Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

#204413 30-Sep-2016 16:54
Send private message quote this post

 

PLEASE NOTE! The controller URL has been moved - it is now hosted at https://gzunifi.murfy.nz:8443

 



I understand that for some of you getting into UniFi gear is a bit tedious because of the controller... Not anymore.

 

The server itself is managed by yours truly, I do have a fulltime job so will manage it in my spare time. This is intended for home/small business use. It is running the latest version of the UniFi controller software with LetsEncrypt for SSL. Pricing for UniFi products is available Here.

 

The server itself is kindly sponsored and hosted by Sitehost - https://sitehost.nz - they're also a provider I trust and offer excellent service.

 

Note: This controller is only available for people inside New Zealand on a residential IP address (eg - no VPN providers). You must have a device provisioned and working within a week of being provided access. If your devices stay offline for longer than 2 weeks and I have not had contact I'll assume the site is abandoned and not used and this, along with your user account will be removed.

 

Setup:
You'll first need to register for the UniFi portal. Please send me a DM with the following details:

Name: Your Name
Email Address: Your email address (I need to be able to send you a registration email)

Once you're provisioned you'll be able to set-inform your devices, you'll be granted rights with the ability to accept devices into your portal. Remember to do a set-inform twice once more once you've hit adopt in the controller to confirm the add.

 

UniFi Access Points:
Make sure that the UniFi is not adopted to any other UniFi controller before proceeding - if it is then you'll need to factory reset it.  If you're running an Edgerouter you can almost skip all these steps and look at this post.

 

Once you've opened up your shiny new UniFi access point and got an account on the UniFi portal you'll need to inform it. Plug it into your network first off and download / install the UniFi discovery tool (Chrome Extension) - there will be instructions here to inform it (but this is not working for me - typical...) however it essentially involves clicking "Manage" beside your access point and informing it to http://gzunifi.murfy.nz:8080/inform using the default user/pass of ubnt/ubnt. You need to run the inform twice - the first time to make it show up under devices in your portal and the 2nd time to accept the inform (when you've hit adopt in the portal).

 

The manual way when the tool doesn't work is to grab the IP address of your UniFi and SSH into it. Using Putty (Windows) or the SSH command (OSX, Linux) SSH into your access point with the username "ubnt" and password "ubnt" and run the command "set-inform http://gzunifi.murfy.nz:8080/inform" and you should get a response back. Note step 2 of the instructions that you need to do this twice when you've clicked adopt in the portal.

 

Click to see full size

 

USG:
This is just like the UniFi AP however you need to ensure you've got internet connectivity to the USG first (via WAN1) - navigate to https://192.168.1.1 first to connect it to the internet then run the set-inform on it. You'll need to run this twice (when it is in the adopting stage in the portal) for it to be accepted.

 

Note: To save you time adopt this first then simply plug in your other devices once it is adopted. Your other devices will automatically inform to the cloud controller pending adoption.

 

It can be a tad annoying to get the USG on VLAN 10 required for most UFB providers and FibreX - if you're with Voyager you can ask them to turn off VLAN however with other ISP's I've found this to be the easiest way to get around this:

 

1) Get your old router and set it to an IP range that is outside of the UniFi's - I use 192.168.10.0/24
2) Plug your USG in, set it up with DHCP in the internet options and adopt it to the controller.
3) Once it is online in the controller - set your ISP settings w/ VLAN. As it is provisioning the USG will go offline, give it a good 2 minutes then plug the USG into your ONT / Cable Modem.
4) Success - it should come online. If not, you'll need to factory reset and try again.

 

Tuning:
The settings I recommend for the UniFi AC access points are the following:

 

2.4GHz - HT20 (20MHz) (unless if you live in the middle of nowhere with no other WiFi congestion)
5GHz - VHT80 (80MHz) AC models only otherwise 40MHz.
Channel / Transmit power on both set to Auto. There is also Wireless AI available on this controller and by default this will run at 4am once a week to fine-tune your network.
Band Steering - Prefer 5G (AC / dual radio UniFi AP's only).

Disclaimer: this is a community project. Uptime is not at all guaranteed however in the event it does ever go down for a period of time your networks will still stay running as normal. Backups are made by the server on a daily basis off-site and community-based help is available in this thread. Approval to the UniFi controller is based on users having at-least 10 posts on Geekzone, introducing themselves in the Introductions thread, actually being a member for a period of time and on my general approval - do DM me anyway as there are some exceptions to this case.

 

I do also monitor the uptime here: https://uptime.murfy.nz/ 

 

There is also a post on the general security of this here (or below).





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7
chevrolux
4609 posts

Uber Geek

Trusted

  #1643385 30-Sep-2016 17:14
Send private message quote this post

Dam, i guess I better do an introduction on that thread to get access!


Sounddude
I fix stuff!
1850 posts

Uber Geek

Trusted
Vocus
Lifetime subscriber

  #1643387 30-Sep-2016 17:17
Send private message quote this post

Nice one!

I have built my own but this will be very useful for those who don't have the time time or skill to run their own.


 
 
 
 


michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1643389 30-Sep-2016 17:21
Send private message quote this post

Sounddude: Nice one!
I have built my own but this will be very useful for those who don't have the time time or skill to run their own.

 

Just what I was thinking. There are people who are needing a few UniFi UAP's for their house but don't want to deal with a controller or using the Cloud Key. This way I can assist people with getting better WiFi in their house which is especially important as from tomorrow ;)





GregF
52 posts

Master Geek


  #1643422 30-Sep-2016 18:14
Send private message quote this post

Sounddude: Nice one!
I have built my own but this will be very useful for those who don't have the time time or skill to run their own.

 

 

Snap.  @michaelmurfy - a +1 doesn't cover it - you Sir, deserve a beer!  Thank you - go forth in your awesomeness!

 

 Edit: splleling


michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1643448 30-Sep-2016 18:40
Send private message quote this post

Just on the matter of security. I understand having your network data stored in the cloud may worry you a bit so here is what I have done to help mitigate the worries:

 

- SSL is enabled site-wide with strong Cipher Suites (report here) and TLS 1.2 + 1.3 only. There is no HTTP enabled apart from what is required for adoption.
- Ports opened on the server are the minimal required to make the controller work - there is also IP blacklisting present on the server.
- SSH access is blocked off to my own personal management network (I have a bunch of managed servers) and not open to the world.
- Updates are handled mostly automatically however I do physically login to every one of my servers to do an security audit bi-weekly.
- The portal is monitored by Uptime Robot and I do aim for the best uptime possible.
- Nightly backups are run and stored off-site.

 

The UniFi portal in general is rather secure and all passwords are stored in the database as salted SHA512 - not even I can retrieve any passwords so if you forget it then you'll need to press "forgotten password" and get a new one.

 

I'll also never touch your site without permission (unless if it is during the initial setup phase) and am the only superadmin on this server, your site data is kept confidential by me. I'll never share anything without the explicit permission of the owner. Password resets (if required) are self-managed with a linked email address to your profile and I won't be providing support for password resets on the forum or via DM's unless if there is something seriously wrong.

 

I am using smtp2go as a mail relay for all email alerts which are signed (SPF, DKIM and DMARC).

 

Your site security is your responsibility but by doing my part too I hope you have the confidence to use a service like this. I am happy to provide some assistance with some configuration but again - only with the explicit permission of the user. If there is something on your site causing performance issues with the controller I will, in some cases, correct these myself.

 

UniFi updates are automated and I aim to use the latest stable version of the UniFi controller at all times. This does mean that legacy devices (such as the Square UniFi AC) are totally unsupported.

 

Finally, just like anything else I host, the server fully supports IPv6 including on the UniFi software. You can adopt your devices over IPv6 only if you so desire to.





PhantomNVD
2619 posts

Uber Geek
Inactive user


  #1643468 30-Sep-2016 19:06
Send private message quote this post

This looks to suit me perfectly, thanks Michael.

Quick question though, would this allow me to set static routes or alternate DNS'ing for clients connected to this UNIfy AP?

michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1643470 30-Sep-2016 19:12
Send private message quote this post

PhantomNVD: This looks to suit me perfectly, thanks Michael.

Quick question though, would this allow me to set static routes or alternate DNS'ing for clients connected to this UNIfy AP?

 

To be perfectly honest I am not too sure. I've used UniFi products extensively in the past (and use an Edgerouter Lite) however nothing I can use to test. Like, literally nothing. It is the full controller software so if you can do it in the bulk standard controller then you can do it here.





 
 
 
 


CYaBro
3345 posts

Uber Geek

Subscriber

  #1643489 30-Sep-2016 19:33
Send private message quote this post

PhantomNVD: This looks to suit me perfectly, thanks Michael.

Quick question though, would this allow me to set static routes or alternate DNS'ing for clients connected to this UNIfy AP?

 

Pretty sure you can't do that with the Unifi APs, they are not routers.

 

The cloud controller doesn't have to be up for the APs to work either, so it can't control DNS or anything like that.

 

 


chevrolux
4609 posts

Uber Geek

Trusted

  #1643490 30-Sep-2016 19:36
Send private message quote this post

PhantomNVD: This looks to suit me perfectly, thanks Michael.

Quick question though, would this allow me to set static routes or alternate DNS'ing for clients connected to this UNIfy AP?


No it can't. UAP's are not routers. But if your router was a Ubiquiti USG then you could use this controller to manage it.

Jax

Jax
89 posts

Master Geek


  #1643512 30-Sep-2016 21:03
Send private message quote this post

Nice work - just out of interest:

 

- is the server Windows or Linux?

 

- What is the requirement for a reverse proxy? what does that allow over NATting to the Server directly?

 

 

 

Cheers

 

 


michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1643514 30-Sep-2016 21:07
Send private message quote this post

Jax:

 

- is the server Windows or Linux?

 

Linux based. I don't get on well with Windows.

 

- What is the requirement for a reverse proxy? what does that allow over NATting to the Server directly?

 

Allows for things like full SSL encryption, HTTP2, and more verbose logging over using the standard UniFi port. Also arguably better security.

 

 





michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1643529 30-Sep-2016 21:43
Send private message quote this post

Well it works - there have been some devices adopted and upgraded successfully. I've updated the general OP.

 

Pretty good going for something I couldn't test!





davidcole
4980 posts

Uber Geek

Trusted

  #1659724 28-Oct-2016 13:03
Send private message quote this post

I've just bought a single UAP-AC-Lite that I'm waiting to be delivered, and thinking about jumping on your server (if you please).  The backups, these are backups of the APs? 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1659725 28-Oct-2016 13:04
Send private message quote this post

davidcole:

 

I've just bought a single UAP-AC-Lite that I'm waiting to be delivered, and thinking about jumping on your server (if you please).  The backups, these are backups of the APs? 

 

 

Sure - I'll provision you now and give you a login.





davidcole
4980 posts

Uber Geek

Trusted

  #1659729 28-Oct-2016 13:09
Send private message quote this post

michaelmurfy:

 

davidcole:

 

I've just bought a single UAP-AC-Lite that I'm waiting to be delivered, and thinking about jumping on your server (if you please).  The backups, these are backups of the APs? 

 

 

Sure - I'll provision you now and give you a login.

 

 

Cheers.  I'm sure I'll have some questions.  I want 2 ssids, one for my house and one for guests, but if possible without being too painful, I want the guests to have no access to my local network, but the apple tv and maybe chromecast.  Anyway, once up and running I'll post a thread about that.

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


 1 | 2 | 3 | 4 | 5 | 6 | 7
View this topic in a long page with up to 500 replies per page Create new topic





News »

Vodafone enables 5G roaming - for when international travel comes
Posted 30-Oct-2020 15:03


Spark awards funding to Kiwi businesses in 5G funding initiative
Posted 30-Oct-2020 14:58


Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.