unifi

install controller on proxmox

apt update
apt upgrade
apt install ca-certificates wget software-properties-common -y
wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh
bash unifi-latest.sh

ssh connect to AP

#--> ssh option
-oHostKeyAlgorithms=+ssh-dss

reconnect AP

 #per ssh on AP, then...
 set-inform http://<controller-IP/FQDN>:8080/inform

connection problems

reverse proxy

sudo apt install -y nginx
mkdir /etc/nginx/ssl
#chromium --> open https://...:8443 --> cert --> export -->der
#webconverter der --> pem
#save file in /etc/nginx/ssl/unifi.crt
chown root:root /etc/nginx/ssl/unifi.crt
chmod u=rw,go=r /etc/nginx/ssl/unifi.crt
nano /etc/nginx/sites-available/unifi.hostname.com
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. 
# The unifi default port is 8443 running on localhost. 
 
# License: CC0 (Public Domain)
 
server {
        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
 
        server_name unifi.hostname.com;
 
        # Needed to allow the websockets to forward well.
        # Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
        location /wss/ {
                proxy_pass https://localhost:8443;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_read_timeout 86400;
        }
 
        location / {
                proxy_pass https://localhost:8443/; # The Unifi Controller Port
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        }
 
        # Unifi still internally uses its own cert. This was converted to PEM and
        # is trusted for the sake of this proxy. See here for details:
        # https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/td-p/1406670
        ssl_trusted_certificate /etc/nginx/ssl/unifi/unifi-default-selfsign.pem;
 
        ssl_certificate /etc/letsencrypt/live/unifi.hostname.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/unifi.hostname.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
 
server {
        listen 80;
        listen [::]:80;
 
        server_name unifi.hostname.com;
 
        location / {
                return 301 https://$host$request_uri;
        }
}
#mkdir -p /etc/letsencrypt/live
scp /etc/letsencrypt root@unifi:/etc/

test

ngix -t
/etc/inid.d/nginx restart