ubiquiti:controller:install_controller_on_ubuntu_20.04
Table of Contents
Ubiquiti - Controller - Install Controller on Ubuntu 20.04
Bash Install Script
# Scripted install of Unifi Server App on Ubuntu - recommended! apt-get update; apt-get install ca-certificates wget -y rm unifi-latest.sh &> /dev/null; wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh # Enable automatic startup of Unifi controller service sudo systemctl enable unifi # For reference: how to disable auto-start # sudo systemctl disable unifi # Check if it's now auto-started upon reboots systemctl is-enabled unifi systemctl is-active unifi # Manual install of Unifi Server App on Ubuntu - not 100% reliable sudo apt-get update && sudo apt-get install ca-certificates apt-transport-https echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg sudo apt-get update sudo apt-get update && sudo apt-get install unifi -y sudo service unifi start # Change default port 8443 to 443 sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443 # sudo iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 # How to remove a firewall NAT rule # Deal with port 80 #sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 # sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 # In case of reversal ### Save configs with persistency upon reboots ### # Install iptables persistence sudo apt-get install iptables-persistent -y # How to manually call iptables-persistent app # sudo dpkg-reconfigure iptables-persistent # Set iptables and persistence to autostart sudo systemctl enable iptables sudo systemctl enable netfilter-persistent # Check firewall rules iptables -L -n # If not using ufw to add set firewall rules, iptables can be edited directly with these commands # It's advisable to use ufw as that is easier to admin # Note that -I appends rule at the start of chain, whereas -A attaches it at the end sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT # Prevent issue with devices showing "Disconnected" after controller reboots sudo iptables -I INPUT -p tcp --dport 8880 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 8443 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -I INPUT -p udp --dport 3478 -j ACCEPT sudo iptables -I INPUT -p udp --dport 10001 -j ACCEPT sudo iptables -I INPUT -p udp --dport 6666 -j ACCEPT sudo iptables -I INPUT -p udp --dport 47763 -j ACCEPT # How to remove a rule # sudo iptables -D INPUT -p tcp|udp --dport xxxx -j ACCEPT # Save existing rules # Dont do this: sudo /sbin/iptables-save > /etc/iptables/rules.v4 # ERROR: -bash: /etc/iptables/rules.v4: Permission denied sudo sh -c "iptables-save > /etc/iptables/rules.v4" sudo sh -c "ip6tables-save > /etc/iptables/rules.v6"
Check status
systemctl status netfilter-persistent
returns:
● netfilter-persistent.service - netfilter persistent configuration Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/netfilter-persistent.service.d └─iptables.conf Active: failed (Result: exit-code) since Tue 2020-11-24 15:48:27 PST; 14min ago Docs: man:netfilter-persistent(8) Process: 494 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE) Main PID: 494 (code=exited, status=1/FAILURE) Nov 24 15:48:28 Unifi-Controller netfilter-persistent[502]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-> Nov 24 15:48:28 Unifi-Controller netfilter-persistent[504]: Another app is currently holding the xtables lock. Perhaps you wan> Nov 24 15:48:28 Unifi-Controller netfilter-persistent[502]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables > Nov 24 15:48:28 Unifi-Controller netfilter-persistent[502]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-> Nov 24 15:48:28 Unifi-Controller netfilter-persistent[507]: Another app is currently holding the xtables lock. Perhaps you wan> Nov 24 15:48:28 Unifi-Controller netfilter-persistent[502]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables >
Fix startup conflicts between iptables & netfilter-persistent
sudo systemctl edit netfilter-persistent.service vim /etc/systemd/system/netfilter-persistent.service.d/iptables.conf
- /etc/systemd/system/netfilter-persistent.service.d/iptables.conf
### Verify this content ### [Unit] Conflicts=iptables.service ip6tables.service ### Modify content and save file ### [Unit] After=iptables.service ip6tables.service ufw.service
Check Firewall Rules
sudo iptables -L sudo ip6tables -L
Optionally, disable ufw as it may conflict with iptables-persistent / netfilter-persistent
sudo ufw disable
Verify
Try to access the Unifi controller at both of these URLs:
Backups
NOTE: Backup files are normally found at:
- /usr/lib/unifi/data/backup/autobackup/
- /usr/lib/unifi/data/backup/
References
ubiquiti/controller/install_controller_on_ubuntu_20.04.txt · Last modified: 2022/10/11 12:00 by peter