Skip to content

Instantly share code, notes, and snippets.

@emaserafini

emaserafini/rpi_unifi.md

Forked from kburdett/rpi_unifi.md
Last active April 7, 2017 22:35
Show Gist options
  • Save emaserafini/ea7f0e7d68cfef2b55bfa3901b654778 to your computer and use it in GitHub Desktop.
Save emaserafini/ea7f0e7d68cfef2b55bfa3901b654778 to your computer and use it in GitHub Desktop.
Download ZIP
Install Ubiquiti's UniFi Controller on a Raspberry Pi
Raw
rpi_unifi.md

https://www.loganmarchione.com/2016/11/ubiquiti-unifi-controller-setup-raspberry-pi-3/ https://gist.github.com/bwbaugh/de575219fecf48e859a48eebe16539c6

#Compatibility

I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.

#Instructions

  1. Install Raspbian on a SD card. I tested this with Jessie Lite (headless)

  2. Use raspi-config to expand the filesystem, rename your PI, etc

    sudo raspi-config

  3. Reboot the PI for the filesystem changes to take effect

  4. Update packages

    sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install rpi-update && echo Y | sudo rpi-update

  5. Add Ubiquiti's source list

    echo 'deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti' | sudo tee -a /etc/apt/sources.list.d/ubnt.list > /dev/null
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
sudo apt-get update

  6. Install the UniFi controller software

    sudo apt-get install unifi -y

Remove the UniFi Cloud Library, using the following command:

sudo rm /usr/lib/unifi/lib/native/Linux/armhf/libubnt_webrtc_jni.so

Update the Snappy Java Library, using the following commands:

cd /usr/lib/unifi/lib sudo rm snappy-java-1.0.5.jar sudo wget http://central.maven.org/maven2/org/xerial/snappy/snappy-java/1.1.2/snappy-java-1.1.2.jar sudo ln -s snappy-java-1.1.2.jar snappy-java-1.0.5.jar

Oracle Java 8 (Optional)

The UniFi package automatically installs and configures

OpenJDK Java 7. However, if you would prefer to use

Oracle Java 8, perform the following steps.

If needed (Raspbian Lite):

sudo apt-get install oracle-java8-jdk -y

Update your environment to use the new Java.

sudo update-alternatives --config java sudo update-alternatives --config java

sudo sed -i '/^[Service]$/a Environment=JAVA_HOME=/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt' /etc/systemd/system/multi-user.target.wants/unifi.service

  1. Create log rotation to avoid disk space issues NOTE: downloads unifi_logrotate.d.sh from this Gist

    sudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi

  2. Generate yourself a CSR, replace the details as desired

    sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US

    This will generate a CSR for you at /var/lib/unifi/unifi_certificate.csr.pem

  3. Generate the certificate using your own CA, or a buy a certificate from a real CA

  4. Download your certificate(s) to /var/lib/unifi/

  5. Import the certificate

    cd /var/lib/unifi
sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem
sudo service unifi restart

    NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ

  6. Verify your service is exposed with netstat, like this:

    pi@hostname:~ $ sudo netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:27117         0.0.0.0:*               LISTEN      542/mongod      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      499/sshd        
tcp6       0      0 :::8843                 :::*                    LISTEN      509/java        
tcp6       0      0 :::8880                 :::*                    LISTEN      509/java        
tcp6       0      0 :::8080                 :::*                    LISTEN      509/java        
tcp6       0      0 :::22                   :::*                    LISTEN      499/sshd        
tcp6       0      0 :::8443                 :::*                    LISTEN      509/java

  7. Now you are ready to start using your controller! You can reach it at https://<your-hostname-or-ip>:8443

#Bonus

If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.

  1. Set up the rules

    sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

  2. Install iptables-persistent to automatically reload these for us

    sudo apt-get install iptables-persistent

    Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!

  3. Test your controller at https://<your-hostname-or-ip>

Raw
unifi_logrotate.d.sh
/var/log/unifi/*.log {
rotate 7
daily
missingok
notifempty
delaycompress
compress
copytruncate
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment