https://www.loganmarchione.com/2016/11/ubiquiti-unifi-controller-setup-raspberry-pi-3/ https://gist.github.com/bwbaugh/de575219fecf48e859a48eebe16539c6
#Compatibility
I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.
#Instructions
-
Install Raspbian on a SD card. I tested this with Jessie Lite (headless)
-
Use raspi-config to expand the filesystem, rename your PI, etc
sudo raspi-config
-
Reboot the PI for the filesystem changes to take effect
-
Update packages
sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install rpi-update && echo Y | sudo rpi-update
-
Add Ubiquiti's source list
echo 'deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti' | sudo tee -a /etc/apt/sources.list.d/ubnt.list > /dev/null sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 sudo apt-get update
-
Install the UniFi controller software
sudo apt-get install unifi -y
sudo rm /usr/lib/unifi/lib/native/Linux/armhf/libubnt_webrtc_jni.so
cd /usr/lib/unifi/lib sudo rm snappy-java-1.0.5.jar sudo wget http://central.maven.org/maven2/org/xerial/snappy/snappy-java/1.1.2/snappy-java-1.1.2.jar sudo ln -s snappy-java-1.1.2.jar snappy-java-1.0.5.jar
sudo apt-get install oracle-java8-jdk -y
sudo update-alternatives --config java sudo update-alternatives --config java
sudo sed -i '/^[Service]$/a Environment=JAVA_HOME=/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt' /etc/systemd/system/multi-user.target.wants/unifi.service
-
Create log rotation to avoid disk space issues NOTE: downloads
unifi_logrotate.d.sh
from this Gistsudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
-
Generate yourself a CSR, replace the details as desired
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US
This will generate a CSR for you at
/var/lib/unifi/unifi_certificate.csr.pem
-
Generate the certificate using your own CA, or a buy a certificate from a real CA
-
Download your certificate(s) to
/var/lib/unifi/
-
Import the certificate
cd /var/lib/unifi sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem sudo service unifi restart
NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ
-
Verify your service is exposed with netstat, like this:
pi@hostname:~ $ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27117 0.0.0.0:* LISTEN 542/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 499/sshd tcp6 0 0 :::8843 :::* LISTEN 509/java tcp6 0 0 :::8880 :::* LISTEN 509/java tcp6 0 0 :::8080 :::* LISTEN 509/java tcp6 0 0 :::22 :::* LISTEN 499/sshd tcp6 0 0 :::8443 :::* LISTEN 509/java
-
Now you are ready to start using your controller! You can reach it at
https://<your-hostname-or-ip>:8443
#Bonus
If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.
-
Set up the rules
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-
Install
iptables-persistent
to automatically reload these for ussudo apt-get install iptables-persistent
Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!
-
Test your controller at
https://<your-hostname-or-ip>