Nginx will proxy traffic to the UniFi controller, user will not see the port number in their browser.Here’s a breakdown of the various behaviors that you’ll see based on the source URL: Nginx will reverse-proxy all traffic for you. We’re done! The UniFi interface should now be available at without having to add :8443 to the URL. Sudo ln -s /etc/nginx/sites-available/unifi /etc/nginx/sites-enabled/ Ssl_trusted_certificate /etc/nginx/.crt Īdd_header X-XSS-Protection "1 mode=block" Īdd_header Strict-Transport-Security "max-age=31536000 includeSubdomains" Ĭreate a strong, unique Diffie-Hellman group for the server: We need to create a certificate package in PKCS12 format, which openssl can do for us: ca-chain.crt (intermediate certificate chain in PEM format, NOT including the root CA).I purchased a SSL certificate for, so I started with the following files: In good news, it’s pretty simple to replace the SSL certificate used by the UniFi application server. This might be OK for a local (LAN) deployment if you’re willing to put up with browser warnings, but is definitely a faux pas for a hosted controller. The UniFi controller package ships with a self-signed SSL certificate by default. This is a good time to set up a DNS CNAME for your instance (i.e CNAME .com) and purchase an SSL certificate for that domain. After all, you probably aren’t interested in purchasing an SSL certificate for the domain .com. The rest of this walkthrough only makes sense if you have a ‘pretty’ DNS name to use for your new controller instance. You should now be able to connect to the controller UI via your browser at and complete the first-run setup wizard for the UniFi controller. Also, if you choose the unifi3 channel, you’ll likely have to modify the target of JAVA_HOME in /etc/init.d/unifi, as they hardcoded an obsolete path to the JVM.
Note that UniFi Switch and UniFi Security Gateway products are only supported by the unifi4 version of the controller ( 4.x series). Sudo apt-key adv -keyserver -recv C0A52C50ĮDIT : Ubiquiti repo channels unifi-beta and unifi-rapid have been renamed to unifi4 (stable) and unifi3 (oldstable). com) and connect to it via SSH.Įcho 'deb unifi4 ubiquiti' | sudo tee /etc/apt/sources.list Once your new instance has booted, find the host name (e.g. I created a t2.micro instance using the official Ubuntu 14.04 AMI, making sure to assign the unifi-controller security group to the instance. You should restrict the inbound traffic sources to networks where you have deployed UniFi equipment that will talk to the controller.Ĭreate a new EC2 instance.
If you’re new to AWS, Amazon has a nice tutorial for creating an EC2 instance.Ĭreate a new EC2 security group that opens inbound access to all necessary UniFi ports. I assume that you have some familiarity with AWS - demonstrating security group and instance creation is outside the scope of this walkthough. secure the controller and nginx proxy with our own SSL certificate.configure nginx as a reverse proxy (to preserve the native port mapping that ships with the controller).
#INSTALLING UNIFI CONTROLLER ON UBUNTU INSTALL#
0 kommentar(er)
