[Support] Linuxserver.io - Unifi-Controller


Recommended Posts

I have two unRAID servers.  I have been running the Unifi controller in a docker for many years on the old server.  I want to move it over to the new server and I am looking for advice.  Right now I am running 6.5.55 and haven't upgraded in a while.

 

What version controller should I use?  It seems like 7.2.95 is a version that works well and doesn't have known issues.  Should I upgrade my old controller docker to this version first?  I think that seems like a good idea.

 

When I create the docker on the new version should I give the docker the br0 network type so that it is on its own IP address?  I often prefer this rather than potentially running into port conflict issues.  But is there any reason not to this with the Unifi controller?

 

In terms of actually migrating the controller, this web page seems to have pretty good info and it recommends that you do the export site and import site method rather than a backup and restore.  Can anyone comment on that?

Link to comment

I’ve been trying to find a way to install my own ssl certificate in this docker to stop the constant browser warnings re certificate not valid. I see that a few people have asked about this in this thread but no answers. Anybody have any ideas? As an alternative I can download the current certificate to my desktop but no idea how to do that either?

Link to comment
19 hours ago, wgstarks said:

I’ve been trying to find a way to install my own ssl certificate in this docker to stop the constant browser warnings re certificate not valid.

 

Depends on your situation. To start with you need your own domain, pointing to your unifi controller IP. This guide will walk you through creating a new cert specifically for your unifi domain/sub-domain: https://community.ui.com/questions/UniFi-Controller-SSL-Certificate-installation/2e0bb632-bd9a-406f-b675-651e068de973

I think you need to register for the unifi forum to access it.

It also has info on how the default keystore works. For this docker the files are in /config/data (which is also mapped to your appdata share). You need to create a new keystore using the "unifi" alias and the default password "aircontrolenterprise".

All commands can be run from the docker console.

 

If you already have an existing wildcard cert for your domain you should be able to import it. You'll need to turn it into a pkcs12 then convert that to a keystore that unifi will accept. Something like this if you have a private key and signed cert: https://stackoverflow.com/a/8224863

 

Caveat: I never got it to work for me. My controller is only avialbe on my LAN, I don't have an existing wildcard cert for my domain and I didn't want to pay for one, and using the free certs form LetsEncrypt required a public IP + refresh every 90 days which seems complicated for this use case. So I put it in the too hard basket.

Link to comment
1 minute ago, Jorgen said:

 

Depends on your situation. To start with you need your own domain, pointing to your unifi controller IP. This guide will walk you through creating a new cert specifically for your unifi domain/sub-domain: https://community.ui.com/questions/UniFi-Controller-SSL-Certificate-installation/2e0bb632-bd9a-406f-b675-651e068de973

I think you need to register for the unifi forum to access it.

It also has info on how the default keystore works. For this docker the files are in /config/data (which is also mapped to your appdata share). You need to create a new keystore using the "unifi" alias and the default password "aircontrolenterprise".

All commands can be run from the docker console.

 

If you already have an existing wildcard cert for your domain you should be able to import it. You'll need to turn it into a pkcs12 then convert that to a keystore that unifi will accept. Something like this if you have a private key and signed cert: https://stackoverflow.com/a/8224863

 

Caveat: I never got it to work for me. My controller is only avialbe on my LAN, I don't have an existing wildcard cert for my domain and I didn't want to pay for one, and using the free certs form LetsEncrypt required a public IP + refresh every 90 days which seems complicated for this use case. So I put it in the too hard basket.

Thanks. I have a domain so setting up a subdomain won’t be an issue. I can use pfsense to issue a self signed certificate for the subdomain. I’m guessing that will work for  Unifi. I just need a certificate I can copy to my desktop so that I can mark it as trusted (thank you Apple for protecting me 😏).

Link to comment

Ah ok. The controller already ships with a self-signed cert, you should be able to extract it from /config/data/keystore or even download it from the controller web page using the browser “inspect cert” functions. I assume Safari have those somewhere.

Unless you need it for your own domain name, then you’ll need to create it with pfsense and import it into the keystore as per above


Sent from my iPhone using Tapatalk

Link to comment
1 hour ago, Jorgen said:

or even download it from the controller web page using the browser “inspect cert” functions. I assume Safari have those somewhere

If I just paste the certificate details into a text file with a crt file type won’t that work?

 

Off topic a little, does the docker renew the certificate when it expires? I see that mine expires in a few months.

Link to comment
  • 1 month later...

I applied the update successfully. The steps I took were as follows:

1) restarted docker to clear any potential issues and memory etc. 
2) logged into unifi app on my phone to check it still saw all my devices prior to upgrading. 
3) changed tag from lscr.io/linuxserver/unifi-controller:version-7.2.95 to new tag lscr.io/linuxserver/unifi-controller:version-7.3.83

4) waited for update to apply. On docker start I logged back into the unifi app. Noted all devices had to readopt (normal experience). 
5) after about 5 minutes all my devices had readopted. Everything appears to work as expected. 
 

 

If anyone else would like to try a similar procedure and provide feedback for others that would be helpful for everyone thinking of upgrading. 
 

P

Edited by PeteAsking
  • Like 1
Link to comment

I also just completed the migration to 7.3.83.

 

A "database migration in progress" message appear briefly when I started the GUI and the re-adoption of all devices (8 in my network; USG, 2 switches, 5 APs) took less than two minutes.  All appears to be working well.

 

Oops, spoke too soon.  The controller is reporting my IW AP is connected to a POE port incapable of providing sufficient power and that two devices have the same IP address. Neither were an issue before the controller update.  Off to troubleshoot.

Edited by Hoopster
Link to comment

Anyone upgrading to controller version 7.3.83 be warned.  If you have a UAP-AC-IW access point (and probably other AP models with PoE passthrough) powered by PoE from a US-8-60W switch, it will go into a restart cycle and the log will be spammed with errors saying it is being powered by a PoE port incapable of providing sufficient power.

 

Ubiquiti is now claiming the UAP-AC-IW (and probably others with PoE passthrough) requires PoE+ which the US-8-60W does not supply.  Even though I and others have powered this in-wall AP for years from a US-8-60W and their own documentation says the UAP-AC-IW is compatible with the US-8-60W they will not admit it is a software problem and want you to buy a higher cost switch providing PoE+.

 

I had to go through the process of downgrading to 7.2.95 which is not straightforward because of database changes.  Fortunately, a fellow Unraid user has posted the process in the Ubiquiti forums because he had the same issue with a prior 7.3.xx version of the controller.

 

After rolling back to 7.2.95, my UAP-AC-IW is happy again.

 

Here is the process to roll back to 7.2.95 from 7.3.xx for those of us running the controller in a docker container:

 

Working solution:

What eventually worked (and I'm aware this is not the same situation as some as I'm using a UniFi Controller docker container running on a home server and not a cloud key).

 

I backed up (and downloaded an offline version, specifically one that was <= the version I was targeting) my settings from UniFi Controller, I then also made a backup of my appdata (docker images within Unraid). Shutdown the UniFi container, changed the branching tag from :latest (or 7.3.83) to :7.2.95. Through console renamed the docker appdata from unifi-controller to unifi-controller-backup (again, just in case) and then started up the container again.

 

When starting up the UniFi controller I had the option to setup my network as fresh or restore from a backup file. I uploaded the file I downloaded earlier. And boom, everything fixed, no errors, no rebooting.

 

Edited by Hoopster
  • Thanks 1
Link to comment
16 hours ago, Hoopster said:

Anyone upgrading to controller version 7.3.83 be warned.  If you have a UAP-AC-IW access point (and probably other AP models with PoE passthrough) powered by PoE from a US-8-60W switch, it will go into a restart cycle and the log will be spammed with errors saying it is being powered by a PoE port incapable of providing sufficient power.

 

Ubiquiti is now claiming the UAP-AC-IW (and probably others with PoE passthrough) requires PoE+ which the US-8-60W does not supply.  Even though I and others have powered this in-wall AP for years from a US-8-60W and their own documentation says the UAP-AC-IW is compatible with the US-8-60W they will not admit it is a software problem and want you to buy a higher cost switch providing PoE+.

 

I had to go through the process of downgrading to 7.2.95 which is not straightforward because of database changes.  Fortunately, a fellow Unraid user has posted the process in the Ubiquiti forums because he had the same issue with a prior 7.3.xx version of the controller.

 

After rolling back to 7.2.95, my UAP-AC-IW is happy again.

 

Here is the process to roll back to 7.2.95 from 7.3.xx for those of us running the controller in a docker container:

 

Working solution:

What eventually worked (and I'm aware this is not the same situation as some as I'm using a UniFi Controller docker container running on a home server and not a cloud key).

 

I backed up (and downloaded an offline version, specifically one that was <= the version I was targeting) my settings from UniFi Controller, I then also made a backup of my appdata (docker images within Unraid). Shutdown the UniFi container, changed the branching tag from :latest (or 7.3.83) to :7.2.95. Through console renamed the docker appdata from unifi-controller to unifi-controller-backup (again, just in case) and then started up the container again.

 

When starting up the UniFi controller I had the option to setup my network as fresh or restore from a backup file. I uploaded the file I downloaded earlier. And boom, everything fixed, no errors, no rebooting.

 

This is unbelievable and shocking they would do this. No matter how much testing we do and how careful we are unifi always find a way to cause some sort of issue. 
 

So what do you do now? Never upgrade again?

Link to comment
2 hours ago, PeteAsking said:

Also can you link the forum post where people are complaining?

https://community.ui.com/questions/Access-point-is-connected-to-a-PoE-port-incapable-of-providing-enough-power/fbc95e92-38ca-4021-b593-7c0b54e28837?page=1

 

It's quite the interesting read.  The official responses from Ubiquiti all read like "you have been powering your UAC-AC-IW with a switch that does not provide enough power and you are complaining that we are now telling you about it?  Go buy some more hardware to fix the problem we caused!"

 

Only if you use the PoE passthrough is it a problem and most (including me) are not using it and have been fine for years yet the 7.3.xx controller releases are effectively making the access point useless because it keeps forcing a restart.

 

2 hours ago, PeteAsking said:

So what do you do now? Never upgrade again?

Hopefully, that is the short-term fix until they at least give us the option of ignoring the warning and preventing the AP restart loop as many have suggested.

 

The only other option is to buy a PoE+ capable switch or, in my case, rewire that AP to my Ubiquiti 16-port 150W PoE switch which does support PoE+ but is a lot farther away than the 8-port switch.

 

I guess using a PoE injector is another option.

Edited by Hoopster
Link to comment
4 minutes ago, Hoopster said:

https://community.ui.com/questions/Access-point-is-connected-to-a-PoE-port-incapable-of-providing-enough-power/fbc95e92-38ca-4021-b593-7c0b54e28837?page=1

 

It's quite the interesting read.  The official responses from Ubiquiti all read like "you have been powering your UAC-AC-IW with a switch that does not provide enough power and you are complaining that we are now telling you about it?"

 

Only if you use the PoE passthrough is it a problem and most (including me) are not using it and have been fine for years yet the 7.3.xx controller releases are effectively making the access point useless because it keep forcing a restart.

 

Hopefully, that is the short-term fix until they at least give us the option of ignoring the warning and not restarting the AP as many have suggested.

Wow that is incredible to read, are they actually going to fix it? Reads more like "why did you do this thing? You are not allowed to do thing. Stop doing thing and buy new hardware for thing."

Link to comment

Also I think we have to ensure people stay on 7.2.95 and dont upgrade further until we know for sure what the final answer is. Either that is a final version for some people and they need to know it or there will be a fix and everyone can hold off until the fix comes out.

 

As long as Jonathanm does not change the recommended post in this thread we should be fine hopefully.

Edited by PeteAsking
Link to comment
1 hour ago, PeteAsking said:

are they actually going to fix it?

Who knows?  Ubiquiti rarely commits publicly to fixing anything or implementing x and x features until they are already at least in a beta form. 

 

As soon as he got the OP to buy more hardware and indicate that "fixed" the problem, which was not a problem until they made it one, Ubiquiti went silent on the matter while others continued to join the discussion and complain about the problem.

Link to comment
Who knows?  Ubiquiti rarely commits publicly to fixing anything or implementing x and x features until they are already at least in a beta form. 
 
As soon as he got the OP to buy more hardware and indicate that "fixed" the problem, which was not a problem until they made it one, Ubiquiti went silent on the matter while others continued to join the discussion and complain about the problem.

Strange because someone even posted a graphic showing that the AP was compatible with that switch to be powered.


Sent from my iPhone using Tapatalk Pro
Link to comment
1 hour ago, PeteAsking said:

Strange because someone even posted a graphic showing that the AP was compatible with that switch to be powered.

I think Ubiquiti is going to stick to their guns on this one because they say users were complaining about the PoE pass-through not working and killing the AP because it was under-powered with PoE and required PoE+. 

 

So now, they have swung the pendulum all the way in the other direction and everyone not using PoE+ to power the UAP-AC-IW and U6-IW gets spammed with errors and a get a constantly restarting AP.  They appear to be happy with this "fix."  It could sell a bit more hardware.

 

No acknowledgment by Ubiquiti that their own documentation led customers down this path even though several pointed this out.

Link to comment
23 hours ago, PeteAsking said:

Also I think we have to ensure people stay on 7.2.95 and dont upgrade further until we know for sure what the final answer is. Either that is a final version for some people and they need to know it or there will be a fix and everyone can hold off until the fix comes out.

 

As long as Jonathanm does not change the recommended post in this thread we should be fine hopefully.

I don't recommend posts unless "I" can recommend the post. If you know what I mean.

 

If it looks like I'm missing something, DM or ping me so I am aware.

 

If you want to make a clearly worded warning post stating the situation after the dust settles, ping me and I'll recommend it instead of the current one.

 

Do you all think enough time has passed to remove the 5.14 recommended post? I moved to 7.2.95 some time ago.

 

The "don't run latest" recommend will probably stay there forever.

Link to comment
43 minutes ago, JonathanM said:

I don't recommend posts unless "I" can recommend the post. If you know what I mean.

 

If it looks like I'm missing something, DM or ping me so I am aware.

 

If you want to make a clearly worded warning post stating the situation after the dust settles, ping me and I'll recommend it instead of the current one.

 

Do you all think enough time has passed to remove the 5.14 recommended post? I moved to 7.2.95 some time ago.

 

The "don't run latest" recommend will probably stay there forever.

I think we have various situations here and need to ensure we dont forget what has happened.

 

Please double check what I am saying but I believe:

 

5.14.23-ls76 = This is the best version if you have old devices that Unifi have decided to no longer support in newer versions of the controller. EG: UAP-LR

 

7.2.95 = This is the best version if you have devices Unifi have decided no longer need to receive power anymore but dont have older unsupported devices.

 

7.3.83 = latest version that seems totally stable and fine, but has dropped support for old models and no longer allows certain devices to be powered in certain configurations (seems this wont likely change going forward).

 

So problem is becoming that the 'best' version is situational depending on devices and setup at site. Since we cant know what configuration and hardware people have, they need to start checking prior to updating what tag is applicable for their hardware.

Edited by PeteAsking
Link to comment

Oops.....  I have two devices I never knew were out of date.  I set them up years ago and never changed my config.

They are a AP-Lite and AP-LR.  Version 2 devices I believe.

Based on this, They should never have gone higher than 6.0.45 - but I have blindly been updating my controller with each new container update.  It shows I am currently on Network 7.3.76.

My container says linuxserver/unifi-controller:7.3.76-ls171.

 

Nothing has stopped working.

 

What's my 'supported' plan ?  Can I backup now on this 7.3.76 release, then install the 6.0.45, then restore to that ?  Or is there two many database changes ?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.