What tag are you using

none (yet)

What do you expect to happen?

By specifying my CERTDIR I expect that import_cert imports my certificate into the container.

What actually happens?

import_cert won't find my certificate, because it is already chained and named fullchain.pem instead of cert.pem.

Proposal

I'd like to propose to add an option to specify if there are two files chain.pem and cert.pem, or if they are already chained. I'm happy to implement it and create a PR, but I created this issue to discuss the format of how we want to handle it.

I would say we could add an ENV variable CERTNAME that defaults to cert.pem and additionally add an ENV variable CHAINPROVIDED that defaults to false. If CHAINPROVIDED is set to true, we consider the file at "$CERTDIR/$CERTNAME" to be the chain and directly use it instead of concatenating a chain and a cert.

What do you think?

I cant add site. Only default site is available.

Looks like this is a recent problem on Jessie with openjdk-8-jre-headless: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851667

Host operating system

Debian GNU/Linux 8

What tag are you using

Example: latest

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

unifi:
    container_name: unifi
    # https://github.com/jacobalberty/unifi-docker
    image: jacobalberty/unifi:latest
    network_mode: host
    restart: always
    volumes:
      - ./data/unifi:/unifi
      - ./data/letsencrypt/certs/gateway.feliciterra.com:/unifi/cert

Note: A screenshot of your configuration page if using a gui is acceptable

What do you expect to happen?

system.properties to keep the settings that I change.

What actually happens?

system.properties is set back to default (everything commented) and my changes are removed.

I'm commenting specifically on the unifi5 docker file.

I docker exec'd into the running container and reviewed the declared volume folders and found the following:

/var/lib/unifi - This volume seems ok, contains MogoDB Data AND Unifi Server Logs + Settings
/var/log/unifi - This folder is empty.. Logs are contained in the previous mount.
/var/run/unifi - This folder is empty. Not sure what should/would have been here?
/usr/lib/unifi/work - This folder contains an empty folder called ROOT.. nothing else.

What's missing are the MongoDB logs... They can be found here: /usr/lib/unifi/logs/mongod.log

So I purpose we REMOVE /var/log/unifi /var/run/unifi /usr/lib/unifi/work and ADD /usr/lib/unifi/logs

So end result would be:
VOLUME ["/var/lib/unifi", "/usr/lib/unifi/logs"]

Thoughts? I'd be more than happy to submit a PR too...

Host operating system

Debian GNU/Linux 8

What tag are you using

latest

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

version: '3'
services:
  letsencrypt:
    container_name: letsencrypt
    image: csmith/letsencrypt-lexicon:latest
    restart: always
    environment:
      PROVIDER: 'dnsimple'
      ACCEPT_CA_TERMS: 'true'
    env_file:
      - .env
    volumes:
      - ./data/letsencrypt:/letsencrypt
  unifi:
    container_name: unifi
    # https://github.com/jacobalberty/unifi-docker
    image: jacobalberty/unifi:latest
    network_mode: host
    restart: always
    volumes:
      - ./data/unifi:/unifi
      - ./data/letsencrypt/certs/gateway.feliciterra.com:/unifi/cert

What do you expect to happen?

For the TLS certs to work when visiting with a browser.

What actually happens?

I've tried a variety of things here but can't seem to get anything to work. The error displayed in chrome is ERR_SSL_VERSION_OR_CIPHER_MISMATCH and in Firefox it's SSL_ERROR_NO_CYPHER_OVERLAP. If I remove my letsencrypt certificates everything works fine with the self-signed cert. It seems that the letsencrypt certs are broken when imported into unifi. These exact same certs I have mounted in other services and running just fine. I have rebuilt the container numerous times all with the same results.

Hello Jacob
First of all thanks for your great work. Can you please create the new package for version 5.4.14. Another question is there a way to upgrade to the latest version without redoing the container?

I just ran

~$ docker run --net=host -d jacobalberty/unifi:latest

Got this error:

4acb32b0ea26446bc809008a5b54dd402c5f0296edd2fd616733dd98a6800212
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused "apparmor failed to apply profile: no such file or directory"".

Any ideas what would cause this?

Thanks!

My APs are reporting that the STUN server on the controller is unavailable. I'm running this container with "-p 3478:3478", but when I attempt to connect using stun-client on the docker host I'm seeing an error.

bfdonny@muon:~$ docker ps --filter "name=unifi"

CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS                  PORTS                                                                                                                                                NAMES
d1b3cf7819e6        jacobalberty/unifi:stable   "/usr/local/bin/docke"   15 hours ago        Up 15 hours (healthy)   6789/tcp, 0.0.0.0:3478->3478/tcp, 0.0.0.0:8081->8081/tcp, 8080/tcp, 8843/tcp, 0.0.0.0:8443->8443/tcp, 3478/udp, 0.0.0.0:10001->10001/tcp, 8880/tcp   unifi

bfdonny@muon:~$ stun 192.168.0.172

STUN client version 0.97
Primary: Blocked or could not reach STUN server
Return value is 0x00001c

I'm not sure if I'm just doing something wrong, or if there's some other issue.

Host operating system

same

What tag are you using

latest for now

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker on synology nas.

What do you expect to happen?

a documentation section about upgrade to new container version.

What actually happens?

I don't know.

My problem is installing this causes my QNAP to lock up. I have a TS-451 QNAP.

I installed the Container Station so that was fine (took a bit but it worked) Then first I simply searched for the unifi and installed it that way based on another video and it locked up at 83% complete and my system was inaccessible. I needed to force a reboot, uninstall container station and do a media check of the drives.

I saw a video from the docker comments and decided to try installing it via SSH. The command I ran was:

docker run --name unifi-uap-controller --net=host -d jacobalberty/unifi:latest

It downloaded everything but it locked up while extracting the 200MB file and so I thought perhaps it was simply "stuck" so I went to bed and looked at it this morning. In the morning it was still inaccessible so I had to force a reboot again. This time I had to check the volume but at least Container station sort of loaded. I say sort of because it sat for 40 minutes on "loading" whereas before it gave a big red "can't load" error.

I ended up uninstalling it again and just putting my port back to 8080 and I'm deciding that my QNAP cannot handle this unless someone reading this knows what else I can do to get it installed.

Incidentally I have over 2TB of space available on the volume so it's not full.

Host operating system

Synology DiskStation / Docker controller

I still have 5.5.24 version running and want to upgrade to the 5.6 version. Normally i would use the following command:

docker run -d -p 3478:3478/udp -p 8080:8080 -p 8443:8443 -v /volume1/docker/unifi/:/var/lib/unifi --restart=always --name unifi jacobalberty/unifi:latest

Now with the new folder structure, can i still use it in this way ? Or do i have to do preparations before i can upgrade ? It it said that one should switch to new folder layout asap, but i do not know how. Simply replace folder names in above command would not be right i guess, because the folders (unifi/data - unifi/log) do not exist at the moment.

So basically, how to upgrade from 5.5.24 to 5.6.xx ? Many thanx,

This seems to be brokenn right now and as far as i can see also affects this repo:

https://community.ubnt.com/t5/UniFi-Routing-Switching/IMPORTANT-Debian-Ubuntu-users-MUST-READ-Updated-06-21/m-p/1968251#M48264

Is it possible to startup the container without all ports bound on the host?

It seems to me that if i do only bind port 8443 (for testing only) the container does not come up. Is there any reason for this?

I know i need more or all of the ports in production, but i do have other containers running on the same host using these ports already (8080)

Hi, could you change the dockerfile in a way so its possible to choose the installation verison of Unifi by ENV variable? For example just check if there is the ENV "PKGURL" configured, if not, then fallback to latest stable. Or is this already possible?

Starting unifi controller service.

Just pulled the latest image and am running it in docker on OMV 3. Log sits at
Starting unifi controller service.

Here is the full log with 1 reboot. Trying the stable tag now.
[2017-10-12 21:12:20,643] <docker-entrypoint> Starting unifi controller service.
[2017-10-12 21:19:51,358] <docker-entrypoint> Exit signal received, shutting down
/usr/local/bin/docker-entrypoint.sh: line 1: kill: (15) - No such process
[2017-10-12 21:19:58,589] <docker-entrypoint> Exit signal received, shutting down
[2017-10-12 21:20:02,184] <docker-entrypoint> Starting unifi controller service.

Was just reading over this:

https://blog.newrelic.com/2016/08/24/docker-health-check-instruction/

Seems like something like this would suffice:

curl -k -L --fail https://localhost:8443 || exit 1

Your docs want to be changed to open/map the UDP ports, e.g.,

-p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp

This is just to give a warning of the future, the current build system uses directories, docker hub supports using {sourceref} to create tags based on releases. I'd like to clean up the builds to use sourceref instead.

It might be a good idea to switch to Alpine Linux to decrease the image size. There might

There's an official image openjdk:8-jdk-alpine available now, and mongodb package on testing branch of Alpine.

Although it would be better if Ubiquiti offered an official package for Alpine.

Can you trigger a new build so that the latest tag is updated? Thanks!

According to @UBNT-JoeHughes;

In 5.3.X this is now possible and you can set the following in your system.properties file.

db.mongo.local=false
db.mongo.uri=mongodb://ubnt:password@IP_ADDRESS:PORT/unifi-test
statdb.mongo.uri=mongodb://ubnt:password@IP_ADDRESS:PORT/unifi-test_stat
unifi.db.name=unifi-test

db.mongo.local Set to false to use an external mongodb server and not star the local mongo db service.
db.mongo.uri The Mongo URI that should be used to connect to the remote mongo database.
statdb.mongo.uri The mongo uri for the external mongo stats database.
unifi.db.name This will default to ace so must be set to the name that can be connected and managed on the external mongo db server.

Make sure you notice in the URI that unifi.db.name is used for both stat and the main database.

So the mongo URI will work with any ip address… even if mongo is local… but the URI needs to be in the correct format to connect.

REF: https://community.ubnt.com/t5/UniFi-Wireless/External-MongoDB-Server/td-p/1305297

with the chain in chain.pem it does not work but if I put the cert and the chain together in cert.pem it's ok. Maybe you should change the doc?

Host operating system

CentOS Linux release 7.3.1611 (Core)

What tag are you using

latest

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker run --net=host -d
-e TZ='Europe/Berlin'
-v /opt/unifi:/unifi
--name unifi
jacobalberty/unifi:latest

Note: A screenshot of your configuration page if using a gui is acceptable

What do you expect to happen? chain and cert in cert.pem (real domain masked)

openssl s_client -servername unifi.xxx.net -connect unifi.xxx.net:8443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = unifi.xxx.net
verify return:1

Certificate chain
0 s:/CN=unifi.xxx.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

What actually happens? (chain in chain.pem)

openssl s_client -servername unifi.xxx.net -connect unifi.xxx.net:8443
CONNECTED(00000003)
depth=0 CN = unifi.xxx.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = unifi.xxx.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = unifi.xxx.net
verify error:num=21:unable to verify the first certificate
verify return:1

Certificate chain
0 s:/CN=unifi.xxx.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

Host operating system

Synology NAS

What tag are you using

Example: 5.6.19-sc

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

Example: sudo docker run -p 8080:8080 -p 8880:8880 -p 8843:8843 -p 6789:6789 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='Europe/Berlin' -e RUNAS_UID0='false' -e UNIFI_UID=1036 -e UNIFI_GID=100 -v /volume1/docker/unifi/2017-10-18:/unifi --name 2017-10-18-unifi-5.6.19-sc -d jacobalberty/unifi:5.6.19-sc

What do you expect to happen?

Container runs without error.

What actually happens?

I get an "groupmod: GID '100' already exists" error and the container does not run.
UID and GID are set in correspondece to the user I created for this container which owns the directory.

Possibly adding option -o (-o, --non-unique) to groupmod would help?!

Best regards

I can't seem to find where to upload the JSON files. I am using docker with synology.

Host operating system

QNAP TS-453A

What tag are you using

5.6.19

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

Example: docker run --rm --init -p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='Africa/Johannesburg' -v ~/unifi/data:/var/lib/unifi -v ~/unifi/logs:/var/log/unifi --name unifi jacobalberty/unifi:unifi5

Note: A screenshot of your configuration page if using a gui is acceptable

What do you expect to happen?

after setting the owner of the folder to the right user group i proceeded to create the container. i should be able to connect to the cloud service.

What actually happens?

there is no possibility to connect to the cloud service unless the RUNAS_UID0 is set to true

Jacob,

can you please provide a docker container for the current "unstable" version 5.5.6?
https://www.ubnt.com/downloads/unifi/5.5.6-b559495f0c/unifi_sysvinit_all.deb

According to ubnt support it should fix some issues which are not going to be fixed for the 5.4. branch.

Host operating system

Example: Fedora 26 with Docker version 17.09.0-ce, build afdb6d4

What tag are you using

latest

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker run -d --rm --init -p 8081:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -p 6789:6789 -e TZ='Europe/London' --mount source=unifi,target=/unifi --name unifi jacobalberty/unifi:latest

Note: A screenshot of your configuration page if using a gui is acceptable

What do you expect to happen?

Access point adopted and remains that way

What actually happens?

I see this in the server logs for a given day:

[root@tazmadlx log]# grep 2017-12-04 server.log | grep adopted | head
[2017-12-04 04:11:30,263] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:12:39,574] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:13:39,627] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:14:39,676] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:15:39,693] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:16:39,731] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:17:39,774] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:18:39,830] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:19:39,870] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:20:39,914] <ssh> INFO  event  - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[root@tazmadlx log]# grep 2017-12-04 server.log | grep adopted | wc -l
1091
[root@tazmadlx log]# 

There also seems to be some sort of memory leak caused by I suspect the java process, but then I am new to all the docker stuff so not 100% sure. I had seen a post about this issue somewhere but I can't seem to find it now so apologies if this was already resolved and I am doing something dumb.

In case it helps, am running:

openjdk version "1.8.0_151"
OpenJDK Runtime Environment (build 1.8.0_151-b12)
OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)

Thanks

I have a server running various things and use nginx to proxy to services based on hostname. When I try to proxy requests to localhost 8443 the page loads, but I get a 403 when trying to login. Is this configuration supported?

Ideally, I could turn off tls and just proxy to 8080, since nginx handles certs, but anyway I can get it to work is fine.

Host operating system

Ubuntu 17.10

What tag are you using

stable

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker run --restart=always --init -p 6789:6789 -p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='America/Los_Angeles' -v /path/unifi:/unifi --env RUNAS_UID0=false --name unifi -d jacobalberty/unifi:stable

New to docker but when I do an 'inspect' I don't see 10001/udp in there,

        "ExposedPorts": {
            "3478/udp": {},
            "6789/tcp": {},
            "8080/tcp": {},
            "8443/tcp": {},
            "8843/tcp": {},
            "8880/tcp": {}
        },

Is that an oversight?

This is in fact unnecessary, though full network access is more convenient, it causes all sorts of issues such as conflicts with other containers and/or services on the host. IMHO, a better option is to just expose ports 8443 and 8080 (EDIT: and 10001/udp) (both of which can be re-mapped), and then SSH:ing into the AP and issuing the following commands:

# mca-cli
# set-inform http://<host_ip>:8080/inform

(where host_ip is the IP of the machine running Docker, and 8080 can be changed as appropriate if the port is remapped).

This makes the container play a lot more nicely in a multi-container system.

(Disclaimer: I got this information from a forum thread, but I verified this working and I am currently running your container this way)

Hello jacob

just to let you now that 5.4.17 is out

Hello Jacob

can you make the container for 5.4.18?

Specifying a non-default UI/API port via "unifi.https.port" in the system properties causes the HEALTHCHECK to fail as it is hard-coded to try to connect to the default port (8443).

For example we are giving the container its own IP and setting the UI/API port to the standard HTTPS port (443) so users can be given a nice simple URL with no port specification.

See pull request: #61

First of all thanks for this image! Very nice, saves me having to install all kinds of Java stuff ;)

I just started the container/the controller for the first time and it seems like the timezone env var isn't being picked up. I passed TZ='Europe/Amsterdam' as env var, yet the setup wizard has "Brussels, Copenhagen, Madrid, Paris" selected.
Any idea why this isn't working?

And I was wondering if it would be possible to pass the country as an env var as well, just like the timezone. Hoping to be able to just skip the initial setup screen when starting a clean container :)

At least the current unifi:arm32v7-beta image's architecture is amd64 in the image metadata.
It works fine when run on stand-alone container (with docker run or docker-compose up) but noticed that when I tried to setup a swarm and run it as a service it got stuck in pending state as there were no amd64 machines in my swarm.

The Unifi controller software supports being the DHCP server for the network settings of a site but when using the container there is no port exposed so DHCP will not work.

The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the BOOTP protocol. UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client. (Wikipedia: DHCP)

So for supporting DHCP please add an EXPOSE of 67/udp to the image.

When attempting to upload custom image for the coverage maps, it yields an error message and nothing displays. The sample image also disappears after attempting to upload the first custom image.

I'm having issues running this in vSphere Integrated Containers but it can certainly be user error. This is a lab environment that I built yesterday and yesterday was also the first time I ever typed "docker" into my CLI so noob-level is quite high. Here are the steps I took to create the environment:

Create the VCH
.\vic-machine-windows.exe create --name unifi --target ESX-server-IP --user root --password "ESXrootpassword" --no-tlsverify --force --image-store "ESX-Datastore-name" --volume-store ESX-Datastore-name/docker-volume-folder:default --dns-server 10.0.0.10 --public-network-ip 10.0.0.20/24 --public-network-gateway 10.0.0.1

This appears to correctly build the virtual container host. I can query it using the docker client in a shell:

$ docker -H 10.0.0.20:2376 --tls info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: v1.1.1-10711-56a309f
Storage Driver: vSphere Integrated Containers v1.1.1-10711-56a309f Backend Engine
VolumeStores: default
vSphere Integrated Containers v1.1.1-10711-56a309f Backend Engine: RUNNING
VCH CPU limit: 3679 MHz
VCH memory limit: 27.93 GiB
VCH CPU usage: 58 MHz
VCH memory usage: 4.898 GiB
VMware Product: VMware ESXi
VMware OS: vmnix-x86
VMware OS version: 6.5.0
Plugins:
Volume: vsphere
Network: bridge
Swarm: inactive
Operating System: vmnix-x86
OSType: vmnix-x86
Architecture: x86_64
CPUs: 3679
Total Memory: 27.93GiB
ID: vSphere Integrated Containers
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Registry: registry-1.docker.io
Experimental: false
Live Restore Enabled: false

When I attempt to run unifi-docker, though it appears to hang after "Starting unifi controller service" as seen here:
$ docker -H 10.0.0.20:2376 --tls run --rm -p 8080:8080 -p 8443:8443 -p 3478:3478 -p 10001:10001 -e TZ='America/Denver' -v /var/lib/unifi -v /var/log/unifi --name unifi jacobalberty/unifi:stable
Unable to find image 'jacobalberty/unifi:stable' locally
Pulling from jacobalberty/unifi
5233d9aed181: Pull complete
a3ed95caeb02: Pull complete
2e02715fac5e: Pull complete
78a9ca0f090f: Pull complete
3142747da002: Pull complete
8f15781934fa: Pull complete
b9ffd3cc8d63: Pull complete
4fcde711a5af: Pull complete
b13b02c3b14b: Pull complete
0720fe1df3cd: Pull complete
de35a6c93f7b: Pull complete
Digest: sha256:d7bcce256790e59d140105cee309667dfe961ed5e1e98d4272a2eb6ee03d5a99
Status: Downloaded newer image for jacobalberty/unifi:stable
Starting unifi controller service.

A docker ps shows this:
$ docker -H 10.0.0.20:2376 --tls ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27cd00abfcd9 jacobalberty/unifi:stable "/usr/bin/dumb-ini..." Less than a second ago Up 2 hours 10.0.0.20:3478->3478/tcp, 10.0.0.20:8080->8080/tcp, 10.0.0.20:8443->8443/tcp, 10.0.0.20:10001->10001/tcp unifi

Hitting http://10.0.0.20:8080 in a browser appears to connect, but then I'm stuck at "Waiting for 10.0.0.20..."

Using this same basic method for VCH creation and docker deployment for a simple "hello world" webserver works fine, so I think the basic method I'm using is sound but I'm probably just missing a detail somewhere? Any pointers on where to look or any information I can provide to better illuminate this?

First let me lay out what I had, I had the Unifi:5.4.11 container, setup on a Marathon/Mesos. Now, it should not matter that it was here, I volume mounted data, run, and lib directories as instructed to persistent storage, so that's great, I am also running it in HOST network mode.

This was working for me, I would run it, do things I need to do , and then I would shut it down as to not waste resources. When I needed to upgrade/config I'd just start the service and go from there. Today, when I went to start the service, it starts and stays up, however, the actual service isn't running.

My outputs are this...

From a Mesos perspective, there is nothing in Standard Error, and in Standard Log there only "Starting unifi controller service."

In the log directly, there are only two files unifi.err.log and unifi.out.log. unifi.out.log is empty (but is created when I start the container). unifi.err.log has only the string "Service killed by signal 11" it it repeats and grows if I leave things running.

If I go into the container, these are the only processes running:

1 ?        Ss     0:00 /usr/bin/dumb-init -- /usr/local/bin/unifi.sh
7 ?        Ss     0:00 sh /usr/local/bin/unifi.sh

10 ? S 0:00 unifi -nodetach -home /usr/lib/jvm/java-8-openjdk-amd64 -classpath /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pidfile /var/run/unifi/unifi.pid -procname unifi -outfile /var/log/unifi/unifi.out.log -errfile /var/log/unifi/unifi.err.lo
g -Dunifi.datadir=/var/lib/unifi -Dunifi.rundir=/var/run/unifi -Dunifi.logdir=/var/log/unifi -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Xmx1024M com.ubnt.ace.Launcher start

If I kill -9 pid 10 the container stops (probably expected)

Some other things:

• /var/lib/mongodb is empty... is that intended?
• In /var/log no other log files seem to have any info on what is happening (Any other place to look)
• I tried upgrading to a 5.4.16 image, and then a 5.5.11 image and am getting the same result.

I typically am competent at troubleshooting, but I am at a loss on how to approach this. Ideally I'd like this to work without having to start from scratch and readopt and setup my network... Anything would be appreciated.

John

Host operating system

Open Media Vault 3.0.80 (Erasmus)

What tag are you using

Stable

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

IMAGE OF CONFIG FOR DOCKER CONTAINER

What do you expect to happen?

What actually happens?

After a recent docker container upgrade I have stopped being able to access the web portal (port: 8443) and get the following browser error:
Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

I have checked the directory layouts as per the new changes (eg. changed /unifi/lib to /unifi/data) and set the relevant privileges.
I also tried the solution given here and restarted but have not had any luck.

The output from docker-healthcheck.sh gives this error:

curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I am not sure what else to try here, I have not done anything unusual to this container. Has anybody else experienced this?

Host operating system

Synology DSM

What tag are you using

Example: 5.5.24

What actually happens?

I was using your 5.5.20 image without issues. I now upgraded to your 5.5.24 image and now Chrome tells me:

This site can’t provide a secure connection

controller.internal.headincloud.be uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

I tried mapping my data logdir to the new paths (/unifi/data and /unifi/log instead of /var/lib/unifi and /var/log/unifi), but this makes no difference.

This is the log from the container:

2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,242] <docker-entrypoint> WARNING: Running UniFi in insecure (root) mode
2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,240] <docker-entrypoint> Starting unifi controller service.
2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,228] <docker-entrypoint> Done!
2017-10-16 20:16:01 | stdout | Unable to import the certificate into keystore
  |   |  
2017-10-16 20:16:00 | stdout | [2017-10-16 22:16:00,054] <docker-entrypoint> Importing cert into Unifi database...
2017-10-16 20:15:59 | stdout | keytool error: java.lang.Exception: Source keystore file exists, but is empty: /tmp/tmp.rwH5Asisiy
2017-10-16 20:15:59 | stdout | [2017-10-16 22:15:59,365] <docker-entrypoint> Inserting certificate into Unifi keystore...
2017-10-16 20:15:59 | stdout | keytool error: java.lang.Exception: Alias <unifi> does not exist
  |   |  
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,761] <docker-entrypoint> Removing existing certificate from Unifi protected keystore...
2017-10-16 20:15:58 | stdout | pkcs12: Use -help for summary.
  |   |  
2017-10-16 20:15:58 | stdout | pkcs12: Cannot open input file /unifi/cert/cert.pem, No such file or directory
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,753] <docker-entrypoint> Using openssl to prepare certificate...
2017-10-16 20:15:58 | stdout | md5sum: /unifi/cert/cert.pem: No such file or directory
  |   |  
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,749] <docker-entrypoint> Cert has changed, updating controller...
2017-10-16 20:15:58 | stdout | x509: Use -help for summary.
  |   |  
2017-10-16 20:15:58 | stdout | x509: Cannot open input file /unifi/cert/cert.pem, No such fil
e or directory
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,461] <docker-entrypoint> Cert directory found. Checking Certs

After shutting down and restarting the docker this is what i get

Starting unifi controller service.
WARN: unifi service process ended without being singaled? Check for errors in /var/log/unifi.

I'm working on building in custom ssl certificates. My thinking is add a new volume say /config/ for image specific configuration (to allow expansion of more quick configuration options)
then put your entire keychain in say /config/ssl.pfx. Then to trigger a new certificate you would delete /usr/lib/unifi/data/keystore and restart your container.

Posting this so if anyone wants to give any input on the feature design ahead of time they can.

I do not presently have any working ARM systems but I am trying cross building this image to run on ARM systems through qemu.

Standard ports used by Unifi controller are very well-known and I had quite huge numbers of attempts to break in.
Now I am using non-standard ports and there are no connections from unknown locations.

Unifi Controller has a simple way to change it in the system.properties file

## device inform
# unifi.http.port=8080
## controller UI / API
# unifi.https.port=8443

Would you be able to add Environment Variables to manage it as you already have support to change settings for MongoDB?

It could be some code before confSet

if [ -z "$UNIFI_HTTP_PORT" ]; then
  settings["unifi.http.port"]="8080"
elif
  settings["unifi.http.port"]="UNIFI_HTTP_PORT"
fi

if [ -z "$UNIFI_HTTPS_PORT" ]; then
  settings["unifi.https.port"]="8443"
elif
  settings["unifi.https.port"]="UNIFI_HTTPS_PORT"
fi

When I install the docker I get the following in the console log
OpenJDK 64-bit Server Warning : You have loaded library /usr/lib/unifi/native/Linux/amd64/libubnt_webrtc_jni.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It is highly recommended that you fix the library with 'execstack -c , or link it with 'noexecstack'

I do get a URL that shows:
HTTP status 400
description: The request sent by the client was syntactically incorrect.

I'm trying to load this in container station for QNAP.

Host operating system

macOS High Sierra 10.13

Docker Version

Client:
 Version:      17.09.0-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:40:09 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.09.0-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:45:38 2017
 OS/Arch:      linux/amd64
 Experimental: false

What tag are you using

Example: beta

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker build -t unifi-beta --build-arg PKGURL=<unifi-beta-controller-url>/unifi_sysvinit_all.deb .

What do you expect to happen?

Command within Dockerfile to retrieve the PGP key should succeed, and then proceed to import it/continue as normal.

What actually happens?

[...]


2017-10-16 06:31:30 (33.1 MB/s) - '/usr/local/bin/gosu.asc' saved [543/543]

+ mktemp -d
+ export GNUPGHOME=/tmp/tmp.8DN8Bjgz7Y
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg: keybox '/tmp/tmp.8DN8Bjgz7Y/pubring.kbx' created
gpg: keyserver receive failed: Cannot assign requested address

If I run the same gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 command on my host system (same network path to the keyserver), I also observe an error. The GPG version is different, so the output differs a little:

gpg: keyserver receive failed: No data

Similar issue reported elsewhere

This is the same issue as reported in this other project's issue, and it is not specific to that project nor this one, but just an issue with the particular GPG keyserver that is being used: tianon/gosu#35

There is a workaround suggested in that issue thread for trying several explicit keyservers until the command succeeds, since it appears that if a single server within a pool fails, the client just aborts entirely. Would you be open to having something like that implemented to handle this situation?

I'm trying to run the docker image on a Raspberry Pi 3 but docker run and docker build both fail with:

standard_init_linux.go:178: exec user process caused "exec format error"

System details

$ lsb_release -a
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 8.0 (jessie)
Release:	8.0
Codename:	jessie

$ uname -a
Linux aloy 4.9.35-v7+ #1014 SMP Fri Jun 30 14:47:43 BST 2017 armv7l GNU/Linux

Errors during docker build

On running docker build -t unifi-controller-arm:0.0.1 ./Dockerfile I get the following error:

standard_init_linux.go:178: exec user process caused "exec format error"

Removing intermediate container ee2097b6333a
Step 5/19 : RUN echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/10backports.list &&   echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" > /etc/apt/sources.list.d/20ubiquiti.list &&   apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
 ---> Running in 92d58b1e9a16
standard_init_linux.go:178: exec user process caused "exec format error"
The command '/bin/sh -c echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/10backports.list &&   echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" > /etc/apt/sources.list.d/20ubiquiti.list &&   apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50' returned a non-zero code: 1

Any ideas?

Host operating system

Ubuntu 16.04 4.4.0-97-generic

What tag are you using

latest; 5.6.19 stable, but was happening on all 5.6.xx-sc

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

version: '2.2'
services:
unifi:
image: jacobalberty/unifi
init: true
ports:
- 8080:8080
- 8443:8443
- 8843:8843
- 8880:8880
- 3478:3478/udp
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
volumes:
- /apps/unifi/config:/var/lib/unifi
- /apps/unifi/logs:/var/log/unifi
- /apps/unifi/run:/var/run/unifi

Note: A screenshot of your configuration page if using a gui is acceptable

What do you expect to happen?

Graph times set to America/Denver timezone

What actually happens?

The time in all graphs in the controller are off by +6 hours, not sure if it is my config or a bug in unifi