#Compatibility
I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.
#Instructions
-
Install Raspbian on a SD card. I tested this with Jessie Lite (headless)
-
Use raspi-config to expand the filesystem, rename your PI, etc
sudo raspi-config
-
Reboot the PI for the filesystem changes to take effect
-
Update packages
sudo apt-get update sudo apt-get upgrade -y
-
Install Java 7 (OpenJDK) and MongoDB
sudo apt-get install -y openjdk-7-jre-headless mongodb
-
Disable the default MongoDB instance to free up resources (UniFi will run its own copy)
sudo service mongodb stop sudo service mongodb disable
-
Add Ubiquiti's source list
echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee /etc/apt/sources.list.d/100-ubnt.list sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 sudo apt-get update
-
Install the UniFi controller software
apt-get install -y unifi
-
Create log rotation to avoid disk space issues NOTE: downloads
unifi_logrotate.d.sh
from this Gistsudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
-
Generate yourself a CSR, replace the details as desired
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US
This will generate a CSR for you at
/var/lib/unifi/unifi_certificate.csr.pem
-
Generate the certificate using your own CA, or a buy a certificate from a real CA
-
Download your certificate(s) to
/var/lib/unifi/
-
Import the certificate
cd /var/lib/unifi sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem sudo service unifi restart
NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ
-
Verify your service is exposed with netstat, like this:
pi@hostname:~ $ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27117 0.0.0.0:* LISTEN 542/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 499/sshd tcp6 0 0 :::8843 :::* LISTEN 509/java tcp6 0 0 :::8880 :::* LISTEN 509/java tcp6 0 0 :::8080 :::* LISTEN 509/java tcp6 0 0 :::22 :::* LISTEN 499/sshd tcp6 0 0 :::8443 :::* LISTEN 509/java
-
Now you are ready to start using your controller! You can reach it at
https://<your-hostname-or-ip>:8443
#Bonus
If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.
-
Set up the rules
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-
Install
iptables-persistent
to automatically reload these for ussudo apt-get install iptables-persistent
Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!
-
Test your controller at
https://<your-hostname-or-ip>