I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue. I have tried with a Raspberry Pi 1B, but the application crashes on startup. I assume it is due to a lack of RAM. Presumably, it would run on a Raspberry Pi 2B as well (same amount of RAM), but I have not tested it on this model. YMMV.
-
Install Raspbian on a SD card. I tested this with Jessie Lite (headless)
-
Use raspi-config to expand the filesystem, rename your PI, etc
sudo raspi-config
-
Reboot the PI for the filesystem changes to take effect
-
Update packages
sudo apt-get update sudo apt-get upgrade -y
-
Install Java 7 (OpenJDK) and MongoDB
sudo apt-get install -y openjdk-7-jre-headless mongodb
-
Disable the default MongoDB instance to free up resources (UniFi will run its own copy)
sudo service mongodb stop sudo service mongodb disable
-
Add Ubiquiti's source list
echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee /etc/apt/sources.list.d/100-ubnt.list sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 sudo apt-get update
-
Install the UniFi controller software
apt-get install -y unifi
-
Create log rotation to avoid disk space issues NOTE: downloads
unifi_logrotate.d.sh
from this Gistsudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
-
Generate yourself a CSR, replace the details as desired
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US
This will generate a CSR for you at
/var/lib/unifi/unifi_certificate.csr.pem
-
Generate the certificate using your own CA, or a buy a certificate from a real CA
-
Download your certificate(s) to
/var/lib/unifi/
-
Import the certificate
cd /var/lib/unifi sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem sudo service unifi restart
NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ
-
Verify your service is exposed with netstat, like this:
pi@hostname:~ $ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27117 0.0.0.0:* LISTEN 542/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 499/sshd tcp6 0 0 :::8843 :::* LISTEN 509/java tcp6 0 0 :::8880 :::* LISTEN 509/java tcp6 0 0 :::8080 :::* LISTEN 509/java tcp6 0 0 :::22 :::* LISTEN 499/sshd tcp6 0 0 :::8443 :::* LISTEN 509/java
-
Now you are ready to start using your controller! You can reach it at
https://<your-hostname-or-ip>:8443
If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.
-
Set up the rules
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-
Install
iptables-persistent
to automatically reload these for ussudo apt-get install iptables-persistent
Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!
-
Test your controller at
https://<your-hostname-or-ip>
Everything functionally works,
There's only one thing that I can complain: testing wifi speed using mobile app is kind of not working properly,
because it literally test the throughput between RPI and phone which is bounded by the line speed of RPI.