January 10Jan 10 Application InformationApplication: Network Optimizer for UniFiGitHub Repository: https://github.com/Ozark-Connect/NetworkOptimizerGitHub Packages: https://github.com/orgs/ozark-connect/packages?repo_name=network-optimizerTemplate Repository: https://github.com/stefan-matic/unraid-templatesNetwork Optimizer template: https://github.com/stefan-matic/unraid-templates/blob/main/templates/network-optimizer.xmlNetwork Optimizer Speedtest template: https://github.com/stefan-matic/unraid-templates/blob/main/templates/network-optimizer-speedtest.xmlCategory: Network, Tools, SecurityDisclaimerI am not the original creator of this application.All issues with the application itself, bugs, feature requests, etc. should be submitted directly on github: https://github.com/Ozark-Connect/NetworkOptimizerIf you're having issues with the UNRAID deployment or the template itself - or wish to request new changes for the template you can post a reply here.DescriptionNetwork Optimizer for UniFi analyzes your UniFi controller configuration to identify security gaps, performance issues, and misconfigurations. It answers critical questions: Do your firewall rules actually work? Are your VLANs properly isolated? Are your DNS settings being bypassed?Key Features:Security Auditing - 39 comprehensive checks across four categories with 0-100 scoringAdaptive SQM (Smart Queue Management) - Automatically manages bufferbloat with intelligent bandwidth adjustmentSpeed Testing - LAN testing via iperf3 and client testing via OpenSpeedTestDeep Analysis - Detects firewall rule shadowing, conflicts, and VLAN isolation issuesCellular Monitoring - Track RSSI, RSRP, RSRQ, SINR for U-LTE/U5G-Max backup connectionsDual-WAN Support - Separate configurations per interface with profiles for DOCSIS, fiber, wireless, Starlink, and cellularPDF Reports - Generate actionable security audit reportsPrivacy First - All data stored locally, no external servicesArchitectureNetwork Optimizer uses a two-container architecture:Network Optimizer - Main application that performs security audits, adaptive SQM, network monitoring, and serves the web UI. Includes SQLite database and iperf3 server capabilities.Network Optimizer Speedtest - Customized OpenSpeedTest component for browser-based client speed testing that automatically reports results to the main application.RequirementsMinimum (Audit Only)UniFi OS device (UDM, UCG, UDR, Cloud Key) or self-hosted Network ServerHTTPS access to UniFi controller APILocal-only UniFi account (Ubiquiti SSO not supported)Full FunctionalitySSH access enabled on gateway and UniFi devicesEnable at: Settings → Control Plane → Console → SSHDevice SSH: UniFi Devices → Device Updates and Settings → Device SSH Settings (UniFi Network 9.5+)InstallationPrerequisitesUnraid 6.9+ recommendedUniFi controller with local account createdSSH access enabled on UniFi gateway (for SQM and speed testing)Installation StepsInstall Network Optimizer (Required)Search for "Network Optimizer" in Community Applications or template listConfigure the WebUI port (default: 8042)Set your HOST_IP or HOST_NAME for proper operationOptionally set APP_PASSWORD for authenticationClick ApplyInstall Network Optimizer Speedtest (Recommended)Search for "Network Optimizer Speedtest" in Community Applications or template listConfigure the WebUI port (default: 3005)Set HOST_IP or HOST_NAME to match your Network Optimizer containerClick ApplyAccess the WebUINavigate to http://YOUR-UNRAID-IP:8042If you didn't set APP_PASSWORD, retrieve auto-generated password from container logs: docker logs network-optimizerConfigure your UniFi controller URL in settingsAuthenticate with your local UniFi accountRun Your First AuditNavigate to the Security Audit sectionClick "Run Audit"Review the results and recommendationsConfigurationNetwork OptimizerParameterDefaultDescriptionWebUI Port8042Port to access the Network Optimizer web interfaceData Directory/mnt/user/appdata/network-optimizer/dataSQLite database, configs, and license filesSSH Keys Directory/mnt/user/appdata/network-optimizer/ssh-keysOptional: SSH keys for device accessLogs Directory/mnt/user/appdata/network-optimizer/logsApplication logsTimezoneAmerica/ChicagoTimezone settingAPP_PASSWORDAuto-generatedOptional: Set custom application passwordHOST_IPRequiredHost IP address for path analysis and client speed testsHOST_NAMERequiredHost name for path analysis and client speed testsREVERSE_PROXIED_HOST_NAME-Reverse proxy hostname (e.g., optimizer.example.com)BIND_LOCALHOST_ONLYfalseSet to true to bind to localhost only (for reverse proxy)OpenSpeedTest ConfigurationParameterDefaultDescriptionOPENSPEEDTEST_PORT3005Port where OpenSpeedTest is runningOPENSPEEDTEST_HOST-OpenSpeedTest host for CORS configurationOPENSPEEDTEST_HTTPSfalseSet to true if OpenSpeedTest uses HTTPSOPENSPEEDTEST_HTTPS_PORT443HTTPS port for OpenSpeedTestAdvanced SettingsParameterDefaultDescriptionIPERF3_SERVER_ENABLEDfalseEnable to accept client-initiated speed tests on port 5201LOG_LEVELInformationLogging level (Trace, Debug, Information, Warning, Error, Critical)APP_LOG_LEVELInformationNetwork Optimizer specific log levelDEMO_MODE_MAPPINGS-Optional: Demo mode configurationInfluxDB Integration (Advanced)ParameterDefaultDescriptionINFLUXDB_URL-Optional: InfluxDB URL for metrics storage (e.g., http://localhost:8086)INFLUXDB_TOKEN-Optional: InfluxDB authentication tokenINFLUXDB_ORGnetwork-optimizerOptional: InfluxDB organization nameINFLUXDB_BUCKETnetwork_optimizerOptional: InfluxDB bucket name for storing metricsNetwork Optimizer SpeedtestParameterDefaultDescriptionWebUI Port3005Port for accessing the speed test web interfaceTimezoneAmerica/ChicagoTimezone settingHOST_IPRequiredHost IP for result reporting to Network OptimizerHOST_NAMERequiredHost name for URL constructionREVERSE_PROXIED_HOST_NAME-Reverse proxy hostname for result reportingOPENSPEEDTEST_PORT3005Port number for OpenSpeedTest (should match WebUI Port)Usage GuideInitial SetupAccess the WebUI at http://YOUR-UNRAID-IP:8042Log in with your password (check logs if auto-generated)Navigate to Settings and configure:UniFi Controller URL (e.g., https://192.168.1.1)UniFi local account credentialsSave settings and verify connectionRunning Security AuditsNetwork Optimizer performs 39 checks across four categories:Firewall AnalysisDeep analysis of firewall rulesDetection of rule shadowing and conflictsVerification that rules actually work as intendedVLAN SecurityDevice fingerprinting via MAC lookupsConfirmation that devices are on intended networksVLAN isolation verificationDNS ValidationDoH (DNS over HTTPS) configuration checksWAN DNS settings verificationDetection of DNS bypass attemptsGeneral ConfigurationNetwork best practices validationPerformance issue identificationMisconfiguration detectionResults are scored 0-100 and categorized by severity with actionable recommendations.Adaptive SQM SetupSmart Queue Management automatically addresses bufferbloat:Navigate to SQM configurationSelect your connection profile:DOCSIS (Cable)FiberWirelessStarlinkCellularConfigure dual-WAN if applicable (separate settings per interface)Enable scheduled speed tests for automatic adjustmentDeploy configuration to gateway (persists through reboots)LAN Speed TestingTest network performance between gateway and devices:Ensure SSH is enabled on UniFi gateway and devicesNavigate to Speed Testing sectionSelect target device (auto-discovers UniFi equipment)Run iperf3 testReview results with network path and hop count correlationClient Speed TestingBrowser-based testing from phones, tablets, and laptops:Access Network Optimizer Speedtest at http://YOUR-UNRAID-IP:3005Click "Start Test"Results automatically report to Network OptimizerView location mapping (with HTTPS enabled) for coverage analysisCellular MonitoringFor U-LTE or U5G-Max backup connections:Navigate to Cellular MonitoringView real-time metrics:RSSI (Signal Strength)RSRP (Reference Signal Received Power)RSRQ (Reference Signal Received Quality)SINR (Signal-to-Interference-plus-Noise Ratio)Track tower information and connection qualityGenerating ReportsComplete a security auditNavigate to Reports sectionClick "Generate PDF Report"Download actionable security audit reportTroubleshootingCan't Connect to UniFi ControllerVerify controller URL includes HTTPS (e.g., https://192.168.1.1)Ensure you created a local-only account (Ubiquiti SSO not supported)Check firewall rules allow access from Unraid to controllerVerify SSL certificate is trusted or self-signed certificates are acceptedSSH Connection FailuresConfirm SSH is enabled: Settings → Control Plane → Console → SSHVerify Device SSH Settings: UniFi Devices → Device Updates and SettingsEnsure SSH keys are properly mounted (if using key-based auth)Check that SSH credentials match your UniFi accountSpeed Test Not WorkingVerify HOST_IP or HOST_NAME is set correctly in both containersEnsure Network Optimizer Speedtest container is runningCheck that port 3005 is accessibleVerify CORS configuration for OpenSpeedTestiperf3 Tests FailingEnable iperf3 server by setting IPERF3_SERVER_ENABLED=trueEnsure port 5201 is accessible on the gatewayVerify SSH access to target devicesCheck that iperf3 is installed on UniFi devicesHigh CPU UsageReduce concurrent speed test operationsLower LOG_LEVEL to Warning or ErrorDisable scheduled speed tests if not neededContainer Won't StartCheck that host port 8042 is not already in useVerify data directory permissions: /mnt/user/appdata/network-optimizer/dataReview container logs: docker logs network-optimizerEnsure HOST_IP or HOST_NAME is setPerformance NotesDocker Desktop on macOS/Windows introduces virtualization overhead that limits multi-gigabit testing accuracyFor best speed test results, run on native Linux (Unraid is ideal)LAN testing accuracy depends on SSH connection stabilityLarge networks may take longer for initial device discoveryLicensingNetwork Optimizer uses Business Source License 1.1:Permitted: Personal, non-commercial use across up to three sitesRequires License: Commercial deployment by MSPs, consultants, or service providersFuture: Transitions to Apache 2.0 on January 1, 2028Commercial Inquiries: [email protected]Privacy & SecurityAll data is stored locally in SQLite on your Unraid serverNo data is sent to external servicesUniFi credentials are stored securely (encrypted at rest)SSH connections are established only to your local UniFi devicesNetwork topology data never leaves your networkCurrent StatusFunctional:Core security auditing (39 checks)Adaptive SQM with multiple connection profilesLAN speed testing via iperf3Client speed testing via OpenSpeedTestCellular monitoring for U-LTE/U5G-MaxIn Development:Time-series metrics and historical analysisCable modem statisticsMulti-site supportSupportIf you need help or encounter issues, please post in this thread with:Unraid versionNetwork Optimizer version (check container logs or WebUI)UniFi Network versionUniFi devices in use (UDM, UCG, UDR, etc.)Description of the issueRelevant logs (use docker logs network-optimizer or docker logs network-optimizer-speedtest)Network setup (single/dual-WAN, number of VLANs, etc.)For bugs or feature requests, you can also open an issue on the GitHub repository.FAQQ: Does this work with non-UniFi networks?A: No. Network Optimizer is specifically designed for UniFi controllers and devices. It requires UniFi API access.Q: Can I use my Ubiquiti SSO account?A: No. You must create a local-only account on your UniFi controller. Ubiquiti SSO is not supported.Q: Is my UniFi password stored securely?A: Yes. Credentials are encrypted at rest in the SQLite database and transmitted only over HTTPS to your local controller.Q: Do I need the speedtest container?A: It's optional but recommended. The speedtest container enables browser-based client testing from phones, tablets, and laptops.Q: How accurate are the speed tests?A: Very accurate on native Linux (Unraid). Docker Desktop on macOS/Windows has virtualization overhead that can affect multi-gigabit testing.Q: Can this configure my UniFi network automatically?A: No. Network Optimizer is an analysis and auditing tool. It provides recommendations but does not automatically modify your UniFi configuration. SQM deployment is the exception.Q: Does this work with UbiOS (UDM/UCG/UDR)?A: Yes. It works with UniFi OS devices and self-hosted Network Server installations.Q: What's the difference between this and UniFi's built-in analytics?A: Network Optimizer performs deep security analysis that UniFi doesn't provide, such as firewall rule conflict detection, VLAN isolation verification, and DNS bypass detection. It also offers advanced SQM and comprehensive speed testing.ChangelogVersion 1.0.0 (Initial Release)Network Optimizer templateNetwork Optimizer Speedtest templateSecurity auditing with 39 checks across four categoriesAdaptive SQM with connection profilesLAN speed testing via iperf3Client speed testing via OpenSpeedTestCellular monitoring supportPDF report generationInfluxDB integration (optional)LinksGitHub: https://github.com/Ozark-Connect/NetworkOptimizerTemplate Repository: https://github.com/stefan-matic/unraid-templatesCommercial Licensing: [email protected]Note: Waiting for @Squid (or mods) to move to Application Support > Docker Containers. Edited January 10Jan 10 by Fallen94 Add disclaimer
February 24Feb 24 Unraid version 7.2.3Network Optimizer v1.10.4UniFi Network version Network 10.1.85UniFi devices in use UDM PRODescription of the issue: I can't seem to use network optimizer speedtest with https, I want to have speed tests but with the ability to use a signal map but can't without the use of HTTPS.Relevant logs: NONENetwork setup Single WAN/5 VLANS
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.