Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Install Ubiquiti's UniFi Controller on a Raspberry Pi

Compatibility

I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.

Instructions

  1. Install Raspbian on a SD card. I tested this with Jessie Lite (headless)

  2. Use raspi-config to expand the filesystem, rename your PI, etc

    sudo raspi-config
  3. Reboot the PI for the filesystem changes to take effect

  4. Update packages

    sudo apt-get update
    sudo apt-get upgrade -y
  5. Install Java 7 (OpenJDK) and MongoDB

    sudo apt-get install -y openjdk-7-jre-headless mongodb
  6. Disable the default MongoDB instance to free up resources (UniFi will run its own copy)

    sudo service mongodb stop
    sudo service mongodb disable
  7. Add Ubiquiti's source list

    echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee /etc/apt/sources.list.d/100-ubnt.list
    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
    sudo apt-get update
  8. Install the UniFi controller software

    apt-get install -y unifi
  9. Create log rotation to avoid disk space issues NOTE: downloads unifi_logrotate.d.sh from this Gist

    sudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
  10. Generate yourself a CSR, replace the details as desired

    sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US

    This will generate a CSR for you at /var/lib/unifi/unifi_certificate.csr.pem

  11. Generate the certificate using your own CA, or a buy a certificate from a real CA

  12. Download your certificate(s) to /var/lib/unifi/

  13. Import the certificate

    cd /var/lib/unifi
    sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem
    sudo service unifi restart

    NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ

  14. Verify your service is exposed with netstat, like this:

    pi@hostname:~ $ sudo netstat -tlnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:27117         0.0.0.0:*               LISTEN      542/mongod      
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      499/sshd        
    tcp6       0      0 :::8843                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::8880                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::8080                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::22                   :::*                    LISTEN      499/sshd        
    tcp6       0      0 :::8443                 :::*                    LISTEN      509/java
    
  15. Now you are ready to start using your controller! You can reach it at https://<your-hostname-or-ip>:8443

Bonus

If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.

  1. Set up the rules

    sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
    sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
    sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
    sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
  2. Install iptables-persistent to automatically reload these for us

    sudo apt-get install iptables-persistent

    Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!

  3. Test your controller at https://<your-hostname-or-ip>

/var/log/unifi/*.log {
rotate 7
daily
missingok
notifempty
delaycompress
compress
copytruncate
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment