Unifi - config.gateway.json - SOLVED


Recommended Posts

Hi All

 

Just wanted to create this step by step if somebody else wants to fix the UNIFI USG static host record in DNS forwarder once and for all....

When following this great video created by Space invader one

 

 

Enabling Let's Encrypt under "Identification" will give you an error if you using UNIFI and you would need to create a config.gateway.json for your controller.

(Update: They still haven't created this functionality in their UI, even if its been requested since 2017 !!!)

 

1) you need a validated config.gateway.json file that you can place on your controller (Cloud key in my example)

config.gateway.json

 

2) Use WinSCP to copy the file to the folder: /srv/unifi/data/sites/[SITE CODE}/ (You can see your sitecode in your http string)

image.thumb.png.0d92ce1b90b7ecd4c9c09dadc64ce3ca.png

5) Reprovision your USG under: Controller Devices > USG > Config > Manage Device > Force provision.

image.png.80120ba951b18e43cba1ef98ee4eccab.png

Now when doing future updates to your UNIFI controller the config.gateway.json will keep the USG static host record in DNS forwarded

Edited by casperse
Link to comment
  • 7 months later...
  • 1 month later...
On 9/30/2019 at 10:24 AM, casperse said:

UPDATE: New Unifi update breaks this, you now have to add your DNS entries into the file also!

https://community.ui.com/releases/UniFi-Network-Controller-5-11-39/6ab8ef1a-376f-41e6-85b2-ceec098b8462

Yep, just spent two hours trying to figure out why I lost all external DNS after updating before discovering this. My new, working, config.gateway.json looks like this:

 

{
  "service": {
    "dns": {
      "forwarding": {
        "options": [
          "rebind-domain-ok=/unraid.net/",
          "all-servers",
          "cname=unifi.mydomain,unifi.local,unifi",
          "server=1.1.1.1",
          "server=1.0.0.1"
        ]
      }
    }
  }
}

 

Edited by Tinlad
Link to comment

@Tinlad Yes after 3 days with Unifi support (I totally forgot about this file) I (embarrassed) found the error

As a result of this I have removed it and is now running only with the settings done by the Unifi UI

I have AGAIN requested them to add this in their UI... as a setting (For over a year now)

 

Anyway I am looking to upgrade to the new:

image.thumb.png.bef7a9b0d2de27a281af8bc0aa3801fe.png

My hope is that I can migrate to this without to many issues....

Link to comment
  • 6 months later...
  • 2 years later...
On 6/1/2020 at 8:35 AM, pish180 said:

Is anyone able to get this to work on the UDM Pro?  I posted a community post in the Ubiquiti forums about this as well and contacted their support which deferred me to the Unifi forums.  

https://community.ui.com/questions/DNS-Rebinding-and-UDM-Pro-Unifi-Dream-Machine-Pro-Plex/6fcc3157-0352-4f1e-a582-a1810c437ab0

I'd love to hear if there has been an update for this. DNS rebinding makes the Unifi hardware virtually useless if I want to expose any services externally. Plex uses its own secure tunnel of some kind, but if I want to use anything for Plex requests like Overseerr and not want to expose my entire server to the internet via port forwarding, I need to be able to fix this rebinding problem. @casperse any thoughts on this?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.