Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - Unifi-Controller

Featured Replies

I have two unRAID servers.  I have been running the Unifi controller in a docker for many years on the old server.  I want to move it over to the new server and I am looking for advice.  Right now I am running 6.5.55 and haven't upgraded in a while.

 

What version controller should I use?  It seems like 7.2.95 is a version that works well and doesn't have known issues.  Should I upgrade my old controller docker to this version first?  I think that seems like a good idea.

 

When I create the docker on the new version should I give the docker the br0 network type so that it is on its own IP address?  I often prefer this rather than potentially running into port conflict issues.  But is there any reason not to this with the Unifi controller?

 

In terms of actually migrating the controller, this web page seems to have pretty good info and it recommends that you do the export site and import site method rather than a backup and restore.  Can anyone comment on that?

  • Replies 1.5k
  • Views 402.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • This is a summary of the steps I took to migrate to LSIO's unifi-network-application docker now available in CA. The only guarantee here is that this worked for me so USE IT AT YOUR OWN RISK. If you d

  • This is a must: Please make a copy of you backup and firmware folder in the old docker container. Please go to the gear system > setting > backup and download current backup of your system.

  • PeteAsking
    PeteAsking

    UniFi Network Application 7.3.83 has received multiple patches over the last 3 months and should be considered the "best" latest version for anyone who does not require a legacy version such as 5.14.2

Posted Images

I’ve been trying to find a way to install my own ssl certificate in this docker to stop the constant browser warnings re certificate not valid. I see that a few people have asked about this in this thread but no answers. Anybody have any ideas? As an alternative I can download the current certificate to my desktop but no idea how to do that either?

19 hours ago, wgstarks said:

I’ve been trying to find a way to install my own ssl certificate in this docker to stop the constant browser warnings re certificate not valid.

 

Depends on your situation. To start with you need your own domain, pointing to your unifi controller IP. This guide will walk you through creating a new cert specifically for your unifi domain/sub-domain: https://community.ui.com/questions/UniFi-Controller-SSL-Certificate-installation/2e0bb632-bd9a-406f-b675-651e068de973

I think you need to register for the unifi forum to access it.

It also has info on how the default keystore works. For this docker the files are in /config/data (which is also mapped to your appdata share). You need to create a new keystore using the "unifi" alias and the default password "aircontrolenterprise".

All commands can be run from the docker console.

 

If you already have an existing wildcard cert for your domain you should be able to import it. You'll need to turn it into a pkcs12 then convert that to a keystore that unifi will accept. Something like this if you have a private key and signed cert: https://stackoverflow.com/a/8224863

 

Caveat: I never got it to work for me. My controller is only avialbe on my LAN, I don't have an existing wildcard cert for my domain and I didn't want to pay for one, and using the free certs form LetsEncrypt required a public IP + refresh every 90 days which seems complicated for this use case. So I put it in the too hard basket.

1 minute ago, Jorgen said:

 

Depends on your situation. To start with you need your own domain, pointing to your unifi controller IP. This guide will walk you through creating a new cert specifically for your unifi domain/sub-domain: https://community.ui.com/questions/UniFi-Controller-SSL-Certificate-installation/2e0bb632-bd9a-406f-b675-651e068de973

I think you need to register for the unifi forum to access it.

It also has info on how the default keystore works. For this docker the files are in /config/data (which is also mapped to your appdata share). You need to create a new keystore using the "unifi" alias and the default password "aircontrolenterprise".

All commands can be run from the docker console.

 

If you already have an existing wildcard cert for your domain you should be able to import it. You'll need to turn it into a pkcs12 then convert that to a keystore that unifi will accept. Something like this if you have a private key and signed cert: https://stackoverflow.com/a/8224863

 

Caveat: I never got it to work for me. My controller is only avialbe on my LAN, I don't have an existing wildcard cert for my domain and I didn't want to pay for one, and using the free certs form LetsEncrypt required a public IP + refresh every 90 days which seems complicated for this use case. So I put it in the too hard basket.

Thanks. I have a domain so setting up a subdomain won’t be an issue. I can use pfsense to issue a self signed certificate for the subdomain. I’m guessing that will work for  Unifi. I just need a certificate I can copy to my desktop so that I can mark it as trusted (thank you Apple for protecting me 😏).

Ah ok. The controller already ships with a self-signed cert, you should be able to extract it from /config/data/keystore or even download it from the controller web page using the browser “inspect cert” functions. I assume Safari have those somewhere.

Unless you need it for your own domain name, then you’ll need to create it with pfsense and import it into the keystore as per above


Sent from my iPhone using Tapatalk

1 hour ago, Jorgen said:

or even download it from the controller web page using the browser “inspect cert” functions. I assume Safari have those somewhere

If I just paste the certificate details into a text file with a crt file type won’t that work?

 

Off topic a little, does the docker renew the certificate when it expires? I see that mine expires in a few months.

Yeah that should work.
Looks like other ubiquity products auto-renews the selfsigned cert on Boot if it’s within a certain amount of days from expiry. Not sure if unifi does the same?


Sent from my iPhone using Tapatalk

  • 1 month later...

I have a schedule to upgrade to 7.3.83 tomorrow as it seems alright from what I have read. If you are patient you can wait to see how my upgrade goes before applying 7.3.83 yourselves.

 

P

I applied the update successfully. The steps I took were as follows:

1) restarted docker to clear any potential issues and memory etc. 
2) logged into unifi app on my phone to check it still saw all my devices prior to upgrading. 
3) changed tag from lscr.io/linuxserver/unifi-controller:version-7.2.95 to new tag lscr.io/linuxserver/unifi-controller:version-7.3.83

4) waited for update to apply. On docker start I logged back into the unifi app. Noted all devices had to readopt (normal experience). 
5) after about 5 minutes all my devices had readopted. Everything appears to work as expected. 
 

 

If anyone else would like to try a similar procedure and provide feedback for others that would be helpful for everyone thinking of upgrading. 
 

P

Edited by PeteAsking

47 minutes ago, PeteAsking said:

after about 5 minutes all my devices had readopted

Any problems with the re-adoption?

1 hour ago, wgstarks said:

Any problems with the re-adoption?

No but you have to be patient. I only have 5 devices in my home network. 1 switch and 4 APs. 

I also just completed the migration to 7.3.83.

 

A "database migration in progress" message appear briefly when I started the GUI and the re-adoption of all devices (8 in my network; USG, 2 switches, 5 APs) took less than two minutes.  All appears to be working well.

 

Oops, spoke too soon.  The controller is reporting my IW AP is connected to a POE port incapable of providing sufficient power and that two devices have the same IP address. Neither were an issue before the controller update.  Off to troubleshoot.

Edited by Hoopster

Anyone upgrading to controller version 7.3.83 be warned.  If you have a UAP-AC-IW access point (and probably other AP models with PoE passthrough) powered by PoE from a US-8-60W switch, it will go into a restart cycle and the log will be spammed with errors saying it is being powered by a PoE port incapable of providing sufficient power.

 

Ubiquiti is now claiming the UAP-AC-IW (and probably others with PoE passthrough) requires PoE+ which the US-8-60W does not supply.  Even though I and others have powered this in-wall AP for years from a US-8-60W and their own documentation says the UAP-AC-IW is compatible with the US-8-60W they will not admit it is a software problem and want you to buy a higher cost switch providing PoE+.

 

I had to go through the process of downgrading to 7.2.95 which is not straightforward because of database changes.  Fortunately, a fellow Unraid user has posted the process in the Ubiquiti forums because he had the same issue with a prior 7.3.xx version of the controller.

 

After rolling back to 7.2.95, my UAP-AC-IW is happy again.

 

Here is the process to roll back to 7.2.95 from 7.3.xx for those of us running the controller in a docker container:

 

Working solution:

What eventually worked (and I'm aware this is not the same situation as some as I'm using a UniFi Controller docker container running on a home server and not a cloud key).

 

I backed up (and downloaded an offline version, specifically one that was <= the version I was targeting) my settings from UniFi Controller, I then also made a backup of my appdata (docker images within Unraid). Shutdown the UniFi container, changed the branching tag from :latest (or 7.3.83) to :7.2.95. Through console renamed the docker appdata from unifi-controller to unifi-controller-backup (again, just in case) and then started up the container again.

 

When starting up the UniFi controller I had the option to setup my network as fresh or restore from a backup file. I uploaded the file I downloaded earlier. And boom, everything fixed, no errors, no rebooting.

 

Edited by Hoopster

Just upgraded from 7.2.95 to 7.3.83.

 

Everything went smooth and seems to be looking good.

 

I do have an UAP-AC-IW, but its being powered off a USW-Lite-16-PoE, so no problems.

16 hours ago, Hoopster said:

Anyone upgrading to controller version 7.3.83 be warned.  If you have a UAP-AC-IW access point (and probably other AP models with PoE passthrough) powered by PoE from a US-8-60W switch, it will go into a restart cycle and the log will be spammed with errors saying it is being powered by a PoE port incapable of providing sufficient power.

 

Ubiquiti is now claiming the UAP-AC-IW (and probably others with PoE passthrough) requires PoE+ which the US-8-60W does not supply.  Even though I and others have powered this in-wall AP for years from a US-8-60W and their own documentation says the UAP-AC-IW is compatible with the US-8-60W they will not admit it is a software problem and want you to buy a higher cost switch providing PoE+.

 

I had to go through the process of downgrading to 7.2.95 which is not straightforward because of database changes.  Fortunately, a fellow Unraid user has posted the process in the Ubiquiti forums because he had the same issue with a prior 7.3.xx version of the controller.

 

After rolling back to 7.2.95, my UAP-AC-IW is happy again.

 

Here is the process to roll back to 7.2.95 from 7.3.xx for those of us running the controller in a docker container:

 

Working solution:

What eventually worked (and I'm aware this is not the same situation as some as I'm using a UniFi Controller docker container running on a home server and not a cloud key).

 

I backed up (and downloaded an offline version, specifically one that was <= the version I was targeting) my settings from UniFi Controller, I then also made a backup of my appdata (docker images within Unraid). Shutdown the UniFi container, changed the branching tag from :latest (or 7.3.83) to :7.2.95. Through console renamed the docker appdata from unifi-controller to unifi-controller-backup (again, just in case) and then started up the container again.

 

When starting up the UniFi controller I had the option to setup my network as fresh or restore from a backup file. I uploaded the file I downloaded earlier. And boom, everything fixed, no errors, no rebooting.

 

This is unbelievable and shocking they would do this. No matter how much testing we do and how careful we are unifi always find a way to cause some sort of issue. 
 

So what do you do now? Never upgrade again?

Also can you link the forum post where people are complaining?

2 hours ago, PeteAsking said:

Also can you link the forum post where people are complaining?

https://community.ui.com/questions/Access-point-is-connected-to-a-PoE-port-incapable-of-providing-enough-power/fbc95e92-38ca-4021-b593-7c0b54e28837?page=1

 

It's quite the interesting read.  The official responses from Ubiquiti all read like "you have been powering your UAC-AC-IW with a switch that does not provide enough power and you are complaining that we are now telling you about it?  Go buy some more hardware to fix the problem we caused!"

 

Only if you use the PoE passthrough is it a problem and most (including me) are not using it and have been fine for years yet the 7.3.xx controller releases are effectively making the access point useless because it keeps forcing a restart.

 

2 hours ago, PeteAsking said:

So what do you do now? Never upgrade again?

Hopefully, that is the short-term fix until they at least give us the option of ignoring the warning and preventing the AP restart loop as many have suggested.

 

The only other option is to buy a PoE+ capable switch or, in my case, rewire that AP to my Ubiquiti 16-port 150W PoE switch which does support PoE+ but is a lot farther away than the 8-port switch.

 

I guess using a PoE injector is another option.

Edited by Hoopster

4 minutes ago, Hoopster said:

https://community.ui.com/questions/Access-point-is-connected-to-a-PoE-port-incapable-of-providing-enough-power/fbc95e92-38ca-4021-b593-7c0b54e28837?page=1

 

It's quite the interesting read.  The official responses from Ubiquiti all read like "you have been powering your UAC-AC-IW with a switch that does not provide enough power and you are complaining that we are now telling you about it?"

 

Only if you use the PoE passthrough is it a problem and most (including me) are not using it and have been fine for years yet the 7.3.xx controller releases are effectively making the access point useless because it keep forcing a restart.

 

Hopefully, that is the short-term fix until they at least give us the option of ignoring the warning and not restarting the AP as many have suggested.

Wow that is incredible to read, are they actually going to fix it? Reads more like "why did you do this thing? You are not allowed to do thing. Stop doing thing and buy new hardware for thing."

Also I think we have to ensure people stay on 7.2.95 and dont upgrade further until we know for sure what the final answer is. Either that is a final version for some people and they need to know it or there will be a fix and everyone can hold off until the fix comes out.

 

As long as Jonathanm does not change the recommended post in this thread we should be fine hopefully.

Edited by PeteAsking

1 hour ago, PeteAsking said:

are they actually going to fix it?

Who knows?  Ubiquiti rarely commits publicly to fixing anything or implementing x and x features until they are already at least in a beta form. 

 

As soon as he got the OP to buy more hardware and indicate that "fixed" the problem, which was not a problem until they made it one, Ubiquiti went silent on the matter while others continued to join the discussion and complain about the problem.

Who knows?  Ubiquiti rarely commits publicly to fixing anything or implementing x and x features until they are already at least in a beta form. 
 
As soon as he got the OP to buy more hardware and indicate that "fixed" the problem, which was not a problem until they made it one, Ubiquiti went silent on the matter while others continued to join the discussion and complain about the problem.

Strange because someone even posted a graphic showing that the AP was compatible with that switch to be powered.


Sent from my iPhone using Tapatalk Pro
1 hour ago, PeteAsking said:

Strange because someone even posted a graphic showing that the AP was compatible with that switch to be powered.

I think Ubiquiti is going to stick to their guns on this one because they say users were complaining about the PoE pass-through not working and killing the AP because it was under-powered with PoE and required PoE+. 

 

So now, they have swung the pendulum all the way in the other direction and everyone not using PoE+ to power the UAP-AC-IW and U6-IW gets spammed with errors and a get a constantly restarting AP.  They appear to be happy with this "fix."  It could sell a bit more hardware.

 

No acknowledgment by Ubiquiti that their own documentation led customers down this path even though several pointed this out.

23 hours ago, PeteAsking said:

Also I think we have to ensure people stay on 7.2.95 and dont upgrade further until we know for sure what the final answer is. Either that is a final version for some people and they need to know it or there will be a fix and everyone can hold off until the fix comes out.

 

As long as Jonathanm does not change the recommended post in this thread we should be fine hopefully.

I don't recommend posts unless "I" can recommend the post. If you know what I mean.

 

If it looks like I'm missing something, DM or ping me so I am aware.

 

If you want to make a clearly worded warning post stating the situation after the dust settles, ping me and I'll recommend it instead of the current one.

 

Do you all think enough time has passed to remove the 5.14 recommended post? I moved to 7.2.95 some time ago.

 

The "don't run latest" recommend will probably stay there forever.

43 minutes ago, JonathanM said:

I don't recommend posts unless "I" can recommend the post. If you know what I mean.

 

If it looks like I'm missing something, DM or ping me so I am aware.

 

If you want to make a clearly worded warning post stating the situation after the dust settles, ping me and I'll recommend it instead of the current one.

 

Do you all think enough time has passed to remove the 5.14 recommended post? I moved to 7.2.95 some time ago.

 

The "don't run latest" recommend will probably stay there forever.

I think we have various situations here and need to ensure we dont forget what has happened.

 

Please double check what I am saying but I believe:

 

5.14.23-ls76 = This is the best version if you have old devices that Unifi have decided to no longer support in newer versions of the controller. EG: UAP-LR

 

7.2.95 = This is the best version if you have devices Unifi have decided no longer need to receive power anymore but dont have older unsupported devices.

 

7.3.83 = latest version that seems totally stable and fine, but has dropped support for old models and no longer allows certain devices to be powered in certain configurations (seems this wont likely change going forward).

 

So problem is becoming that the 'best' version is situational depending on devices and setup at site. Since we cant know what configuration and hardware people have, they need to start checking prior to updating what tag is applicable for their hardware.

Edited by PeteAsking

Oops.....  I have two devices I never knew were out of date.  I set them up years ago and never changed my config.

They are a AP-Lite and AP-LR.  Version 2 devices I believe.

Based on this, They should never have gone higher than 6.0.45 - but I have blindly been updating my controller with each new container update.  It shows I am currently on Network 7.3.76.

My container says linuxserver/unifi-controller:7.3.76-ls171.

 

Nothing has stopped working.

 

What's my 'supported' plan ?  Can I backup now on this 7.3.76 release, then install the 6.0.45, then restore to that ?  Or is there two many database changes ?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.