Install Raspbian
https://www.raspberrypi.org/downloads/raspbian/
I use Lite because i’m only using SSH to manage my Raspberry Pi.
sudo systemctl start ssh
Raspberry configuration
sudo apt update sudo apt full-upgrade -y sudo reboot sudo apt install -y vim iptables-persistent openjdk-8-jre-headless
Remove Java 9 ( if needed )
Raspbian Lite doesnt come with java preinstalled but if you install some other package and it has java 9 you need to remove it and install java 8.
UniFi 5.9.29 Stable Release: Only Java 8 is supported. Java 9 is not yet supported.
sudo apt remove openjdk-9-jre-headless sudo apt install -y openjdk-8-jre-headless sudo dpkg --purge --force-depends ca-certificates-java sudo apt install ca-certificates-java
Configure and enable SSH
SSH is not enabled by default.
sudo systemctl enable ssh
sudo vim /etc/ssh/sshd_config
PermitRootLogin no
sudo systemctl reload ssh
Configure iptables
Here are simple IPv4 rules
sudo vim /etc/iptables/rules.v4
add to end before COMMIT
-A INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 6789,8080,8443,8880 -m comment --comment "Unifi TCP" -j ACCEPT -A INPUT -p udp -m udp --dport 3478 -m comment --comment "Unifi UDP" -j ACCEPT
Change pi users password
sudo passwd pi
Disable IPv6
sudo vim /etc/sysctl.conf
add lines to end of file
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
sudo sysctl -p
Install UniFi Network Controller
echo 'deb http://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg sudo apt update sudo apt install unifi
MongoDB
At the time of writing this Unifi says
We recommend at least MongoDB 2.6.10. Some users have changed the backend to use MongoDB 3 successfully too.
Raspbian repos comes with MongoDB 2.4.14 which i’m using at time of writing. I will install MongoDB 3 if i face any problems with 2.4.
Import Let’s Encrypt certs
I use Let’s Encrypt wildcard at home. I’ll move certs to Rasperry Pi with SFTP pi home folder and move certs into /etc/ssl/domain/.
You can find Let’s Encrypt Intermediate Certificate ( domain.ca ) from https://letsencrypt.org/certificates/
sudo mkdir /etc/ssl/domain/ sudo mv /home/pi/domain.* /etc/ssl/domain/ sudo cat /etc/ssl/domain/domain.crt /etc/ssl/domain/domain.ca > /etc/ssl/domain/domain.fullchain sudo chmod 600 /etc/ssl/domain/* sudo chown root: /etc/ssl/domain/*
Create keystore for unifi
sudo openssl pkcs12 -export -inkey /etc/ssl/domain/domain.key -in /etc/ssl/domain/domain.fullchain -out /etc/ssl/fullchain.p12 -name unifi -password pass:unifi sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/ssl/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt sudo service unifi restart
Done
Create DNS A-record for raspberry pi like raspberry.domain
You can now access controller https://raspberry.domain:8443