Config
cat /tmp/running.cfg
Ports
| Typ | Port | Zweck |
|---|---|---|
| TCP | 22 | SSH access (controller & devices) |
| UDP | 3478 | STUN communication (AWS) |
| TCP | 8080 | Device and controller communication |
| TCP | 8443 | controller GUI/API as seen in a web browser |
| TCP | 8880 | HTTP portal redirection. |
| TCP | 8843 | HTTPS portal redirection |
| TCP | 6789 | UniFi mobile speed tes |
| TCP | 27117 | local-bound database communication |
| UDP | 5656-5699 | AP-EDU broadcasting. |
| UDP | 10001 | AP discovery |
| UDP | 1900 | Make controller discoverable on L2 network" in controller settings. |
Custom SSH Keys
https://help.ubnt.com/hc/en-us/articles/235247068-UniFi-Add-Custom-SSH-Keys-to-Your-UniFi-Devices
Auf den UAP per ssh anmelden (geht auch über den Controller, Werkzeuge, Debug
In /etc/dropbear/authorized_keys den pub Key per vi eintragen
Danach die Konfig mit
cfgmtd -w -p /etc/
neu einlesen und in den Flash schreiben lassen.
Adoption
https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-Uni
Voraussetzungen:
DNS: "unifi" muss auf die Controller IP auflösen
DHCP: Option 43 muss die IP des Controllers liefern, siehe https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless#To_use_DHCP_Option_43
Diskussion zu Option 43: https://serverfault.com/questions/318292/linux-dhcp-server-option-43-vendor-encapsulated-options-how-to-format-encode
Beispiel für dnsmasq:
# unifi controller dhcp-option=vendor:ubnt,43,"192.168.72.8"
Konsole: auf Werkszustand zurück setzen (holt sich die IP per DHCP)
syswrapper.sh restore-default
Adoption auf der AP Seite auslösen
''set-inform http://ip-of-controller:8080/inform '' UBNT-BZ.v3.9.27# set-inform http://192.168.72.8:8080/inform Adoption request sent to 'http://192.168.72.8:8080/inform'. Use the controller to complete the adopt process.
Wireless Uplink
1. Factory reset if you have already been trying to get them to work
2. Adopt the APs on a wired ethernet connection. Upgrade them if required to latest firmware.
3. Manually set the Radio Channels (both frequency bands) to be the same on the AP you want to wirelessly uplink and the AP you want to downlink from to be the same. Note that the wireless uplink takes place in the 5GHz band and according to release notes uplinking on a DFS channel is being removed imminently (which somewhat limits options).
4. Do NOT set a static IP address on the AP(s) you want to be wirelessly connected - undocumented quirk it seems!
5. Make sure that in Settings>Site the Uplink Connectivity Monitor is Enabled
6. Remove the wired connection from the AP(s) you want to be wireless and connect just the PoE power and wait for it to reboot.
7. The device to be wirelessly connected should go heartbeat missed, disconnected, isolated - let it do it in its own time
8. In the AP Configuration go to Wireless Uplink and select the link icon on the AP to uplink to. If this box is blank give it a minute or two. if it stays blank something above has probably gone wrong!
9. There will short delay while the AP acting as downlink is provisioned and then within a minute or two the AP being wirelessly connected should come out of Isolation and report Connected (Wirelessly)
10. Resist the temptation to now try setting a static AP or you'll have to start over!
Cloud-Key: ordentliche Zertifikate
Cloud Key: Als primärer Webserver wird nginx benutzt, einfach die Zertifikate in /etc/nginx tauschen. Das Controller UI ist eine JVM mit einer Spring Boot Applikation (http://spring.io/projects/spring-boot und https://www.torsten-horn.de/techdocs/Spring-Boot.html). Die SSL Zertifikate liegen in einem Java Key Store in /etc/ssl/private/unifi.keystore.jks vor.
Doku https://scotthelme.co.uk/setting-up-https-on-the-unifi-cloudkey/
1. UI stoppen:
service unifi stop 2. Zertifikate und CA in P12 Format wandeln: openssl pkcs12 -export -in unifi.netzwissen.loc.crt -inkey unifi.netzwissen.loc.key -certfile ca_netzwissen_locutus.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise
3. Daraus einen jks erzeugen:
keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise name und password wie angegeben beibehalten! 4. UI wieder starten service unifi start
Admin Reset über Mongodb
User auflisten
''mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"''
Neuen hash "password" setzen
mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'
Hash erstellen
''# mkpasswd -m sha-512 password -s "ybLXKYjTNj9vv"
127.0.0.1