UniFi Network Controller with Raspberry Pi

Install Raspbian

https://www.raspberrypi.org/downloads/raspbian/

I use Lite because i’m only using SSH to manage my Raspberry Pi.

sudo systemctl start ssh

Raspberry configuration

sudo apt update
sudo apt full-upgrade -y
sudo reboot
sudo apt install -y vim iptables-persistent openjdk-8-jre-headless

Remove Java 9 ( if needed )

Raspbian Lite doesnt come with java preinstalled but if you install some other package and it has java 9 you need to remove it and install java 8.

UniFi 5.9.29 Stable Release: Only Java 8 is supported. Java 9 is not yet supported.

sudo apt remove openjdk-9-jre-headless
sudo apt install -y openjdk-8-jre-headless
sudo dpkg --purge --force-depends ca-certificates-java
sudo apt install ca-certificates-java

Configure and enable SSH

SSH is not enabled by default.

sudo systemctl enable ssh

sudo vim /etc/ssh/sshd_config

PermitRootLogin no

sudo systemctl reload ssh

Configure iptables

Here are simple IPv4 rules
sudo vim /etc/iptables/rules.v4
add to end before COMMIT

-A INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 6789,8080,8443,8880 -m comment --comment "Unifi TCP" -j ACCEPT
-A INPUT -p udp -m udp --dport 3478 -m comment --comment "Unifi UDP" -j ACCEPT

Change pi users password

sudo passwd pi

Disable IPv6

sudo vim /etc/sysctl.conf
add lines to end of file

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sudo sysctl -p

Install UniFi Network Controller

https://help.ubnt.com/hc/en-us/articles/220066768-UniFi-How-to-Install-and-Update-via-APT-on-Debian-or-Ubuntu

echo 'deb http://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
sudo apt update
sudo apt install unifi

MongoDB

At the time of writing this Unifi says

We recommend at least MongoDB 2.6.10. Some users have changed the backend to use MongoDB 3 successfully too.

Raspbian repos comes with MongoDB 2.4.14 which i’m using at time of writing. I will install MongoDB 3 if i face any problems with 2.4.

Import Let’s Encrypt certs

I use Let’s Encrypt wildcard at home. I’ll move certs to Rasperry Pi with SFTP pi home folder and move certs into /etc/ssl/domain/.

You can find Let’s Encrypt Intermediate Certificate ( domain.ca ) from https://letsencrypt.org/certificates/

sudo mkdir /etc/ssl/domain/
sudo mv /home/pi/domain.* /etc/ssl/domain/
sudo cat /etc/ssl/domain/domain.crt /etc/ssl/domain/domain.ca > /etc/ssl/domain/domain.fullchain
sudo chmod 600 /etc/ssl/domain/*
sudo chown root: /etc/ssl/domain/*

Create keystore for unifi

sudo openssl pkcs12 -export -inkey /etc/ssl/domain/domain.key -in /etc/ssl/domain/domain.fullchain -out /etc/ssl/fullchain.p12 -name unifi -password pass:unifi
sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/ssl/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
sudo service unifi restart

Done

Create DNS A-record for raspberry pi like raspberry.domain

You can now access controller https://raspberry.domain:8443

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.