Unifi controller linux centos

Installing Ubiquiti Unifi Controller on CentOS 6.x

Upon needing to install a Ubiquiti Unifi controller on a VM recently, I found that they only have official support for Windows and Debian variants. Although I enjoy Debian and the like just fine, I thought I’d give it a go to install the controller on CentOS 6.5.

1. Install CentOS
2. Update CentOS
3. Install MongoDB
4. Install Java JRE
5. Install UniFi
6. Create UniFi Service
7. Open Ports for UniFi through IPTables
8. Notes on SELinux
9. Wrap Up

1. Install CentOS

Funny enough, I thought I had a little article written on installing CentOS. Apparently I don’t. But dont be afraid, there are lots of articles on this simple process. Just search on the web for “Install CentOS” and find one for the version your using. Most likely you wont be led too far astray. (try this link)

2. Update CentOS

Updating CentOS is a simple command using Yum. You just want to make sure that CentOS is up to date before its gets off the ground running.

This will update all necessary files automatically from the built-in repo’s.

3. Install MongoDB

MongoDB is a great noSQL database that UniFi uses to store data.
see the MongoDB Manual for reference

1. Install the MongoDB repo.

using copy/paste, add this to the file:

Save the file out (:x enter)

2. Install the mongoDB software.

3. Start the MongoD service and enable startup through chkconfig.

4. Install Java JRE

UniFi requires Java to run. Lets install it!

1. Install JRE.
Frustrating as it is, you need to get the RPM from Oracle, but they require that you accept a EULA in a webpage in order to do that. We can bypass this with a great little workaround.

At the time of writing, Java 7u51 was the latest. Well be installing that, but you’ll want to check the Oracle Java Download Page in order to find out what your latest version is.

Otherwise, well run a wget on the RPM, accepting the cookie ( remember your version might be different! ):

2. Install the RPM.
You’ll now install the RPM ( remember that version might be different! ):

5. Install UniFi

1. First off, we want to check and find out what the latest version is. At the time of writing, we are still in the 2.x versions, and they are working out some kinks in the 3.x versions. I am sure that they’ll get that stable soon. Either way, you’ll want to check the UniFi Blog for updates, and get the latest stable.

2. Next you’ll want to download the UniFi.unix.zip file from Ubiquiti. This file location is on the blog. They unfortunately have a silly EULA as well, but at the time of writing I didn’t have the time to find the cookie, so justdownload and SFTP it over to the server.

3. Then well want to unzip the file, so get yourself to wherever you SFTPd the file to on the server CLI and:

4. Next, we will move that recently extracted directory to the /opt:

5. After that, well want to make sure that the MongoD binary has a symbolic link into the folder we just moved.
If you don’t know where your MongoD binary is, you can search ( mine was located in /usr/bin/ ):

After you’ve located the bin file, you can make the symlink in /opt/UniFi/bin/:

6. Create UniFi Service

You can use VI to create the init file and then paste the data into it. You’ll want to check the paths in the data your pasting to make sure they match up (they should, but just a warning).

Next, we want to make that service executable:

And lastly we’ll add it to run on boot with chkconfig:

7. Open Ports with IPTables

You can read what ports are required to be open on the server here. We’ll just get started opening those ports in IPTables:

We start by putting right above the ICMP line (-A INPUT -p icmp -j ACCEPT):

And we’ll do the same for 8081, 8443, 8880, 8843, 27117.

We also want the UDP port 3478 to be open (little different syntax):

You can save/exit out of VI with (:x enter) and restart the iptables service to commit the changes:

8. Notes on SELinux

Seriously, take 50 minutes and enlighten yourself.
http://stopdisablingselinux.com/

9. Wrap Up

Reboot and you’ll be done.
Attempt ( with success ) to connect to http://yourserverip:8080 and get redirected to the self signed SSL cert acceptance.

Great job installing the UniFi Controller on a more enterprise-friendly Linux distribution!

Источник

IT блог Валерия Лямцева

Linux, Windows, заметки, мини howto

Установка unifi controller Centos 8

Для начала подключим репозиторий PowerTools CentOS:
dnf install dnf-plugins-core
yum config-manager —set-enabled PowerTools
Можно включить все официальные репозитории, так как они содержат довольно полезные вещи, но это не обязательно:
yum config-manager —set-enabled PowerTools —set-enabled centosplus —set-enabled extras
Подключаем EPEL и RPMFusion:
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf -y install —nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf -y install —nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
dnf -y install —nogpgcheck https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm

Устанавливаем UNIFI
dnf -y install unifi
Кроме того, доступна долгосрочная версия поддержки, если вы хотите избежать частых обновлений. Из-за проблем с лицензированием MongoDB была удалена из Fedora и CentOS8, установите выпуск MongoDB
dnf -y install https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/RPMS/mongodb-org-server-4.2.2-1.el8.x86_64.rpm
Включаем UNIFI в автозагрузку
systemctl enable —now unifi

В Centos 8 по умолчанию порты 8443, 8080, 3478 закрыты, поэтому нужно их открыть:
firewall-cmd —permanent —add-port=8443/tcp
firewall-cmd —permanent —add-port=8080/tcp
firewall-cmd —permanent —add-port=3478/udp
firewall-cmd —reload

Источник

UniFi Controller на CentOS7

Вчера, придя на работу вдруг обнаружил , что контроллер управления Wifi сетью Unifi стартует и отключается через 15 минут работы . разбираться с проблемой было лень, причем контроллер был развернут до меня на Windows машине (давно хотел уже переделать). Раз подвернулся случай взялся за дело. Создал виртуальную машину.

Далее ставим базовый пакет (у меня голая centos)

yum install lsb -y

yum install wget -y

yum install unzip -y

yum install java -y

Заходим в папку

и качаем контроллер

mkdir -p /opt/UniFi/data

mkdir -p /var/opt/UniFi/data

ln -s /var/opt/UniFi/data /opt/UniFi/data

и распаковываем контроллер

unzip UniFi.unix.zip -d /opt/

Настраиваем репозиторий и устанавливаем сервер баз данных Postgree

Необходим стартовый конфиг

Можете установить mcedit

Yum install mc -y

Или зайти на FTP (мне так проще) по пути /etc/yum.repos.d

Создать файл mongodb-org-3.2.repo

И в него вставить

yum install -y mongodb-org

Добавляем пользователя и настраиваем его права

useradd -M unifi

usermod -L unifi

usermod -s /bin/false unifi

chown -R unifi:unifi /opt/UniFi

chown -R unifi:unifi /var/opt/UniFi

Настраиваем сервис UniFi через mcedit либо FTP.

ExecStart=/usr/bin/java -jar /opt/UniFi/lib/ace.jar start

ExecStop=/usr/bin/java -jar /opt/UniFi/lib/ace.jar stop

# Give a reasonable amount of time for the server to start up/shut down

Далее пишем (это все одна строка)

ln -s /var/opt/UniFi/unifi.service /usr/lib/systemd/system/unifi.service

Запускам сервис UniFi и добавляем в автозагрузку. Сразу поверяем статус работы

systemctl enable /var/opt/UniFi/unifi.service

systemctl start unifi.service

systemctl status unifi.service

Все осталось открыть порты

iptables -I INPUT -p tcp —dport 8080 -m state —state NEW -j ACCEPT

iptables -I INPUT -p UDP —dport 3478 -m state —state NEW -j ACCEPT

и добро пожаловать в WEB вашIP:8443/manage/wizard/

Источник

Installing The Ubiquiti UniFi Controller On My Centos Server

We’re almost at the fun part of my project, but first I’m going to take another detour to show how to install the Ubiquiti UniFi Controller software onto my main Centos file/utility server.

Update 10/14/18: Don’t do this. Bad idea. I do over why in a later post.

I’m going to explain this in a bit of detail. I remember when I started out with Linux (Solaris, actually) and it was so obscure that I found it frustrating. So I’ll try and explain each step.

How Unifi Works

While you can use the Unifi Access points and equipment by themselves, they are meant to be used in managed system, driven by central controller software. You can buy this as a little dongle, or you can install the software yourself. I am a sucker for the latter.

Where I’m Putting the Controller

I have only two servers. One is a pfSense server that is my router, firewall, and external barrier, and one all-purpose Centos server that handles all the rest. It’s just a regular bare-metal Centos 7 server that started out as a minimal install (might have been Centos 5?) and has since been upgraded and has accumulated the mess that a general purpose Linux server gets.

For those not intimately familiar with Linux, there are many different packages of the main software, called distributions. Long ago, there was just one called Red Hat Linux. Over time it split into a desktop version (Fedora) and a server version (Red Hat Enterprise Linux (RHEL)). RHEL is a paid software with support, but since it’s open-source, there is a free version, called Centos. Also, there is now a server version of Fedora called Fedora Server.

Everything in open-source is like this. It’s wonderful and vibrant, but there is no ‘elevator speech’ for explaining what you are using. With Windows, someone might say: ‘What is your server using?” and you say ‘Windows.’, or, maybe, ‘An old version of Windows that I have not upgraded.’ Every conversation about Linux starts with “Well, fifteen years ago I made a critical life choice about software, and now I am emotionally wedded to a group of strangers who put it together and disbanded leaving me alone with the consequences.”

Also, I used to have a VMWa host, but I no longer do, and I don’t feel like using docker or a new container-style solution.

Let’s Install!

This will be a dive into linux land:

login as: bgh
bgh@helix’s password:

Yes, I do this. It’s bad, but not as bad as logging in as an admin user. Seriously people, disable your root users. For laypeople, sudo is short for ‘superuser do’ which lets you elevate your rights to run a program just for that task. And it logs all you do. Bash is the ‘shell’, or the black box with typing in it. When you do ‘sudo bash’, it’s starting an admin shell. It’s convenient, but all you do is NOT logged, so it’s not appropriate for a production environment. The alternative is prefixing every command with sudo, and I’m a poor typist.

The Bash Shell – the ‘sh’ in ‘bash’ means ‘shell’

The software is available at:

Instructions are provided. There are three steps:

yum install http://dl.marmotte.net/rpms/redhat/el7/x86_64/unifi-controller-5.8.24-1.el7/unifi-controller-5.8.24-1.el7.x86_64.rpm

Yum, which I thought meant nothing, but actually means ‘Yellowdog Updater, Modified‘, and I wish I hadn’t looked that up, is a tool for getting software on some (but not all) Linux Distributions.

systemctl enable unifi.service

systemctl start unifi.service

systemctl is a new way of turning services on and off. There are several others, and if you read the internet, you will know that people really, really disagree about it.

That was surprisingly easy for Linux. Now the service is started. Let’s check:

ps -ef | grep UniFi

ps tells you what processes are running, and grep is a filter program. basically, this means: list running processes, but only find ones that have ‘UniFi’ in the name.

Let’s try again (you can run this over and over)

systemctl start unifi.service

Troubleshooting Ubiquiti Unifi Controller Startup

Now for the most useful Linux command ever:

tail will display the end of a file, and ‘/var/log/messages’ is where the system logs go (again, on some, but not all, Linux Distros). This shows:

This was my first insight into the software, and shows my problem. First, you can see it’s written in Java on line 3, and also on line 3 you can see that it cannot use port 8080 because something else is. That is news to me.

Now to find out what program is using that port:

The culprit

netstat -ap | grep LISTEN

The command I ran runs netstat, which tells you about the what ports of your network are in use (and other stuff) and with the -ap arguments, it will tell you what program is using it. The ‘grep LISTEN” filters for things that are listening, like services. And lo and behold, there is already a java service using that port.

ps -ef | grep java

This command reminds me what it is. It’s a philips hue light emulator that makes my amazon echo able to see what it thinks are Phillips Hue lights but are actually connected to http calls. It’s how Alexa controls my Insteon lights.

My funny anecdote here is that my son went to visit my brother a while ago, and when he went into their house, said “Alexa, turn on the Downstairs lights”, and nothing happened. He then asked his uncle, “How do you turn your lights on?”.

Anyhow, that java service was using port 8080, and after a bit of messing around, I found that I could just add

to the end of the java startup command, so it looks like this:

java -jar -Djava.net.preferIPv4Stack=true amazon-echo-bridge-0.1.3.jar —upnp.config.address=192.168.1.233 —server.port=8081 &

systemctl start unifi.service

and the service starts.

Firewall

Now, I can’t access it yet, since I run a firewall on this server (you should too), so I have to look up what ports to allow, which is handily available via google.

I edit the firewall definition directly, but I’m pretty sure there are better commands for it. I like to browse the file and see it all at once, though:

vi is an old editor. It’s an acquired taste. Once you add in the rules (this is one where you should look up how to do it. I won’t bore you with it) you’re ready.

systemctl restart iptables

will restart your firewall, and you are in business:

navigate to your computer at: https:// Success

There is an initial setup step to set up the controller that I glossed over, when you set up your username and password, etc, but once it’s up, it works.

What I’m listening to as I do this:

Amon Amarth’s ‘Fate Of Norns’. AA is a viking metal band from Scandanavia, and their name is from Tolkien, so it’s ticks all the boxes. I saw them live a few times and the 930 club and it was epic. Their songs are about getting in the longboats and pillaging.

Источник