Unifi Cloud Controller

Wiki
1

Ubiquity Unifi Controller

Allgemeine Doku

Troubleshooting https://help.ubnt.com/hc/en-us/sections/200887574-UniFi-Troubleshooting

config.properties:https://help.ubnt.com/hc/en-us/articles/205146040-UniFi-config-properties-File-Explanation

Betrieb in Docker Container

https://docs.linuxserver.io/images/docker-unifi-controller

Docker Compose (V2, golang):

---
version: "2.1"
services:
  unifi-controller:
    image: lscr.io/linuxserver/unifi-controller:latest
    container_name: unifi-controller
    environment:
      - PUID=1000
      - PGID=1000
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
    volumes:
      - /mnt/data/unifi/:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped

Danach

docker-compose up

Dauerbetreib

docker run -d \
  --name=unifi-controller \
  -e PUID=1000 \
  -e PGID=1000 \
  -e MEM_LIMIT=1024 `#optional` \
  -e MEM_STARTUP=1024 `#optional` \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
  -p 8080:8080 \
  -p 1900:1900/udp `#optional` \
  -p 8843:8843 `#optional` \
  -p 8880:8880 `#optional` \
  -p 6789:6789 `#optional` \
  -p 5514:5514/udp `#optional` \
  -v <path to data>:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/unifi-controller:latest

Aktuelle Config

Ports

Typ Port Zweck
TCP 22 SSH access (controller & devices)
UDP 3478 STUN communication (AWS)
TCP 8080 Device and controller communication
TCP 8443 controller GUI/API as seen in a web browser
TCP 8880 HTTP portal redirection.
TCP 8843 HTTPS portal redirection
TCP 6789 UniFi mobile speed tes
TCP 27117 local-bound database communication
UDP 5656-5699 AP-EDU broadcasting.
UDP 10001 AP discovery
UDP 1900 Make controller discoverable on L2 network" in controller settings.

Custom SSH Keys

https://help.ubnt.com/hc/en-us/articles/235247068-UniFi-Add-Custom-SSH-Keys-to-Your-UniFi-Devices

Auf den UAP per ssh anmelden (geht auch über den Controller, Werkzeuge, Debug

In /etc/dropbear/authorized_keys den pub Key per vi eintragen

Danach die Konfig mit

cfgmtd -w -p /etc/

neu einlesen und in den Flash schreiben lassen.

Adoption

https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-Uni

Voraussetzungen:

DNS: „unifi“ muss auf die Controller IP auflösen

DHCP: Option 43 muss die IP des Controllers liefern, siehe https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless#To_use_DHCP_Option_43

Diskussion zu Option 43: https://serverfault.com/questions/318292/linux-dhcp-server-option-43-vendor-encapsulated-options-how-to-format-encode

Beispiel für dnsmasq:

Konsole: auf Werkszustand zurück setzen (holt sich die IP per DHCP)

syswrapper.sh restore-default

Adoption auf der AP Seite auslösen

Wireless Uplink

1.Factory reset if you have already been trying to get them to work

1.Adopt the APs on a wired ethernet connection. Upgrade them if required to latest firmware.

1.Manually set the Radio Channels (both frequency bands) to be the same on the AP you want to wirelessly uplink and the AP you want to downlink from to be the same. Note that the wireless uplink takes place in the 5GHz band and according to release notes uplinking on a DFS channel is being removed imminently (which somewhat limits options).

1.Do NOT set a static IP address on the AP(s) you want to be wirelessly connected - undocumented quirk it seems!

1.Make sure that in Settings>Site the Uplink Connectivity Monitor is Enabled

1.Remove the wired connection from the AP(s) you want to be wireless and connect just the PoE power and wait for it to reboot.

1.The device to be wirelessly connected should go heartbeat missed, disconnected, isolated - let it do it in its own time

1.In the AP Configuration go to Wireless Uplink and select the link icon on the AP to uplink to. If this box is blank give it a minute or two. if it stays blank something above has probably gone wrong!

1.There will short delay while the AP acting as downlink is provisioned and then within a minute or two the AP being wirelessly connected should come out of Isolation and report Connected (Wirelessly)

1.Resist the temptation to now try setting a static AP or you’ll have to start over!

Cloud-Key: ordentliche Zertifikate

Cloud Key: Als primärer Webserver wird nginx benutzt, einfach die Zertifikate in /etc/nginx tauschen. Das Controller UI ist eine JVM mit einer Spring Boot Applikation (http://spring.io/projects/spring-boot und https://www.torsten-horn.de/techdocs/Spring-Boot.html). Die SSL Zertifikate liegen in einem Java Key Store in /etc/ssl/private/unifi.keystore.jks vor.

Doku https://scotthelme.co.uk/setting-up-https-on-the-unifi-cloudkey/

1.UI stoppen:

`service unifi stop 2. Zertifikate und CA in P12 Format wandeln: openssl pkcs12 -export -in unifi.netzwissen.loc.crt -inkey unifi.netzwissen.loc.key -certfile canetzwissenlocutus.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise

  1. Daraus einen jks erzeugen:

`keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise name und password wie angegeben beibehalten! 4. UI wieder starten service unifi start

Admin Reset über Mongodb

User auflisten

''mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"''

Neuen hash "password" setzen

mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'

Hash erstellen

''# mkpasswd -m sha-512 password -s "ybLXKYjTNj9vv"