I currently run Ubiquiti's UniFi Controller on a Raspberry Pi 3B without issue.
-
Install Raspbian on a SD card. I tested this with Stretch Lite (headless)
-
Use raspi-config to enable SSH (Interfacing Options) and set correct locale.
sudo raspi-config
-
Reboot the PI for the filesystem changes to take effect
-
Update packages
sudo apt-get update sudo apt-get upgrade -y
-
Install Oracle Java 8
sudo apt-get -y install oracle-java8-jdk
-
Add Ubiquiti's source list
echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee -a /etc/apt/sources.list.d/100-ubnt.list > /dev/null sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ubnt.com/unifi/unifi-repo.gpg sudo apt-get update
-
Install the UniFi controller software (which includes components such as MongoDB)
sudo apt-get install -y unifi
-
Stop and disable the default MongoDB database instance
sudo systemctl stop mongodb sudo systemctl disable mongodb
-
Reboot
sudo reboot
-
Create log rotation to avoid disk space issues NOTE: downloads
unifi_logrotate.d.sh
from this Gistsudo wget https://gist.githubusercontent.com/kburdett/006a16316afa62148b16/raw/unifi_logrotate.d.sh -O /etc/logrotate.d/unifi
-
Generate yourself a CSR, replace the details as desired
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State US
This will generate a CSR for you at
/var/lib/unifi/unifi_certificate.csr.pem
-
Generate the certificate using your own CA, or a buy a certificate from a real CA
-
Download your certificate(s) to
/var/lib/unifi/
-
Import the certificate
cd /var/lib/unifi sudo java -jar /usr/lib/unifi/lib/ace.jar import_cert unifi_certificate.cert.pem intermediate.cert.pem root.cert.pem sudo service unifi restart
NOTE: I am importing a certificate, plus the intermediate and root certs to establish a chain, your chain may differ
-
Verify your service is exposed with netstat, like this:
pi@hostname:~ $ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27117 0.0.0.0:* LISTEN 542/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 499/sshd tcp6 0 0 :::8843 :::* LISTEN 509/java tcp6 0 0 :::8880 :::* LISTEN 509/java tcp6 0 0 :::8080 :::* LISTEN 509/java tcp6 0 0 :::22 :::* LISTEN 499/sshd tcp6 0 0 :::8443 :::* LISTEN 509/java
-
Now you are ready to start using your controller! You can reach it at
https://<your-hostname-or-ip>:8443
If you (like me) prefer easy to type (and remember) URLs, then we can move the UniFi controller to ports 80 & 443 (standard HTTP and HTTPS ports). This way, no port will be required in the URL bar. The UniFi controller runs under a limited user and cannot bind to these ports, so we cannot do this with UniFi configuration alone. So... iptables to the rescue :) We will set up an internal port forward.
-
Set up the rules
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo ip6tables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-
Install
iptables-persistent
to automatically reload these for ussudo apt-get install iptables-persistent
Answer "yes" to both prompts to save the rules on install (one for IPv4, one for IPv6), and we are done!
-
Test your controller at
https://<your-hostname-or-ip>