Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Install Ubiquiti's UniFi Controller on a Raspberry Pi

Compatibility

I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.

Instructions

  1. Install Raspbian on a SD card. I tested this with Jessie Lite (headless)

  2. Use raspi-config to expand the filesystem, rename your PI, etc

    sudo raspi-config
  3. Reboot the PI for the filesystem changes to take effect

  4. Update packages

    sudo apt-get update
    sudo apt-get upgrade -y
  5. Install Java 7 (OpenJDK) and MongoDB

    sudo apt-get install -y openjdk-7-jre-headless mongodb
  6. Disable the default MongoDB instance to free up resources (UniFi will run its own copy)

    sudo service mongodb stop
    sudo service mongodb disable
  7. Add Ubiquiti's source list

    echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee /etc/apt/sources.list.d/100-ubnt.list
    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
    sudo apt-get update
  8. Install the UniFi controller software

    apt-get install -y unifi
  9. Create log rotation to avoid disk space issues NOTE: downloads unifi_logrotate.d.sh from this Gist

    sudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
  10. Generate yourself a CSR, replace the details as desired

    sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US

    This will generate a CSR for you at /var/lib/unifi/unifi_certificate.csr.pem

  11. Generate the certificate using your own CA, or a buy a certificate from a real CA

  12. Download your certificate(s) to /var/lib/unifi/

  13. Import the certificate

    cd /var/lib/unifi
    sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem
    sudo service unifi restart

    NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ

  14. Verify your service is exposed with netstat, like this:

    pi@hostname:~ $ sudo netstat -tlnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:27117         0.0.0.0:*               LISTEN      542/mongod      
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      499/sshd        
    tcp6       0      0 :::8843                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::8880                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::8080                 :::*                    LISTEN      509/java        
    tcp6       0      0 :::22                   :::*                    LISTEN      499/sshd        
    tcp6       0      0 :::8443                 :::*                    LISTEN      509/java
    
  15. Now you are ready to start using your controller! You can reach it at https://<your-hostname-or-ip>:8443

Bonus

If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.

  1. Set up the rules

    sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
    sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
    sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
    sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
  2. Install iptables-persistent to automatically reload these for us

    sudo apt-get install iptables-persistent

    Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!

  3. Test your controller at https://<your-hostname-or-ip>

/var/log/unifi/*.log {
rotate 7
daily
missingok
notifempty
delaycompress
compress
copytruncate
}
@tomasnorre

This comment has been minimized.

Copy link

@tomasnorre tomasnorre commented Nov 14, 2016

Hi,,

Thanks for you how to..

There is a typo:

sude apt-get update should be sudo apt-get update

@kburdett

This comment has been minimized.

Copy link
Owner Author

@kburdett kburdett commented Dec 13, 2016

Thanks for the correction @tomasnorre. I fixed it.

@joergwork

This comment has been minimized.

Copy link

@joergwork joergwork commented Jan 30, 2017

Hi,
first of all thanks for the great how to.

I just have installed it on a rpi 2b. It seems using apt-get install oracle-java8-jdk instead of the openjdk increases speed enormously.
For the newest controller version I have used the deb source:
deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti
'cause stable seems to be version 4. See also https://help.ubnt.com/hc/en-us/articles/220066768

Tomorrow I'll try to configure the whole thing ;)

@rhinodavid

This comment has been minimized.

Copy link

@rhinodavid rhinodavid commented Mar 10, 2017

Thanks for this!

I'm golden until step 10, and then I'm lost. When I run the command for step 10, I get the message Error: Unable to access jarfile lib/ace.jar. I also have no idea how to turn the CSR into a certificate. If someone could point me in the right direction that would be awesome! Thanks.

@akzand

This comment has been minimized.

Copy link

@akzand akzand commented Mar 26, 2017

@kburdett

when im writing step 9 I get Error 400:bad request.

Anybody interested in helping me out, PM me.

Thanks and compensation packages available.

@kriegged

This comment has been minimized.

Copy link

@kriegged kriegged commented Mar 26, 2017

@rasugo

This comment has been minimized.

Copy link

@rasugo rasugo commented May 30, 2017

@kburdett

Hi! Thanks for the great guide.

At step 10, ace.jar only generates unifi_certificate.csr.der unifi_certificate.csr.pem. I tried to import any of these and both together but get an error upon importing with ace. Any suggestion ?

@lzto

This comment has been minimized.

Copy link

@lzto lzto commented Aug 29, 2018

Everything functionally works,
There's only one thing that I can complain: testing wifi speed using mobile app is kind of not working properly,
because it literally test the throughput between RPI and phone which is bounded by the line speed of RPI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment