Metainformationen zur Seite
unifi
install controller on proxmox
apt update apt upgrade apt install ca-certificates wget software-properties-common -y wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh bash unifi-latest.sh
ssh connect to AP
#--> ssh option -oHostKeyAlgorithms=+ssh-dss
reconnect AP
#per ssh on AP, then... set-inform http://<controller-IP/FQDN>:8080/inform
connection problems
reverse proxy
sudo apt install -y nginx mkdir /etc/nginx/ssl #chromium --> open https://...:8443 --> cert --> export -->der #webconverter der --> pem #save file in /etc/nginx/ssl/unifi.crt chown root:root /etc/nginx/ssl/unifi.crt chmod u=rw,go=r /etc/nginx/ssl/unifi.crt nano /etc/nginx/sites-available/unifi.hostname.com
- change hostname
- change self-sign cert
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. # The unifi default port is 8443 running on localhost. # License: CC0 (Public Domain) server { # SSL configuration # listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name unifi.hostname.com; # Needed to allow the websockets to forward well. # Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354 location /wss/ { proxy_pass https://localhost:8443; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_read_timeout 86400; } location / { proxy_pass https://localhost:8443/; # The Unifi Controller Port proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; } # Unifi still internally uses its own cert. This was converted to PEM and # is trusted for the sake of this proxy. See here for details: # https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670 ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem; ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot } server { listen 80; listen [::]:80; server_name unifi.hostname.com; location / { return 301 https://$host$request_uri; } }
#mkdir -p /etc/letsencrypt/live scp /etc/letsencrypt root@unifi:/etc/
test
ngix -t /etc/inid.d/nginx restart