jacobalberty / unifi-docker Goto Github PK
View Code? Open in Web Editor NEWUnifi Docker files
License: MIT License
Unifi Docker files
License: MIT License
First of all thanks for this image! Very nice, saves me having to install all kinds of Java stuff ;)
I just started the container/the controller for the first time and it seems like the timezone env var isn't being picked up. I passed TZ='Europe/Amsterdam'
as env var, yet the setup wizard has "Brussels, Copenhagen, Madrid, Paris" selected.
Any idea why this isn't working?
And I was wondering if it would be possible to pass the country as an env var as well, just like the timezone. Hoping to be able to just skip the initial setup screen when starting a clean container :)
I'm commenting specifically on the unifi5 docker file.
I docker exec'd into the running container and reviewed the declared volume folders and found the following:
/var/lib/unifi - This volume seems ok, contains MogoDB Data AND Unifi Server Logs + Settings
/var/log/unifi - This folder is empty.. Logs are contained in the previous mount.
/var/run/unifi - This folder is empty. Not sure what should/would have been here?
/usr/lib/unifi/work - This folder contains an empty folder called ROOT.. nothing else.
What's missing are the MongoDB logs... They can be found here: /usr/lib/unifi/logs/mongod.log
So I purpose we REMOVE /var/log/unifi /var/run/unifi /usr/lib/unifi/work and ADD /usr/lib/unifi/logs
So end result would be:
VOLUME ["/var/lib/unifi", "/usr/lib/unifi/logs"]
Thoughts? I'd be more than happy to submit a PR too...
According to @UBNT-JoeHughes;
In 5.3.X this is now possible and you can set the following in your system.properties file.
db.mongo.local=false
db.mongo.uri=mongodb://ubnt:password@IP_ADDRESS:PORT/unifi-test
statdb.mongo.uri=mongodb://ubnt:password@IP_ADDRESS:PORT/unifi-test_stat
unifi.db.name=unifi-test
db.mongo.local Set to false to use an external mongodb server and not star the local mongo db service.
db.mongo.uri The Mongo URI that should be used to connect to the remote mongo database.
statdb.mongo.uri The mongo uri for the external mongo stats database.
unifi.db.name This will default to ace so must be set to the name that can be connected and managed on the external mongo db server.
Make sure you notice in the URI that unifi.db.name is used for both stat and the main database.
So the mongo URI will work with any ip address… even if mongo is local… but the URI needs to be in the correct format to connect.
REF: https://community.ubnt.com/t5/UniFi-Wireless/External-MongoDB-Server/td-p/1305297
Open Media Vault 3.0.80 (Erasmus)
Stable
IMAGE OF CONFIG FOR DOCKER CONTAINER
After a recent docker container upgrade I have stopped being able to access the web portal (port: 8443) and get the following browser error:
Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I have checked the directory layouts as per the new changes (eg. changed /unifi/lib to /unifi/data) and set the relevant privileges.
I also tried the solution given here and restarted but have not had any luck.
The output from docker-healthcheck.sh gives this error:
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
I am not sure what else to try here, I have not done anything unusual to this container. Has anybody else experienced this?
Ubuntu 16.04 4.4.0-97-generic
latest; 5.6.19 stable, but was happening on all 5.6.xx-sc
version: '2.2'
services:
unifi:
image: jacobalberty/unifi
init: true
ports:
- 8080:8080
- 8443:8443
- 8843:8843
- 8880:8880
- 3478:3478/udp
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
volumes:
- /apps/unifi/config:/var/lib/unifi
- /apps/unifi/logs:/var/log/unifi
- /apps/unifi/run:/var/run/unifi
Note: A screenshot of your configuration page if using a gui is acceptable
Graph times set to America/Denver timezone
The time in all graphs in the controller are off by +6 hours, not sure if it is my config or a bug in unifi
Hello Jacob
can you make the container for 5.4.18?
Your docs want to be changed to open/map the UDP ports, e.g.,
-p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp
Was just reading over this:
https://blog.newrelic.com/2016/08/24/docker-health-check-instruction/
Seems like something like this would suffice:
curl -k -L --fail https://localhost:8443 || exit 1
I cant add site. Only default site is available.
Can you trigger a new build so that the latest tag is updated? Thanks!
Is it possible to startup the container without all ports bound on the host?
It seems to me that if i do only bind port 8443 (for testing only) the container does not come up. Is there any reason for this?
I know i need more or all of the ports in production, but i do have other containers running on the same host using these ports already (8080)
none
(yet)
By specifying my CERTDIR
I expect that import_cert
imports my certificate into the container.
import_cert
won't find my certificate, because it is already chained and named fullchain.pem
instead of cert.pem
.
I'd like to propose to add an option to specify if there are two files chain.pem
and cert.pem
, or if they are already chained. I'm happy to implement it and create a PR, but I created this issue to discuss the format of how we want to handle it.
I would say we could add an ENV variable CERTNAME
that defaults to cert.pem
and additionally add an ENV variable CHAINPROVIDED
that defaults to false
. If CHAINPROVIDED
is set to true
, we consider the file at "$CERTDIR/$CERTNAME"
to be the chain and directly use it instead of concatenating a chain and a cert.
What do you think?
macOS High Sierra 10.13
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:09 2017
OS/Arch: darwin/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:45:38 2017
OS/Arch: linux/amd64
Experimental: false
Example: beta
docker build -t unifi-beta --build-arg PKGURL=<unifi-beta-controller-url>/unifi_sysvinit_all.deb .
Command within Dockerfile to retrieve the PGP key should succeed, and then proceed to import it/continue as normal.
[...]
2017-10-16 06:31:30 (33.1 MB/s) - '/usr/local/bin/gosu.asc' saved [543/543]
+ mktemp -d
+ export GNUPGHOME=/tmp/tmp.8DN8Bjgz7Y
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg: keybox '/tmp/tmp.8DN8Bjgz7Y/pubring.kbx' created
gpg: keyserver receive failed: Cannot assign requested address
If I run the same gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
command on my host system (same network path to the keyserver), I also observe an error. The GPG version is different, so the output differs a little:
gpg: keyserver receive failed: No data
This is the same issue as reported in this other project's issue, and it is not specific to that project nor this one, but just an issue with the particular GPG keyserver that is being used: tianon/gosu#35
There is a workaround suggested in that issue thread for trying several explicit keyservers until the command succeeds, since it appears that if a single server within a pool fails, the client just aborts entirely. Would you be open to having something like that implemented to handle this situation?
Synology DiskStation / Docker controller
I still have 5.5.24 version running and want to upgrade to the 5.6 version. Normally i would use the following command:
docker run -d -p 3478:3478/udp -p 8080:8080 -p 8443:8443 -v /volume1/docker/unifi/:/var/lib/unifi --restart=always --name unifi jacobalberty/unifi:latest
Now with the new folder structure, can i still use it in this way ? Or do i have to do preparations before i can upgrade ? It it said that one should switch to new folder layout asap, but i do not know how. Simply replace folder names in above command would not be right i guess, because the folders (unifi/data - unifi/log) do not exist at the moment.
So basically, how to upgrade from 5.5.24 to 5.6.xx ? Many thanx,
Hi, could you change the dockerfile in a way so its possible to choose the installation verison of Unifi by ENV variable? For example just check if there is the ENV "PKGURL" configured, if not, then fallback to latest stable. Or is this already possible?
Jacob,
can you please provide a docker container for the current "unstable" version 5.5.6?
https://www.ubnt.com/downloads/unifi/5.5.6-b559495f0c/unifi_sysvinit_all.deb
According to ubnt support it should fix some issues which are not going to be fixed for the 5.4. branch.
This is just to give a warning of the future, the current build system uses directories, docker hub supports using {sourceref} to create tags based on releases. I'd like to clean up the builds to use sourceref instead.
Hello jacob
just to let you now that 5.4.17 is out
This seems to be brokenn right now and as far as i can see also affects this repo:
I'm having issues running this in vSphere Integrated Containers but it can certainly be user error. This is a lab environment that I built yesterday and yesterday was also the first time I ever typed "docker" into my CLI so noob-level is quite high. Here are the steps I took to create the environment:
Create the VCH
.\vic-machine-windows.exe create --name unifi --target ESX-server-IP --user root --password "ESXrootpassword" --no-tlsverify --force --image-store "ESX-Datastore-name" --volume-store ESX-Datastore-name/docker-volume-folder:default --dns-server 10.0.0.10 --public-network-ip 10.0.0.20/24 --public-network-gateway 10.0.0.1
This appears to correctly build the virtual container host. I can query it using the docker client in a shell:
$ docker -H 10.0.0.20:2376 --tls info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: v1.1.1-10711-56a309f
Storage Driver: vSphere Integrated Containers v1.1.1-10711-56a309f Backend Engine
VolumeStores: default
vSphere Integrated Containers v1.1.1-10711-56a309f Backend Engine: RUNNING
VCH CPU limit: 3679 MHz
VCH memory limit: 27.93 GiB
VCH CPU usage: 58 MHz
VCH memory usage: 4.898 GiB
VMware Product: VMware ESXi
VMware OS: vmnix-x86
VMware OS version: 6.5.0
Plugins:
Volume: vsphere
Network: bridge
Swarm: inactive
Operating System: vmnix-x86
OSType: vmnix-x86
Architecture: x86_64
CPUs: 3679
Total Memory: 27.93GiB
ID: vSphere Integrated Containers
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Registry: registry-1.docker.io
Experimental: false
Live Restore Enabled: false
When I attempt to run unifi-docker, though it appears to hang after "Starting unifi controller service" as seen here:
$ docker -H 10.0.0.20:2376 --tls run --rm -p 8080:8080 -p 8443:8443 -p 3478:3478 -p 10001:10001 -e TZ='America/Denver' -v /var/lib/unifi -v /var/log/unifi --name unifi jacobalberty/unifi:stable
Unable to find image 'jacobalberty/unifi:stable' locally
Pulling from jacobalberty/unifi
5233d9aed181: Pull complete
a3ed95caeb02: Pull complete
2e02715fac5e: Pull complete
78a9ca0f090f: Pull complete
3142747da002: Pull complete
8f15781934fa: Pull complete
b9ffd3cc8d63: Pull complete
4fcde711a5af: Pull complete
b13b02c3b14b: Pull complete
0720fe1df3cd: Pull complete
de35a6c93f7b: Pull complete
Digest: sha256:d7bcce256790e59d140105cee309667dfe961ed5e1e98d4272a2eb6ee03d5a99
Status: Downloaded newer image for jacobalberty/unifi:stable
Starting unifi controller service.
A docker ps shows this:
$ docker -H 10.0.0.20:2376 --tls ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27cd00abfcd9 jacobalberty/unifi:stable "/usr/bin/dumb-ini..." Less than a second ago Up 2 hours 10.0.0.20:3478->3478/tcp, 10.0.0.20:8080->8080/tcp, 10.0.0.20:8443->8443/tcp, 10.0.0.20:10001->10001/tcp unifi
Hitting http://10.0.0.20:8080 in a browser appears to connect, but then I'm stuck at "Waiting for 10.0.0.20..."
Using this same basic method for VCH creation and docker deployment for a simple "hello world" webserver works fine, so I think the basic method I'm using is sound but I'm probably just missing a detail somewhere? Any pointers on where to look or any information I can provide to better illuminate this?
with the chain in chain.pem it does not work but if I put the cert and the chain together in cert.pem it's ok. Maybe you should change the doc?
CentOS Linux release 7.3.1611 (Core)
latest
docker run --net=host -d
-e TZ='Europe/Berlin'
-v /opt/unifi:/unifi
--name unifi
jacobalberty/unifi:latest
Note: A screenshot of your configuration page if using a gui is acceptable
Certificate chain
0 s:/CN=unifi.xxx.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Certificate chain
0 s:/CN=unifi.xxx.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
My problem is installing this causes my QNAP to lock up. I have a TS-451 QNAP.
I installed the Container Station so that was fine (took a bit but it worked) Then first I simply searched for the unifi and installed it that way based on another video and it locked up at 83% complete and my system was inaccessible. I needed to force a reboot, uninstall container station and do a media check of the drives.
I saw a video from the docker comments and decided to try installing it via SSH. The command I ran was:
docker run --name unifi-uap-controller --net=host -d jacobalberty/unifi:latest
It downloaded everything but it locked up while extracting the 200MB file and so I thought perhaps it was simply "stuck" so I went to bed and looked at it this morning. In the morning it was still inaccessible so I had to force a reboot again. This time I had to check the volume but at least Container station sort of loaded. I say sort of because it sat for 40 minutes on "loading" whereas before it gave a big red "can't load" error.
I ended up uninstalling it again and just putting my port back to 8080 and I'm deciding that my QNAP cannot handle this unless someone reading this knows what else I can do to get it installed.
Incidentally I have over 2TB of space available on the volume so it's not full.
Hello Jacob
First of all thanks for your great work. Can you please create the new package for version 5.4.14. Another question is there a way to upgrade to the latest version without redoing the container?
I do not presently have any working ARM systems but I am trying cross building this image to run on ARM systems through qemu.
I'm trying to run the docker image on a Raspberry Pi 3 but docker run
and docker build
both fail with:
standard_init_linux.go:178: exec user process caused "exec format error"
$ lsb_release -a
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie
$ uname -a
Linux aloy 4.9.35-v7+ #1014 SMP Fri Jun 30 14:47:43 BST 2017 armv7l GNU/Linux
docker build
On running docker build -t unifi-controller-arm:0.0.1 ./Dockerfile
I get the following error:
standard_init_linux.go:178: exec user process caused "exec format error"
Removing intermediate container ee2097b6333a
Step 5/19 : RUN echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/10backports.list && echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" > /etc/apt/sources.list.d/20ubiquiti.list && apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
---> Running in 92d58b1e9a16
standard_init_linux.go:178: exec user process caused "exec format error"
The command '/bin/sh -c echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/10backports.list && echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" > /etc/apt/sources.list.d/20ubiquiti.list && apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50' returned a non-zero code: 1
Any ideas?
When I install the docker I get the following in the console log
OpenJDK 64-bit Server Warning : You have loaded library /usr/lib/unifi/native/Linux/amd64/libubnt_webrtc_jni.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It is highly recommended that you fix the library with 'execstack -c , or link it with 'noexecstack'
I do get a URL that shows:
HTTP status 400
description: The request sent by the client was syntactically incorrect.
I'm trying to load this in container station for QNAP.
Specifying a non-default UI/API port via "unifi.https.port" in the system properties causes the HEALTHCHECK to fail as it is hard-coded to try to connect to the default port (8443).
For example we are giving the container its own IP and setting the UI/API port to the standard HTTPS port (443) so users can be given a nice simple URL with no port specification.
See pull request: #61
I have a server running various things and use nginx to proxy to services based on hostname. When I try to proxy requests to localhost 8443 the page loads, but I get a 403 when trying to login. Is this configuration supported?
Ideally, I could turn off tls and just proxy to 8080, since nginx handles certs, but anyway I can get it to work is fine.
Ubuntu 17.10
stable
docker run --restart=always --init -p 6789:6789 -p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='America/Los_Angeles' -v /path/unifi:/unifi --env RUNAS_UID0=false --name unifi -d jacobalberty/unifi:stable
It might be a good idea to switch to Alpine Linux to decrease the image size. There might
There's an official image openjdk:8-jdk-alpine available now, and mongodb package on testing branch of Alpine.
Although it would be better if Ubiquiti offered an official package for Alpine.
Example: Fedora 26 with Docker version 17.09.0-ce, build afdb6d4
latest
docker run -d --rm --init -p 8081:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -p 6789:6789 -e TZ='Europe/London' --mount source=unifi,target=/unifi --name unifi jacobalberty/unifi:latest
Note: A screenshot of your configuration page if using a gui is acceptable
Access point adopted and remains that way
I see this in the server logs for a given day:
[root@tazmadlx log]# grep 2017-12-04 server.log | grep adopted | head
[2017-12-04 04:11:30,263] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:12:39,574] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:13:39,627] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:14:39,676] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:15:39,693] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:16:39,731] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:17:39,774] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:18:39,830] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:19:39,870] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[2017-12-04 04:20:39,914] <ssh> INFO event - [event] AP[80:2a:a8:16:cb:af] was automatically readopted
[root@tazmadlx log]# grep 2017-12-04 server.log | grep adopted | wc -l
1091
[root@tazmadlx log]#
There also seems to be some sort of memory leak caused by I suspect the java process, but then I am new to all the docker stuff so not 100% sure. I had seen a post about this issue somewhere but I can't seem to find it now so apologies if this was already resolved and I am doing something dumb.
In case it helps, am running:
openjdk version "1.8.0_151"
OpenJDK Runtime Environment (build 1.8.0_151-b12)
OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)
When attempting to upload custom image for the coverage maps, it yields an error message and nothing displays. The sample image also disappears after attempting to upload the first custom image.
Looks like this is a recent problem on Jessie with openjdk-8-jre-headless: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851667
At least the current unifi:arm32v7-beta image's architecture is amd64 in the image metadata.
It works fine when run on stand-alone container (with docker run or docker-compose up) but noticed that when I tried to setup a swarm and run it as a service it got stuck in pending state as there were no amd64 machines in my swarm.
The Unifi controller software supports being the DHCP server for the network settings of a site but when using the container there is no port exposed so DHCP will not work.
The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the BOOTP protocol. UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client. (Wikipedia: DHCP)
So for supporting DHCP please add an EXPOSE
of 67/udp
to the image.
I just ran
~$ docker run --net=host -d jacobalberty/unifi:latest
Got this error:
4acb32b0ea26446bc809008a5b54dd402c5f0296edd2fd616733dd98a6800212
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused "apparmor failed to apply profile: no such file or directory"".
Any ideas what would cause this?
Thanks!
Debian GNU/Linux 8
latest
version: '3'
services:
letsencrypt:
container_name: letsencrypt
image: csmith/letsencrypt-lexicon:latest
restart: always
environment:
PROVIDER: 'dnsimple'
ACCEPT_CA_TERMS: 'true'
env_file:
- .env
volumes:
- ./data/letsencrypt:/letsencrypt
unifi:
container_name: unifi
# https://github.com/jacobalberty/unifi-docker
image: jacobalberty/unifi:latest
network_mode: host
restart: always
volumes:
- ./data/unifi:/unifi
- ./data/letsencrypt/certs/gateway.feliciterra.com:/unifi/cert
For the TLS certs to work when visiting with a browser.
I've tried a variety of things here but can't seem to get anything to work. The error displayed in chrome is ERR_SSL_VERSION_OR_CIPHER_MISMATCH
and in Firefox it's SSL_ERROR_NO_CYPHER_OVERLAP
. If I remove my letsencrypt certificates everything works fine with the self-signed cert. It seems that the letsencrypt certs are broken when imported into unifi. These exact same certs I have mounted in other services and running just fine. I have rebuilt the container numerous times all with the same results.
This is in fact unnecessary, though full network access is more convenient, it causes all sorts of issues such as conflicts with other containers and/or services on the host. IMHO, a better option is to just expose ports 8443 and 8080 (EDIT: and 10001/udp) (both of which can be re-mapped), and then SSH:ing into the AP and issuing the following commands:
# mca-cli
# set-inform http://<host_ip>:8080/inform
(where host_ip is the IP of the machine running Docker, and 8080 can be changed as appropriate if the port is remapped).
This makes the container play a lot more nicely in a multi-container system.
(Disclaimer: I got this information from a forum thread, but I verified this working and I am currently running your container this way)
Standard ports used by Unifi controller are very well-known and I had quite huge numbers of attempts to break in.
Now I am using non-standard ports and there are no connections from unknown locations.
Unifi Controller has a simple way to change it in the system.properties file
## device inform
# unifi.http.port=8080
## controller UI / API
# unifi.https.port=8443
Would you be able to add Environment Variables to manage it as you already have support to change settings for MongoDB?
It could be some code before confSet
if [ -z "$UNIFI_HTTP_PORT" ]; then
settings["unifi.http.port"]="8080"
elif
settings["unifi.http.port"]="UNIFI_HTTP_PORT"
fi
if [ -z "$UNIFI_HTTPS_PORT" ]; then
settings["unifi.https.port"]="8443"
elif
settings["unifi.https.port"]="UNIFI_HTTPS_PORT"
fi
Synology DSM
Example: 5.5.24
I was using your 5.5.20 image without issues. I now upgraded to your 5.5.24 image and now Chrome tells me:
This site can’t provide a secure connection
controller.internal.headincloud.be uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
I tried mapping my data logdir to the new paths (/unifi/data and /unifi/log instead of /var/lib/unifi and /var/log/unifi), but this makes no difference.
This is the log from the container:
2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,242] <docker-entrypoint> WARNING: Running UniFi in insecure (root) mode
2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,240] <docker-entrypoint> Starting unifi controller service.
2017-10-16 20:16:01 | stdout | [2017-10-16 22:16:01,228] <docker-entrypoint> Done!
2017-10-16 20:16:01 | stdout | Unable to import the certificate into keystore
| |
2017-10-16 20:16:00 | stdout | [2017-10-16 22:16:00,054] <docker-entrypoint> Importing cert into Unifi database...
2017-10-16 20:15:59 | stdout | keytool error: java.lang.Exception: Source keystore file exists, but is empty: /tmp/tmp.rwH5Asisiy
2017-10-16 20:15:59 | stdout | [2017-10-16 22:15:59,365] <docker-entrypoint> Inserting certificate into Unifi keystore...
2017-10-16 20:15:59 | stdout | keytool error: java.lang.Exception: Alias <unifi> does not exist
| |
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,761] <docker-entrypoint> Removing existing certificate from Unifi protected keystore...
2017-10-16 20:15:58 | stdout | pkcs12: Use -help for summary.
| |
2017-10-16 20:15:58 | stdout | pkcs12: Cannot open input file /unifi/cert/cert.pem, No such file or directory
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,753] <docker-entrypoint> Using openssl to prepare certificate...
2017-10-16 20:15:58 | stdout | md5sum: /unifi/cert/cert.pem: No such file or directory
| |
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,749] <docker-entrypoint> Cert has changed, updating controller...
2017-10-16 20:15:58 | stdout | x509: Use -help for summary.
| |
2017-10-16 20:15:58 | stdout | x509: Cannot open input file /unifi/cert/cert.pem, No such fil
e or directory
2017-10-16 20:15:58 | stdout | [2017-10-16 22:15:58,461] <docker-entrypoint> Cert directory found. Checking Certs
QNAP TS-453A
5.6.19
Example: docker run --rm --init -p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='Africa/Johannesburg' -v ~/unifi/data:/var/lib/unifi -v ~/unifi/logs:/var/log/unifi --name unifi jacobalberty/unifi:unifi5
Note: A screenshot of your configuration page if using a gui is acceptable
after setting the owner of the folder to the right user group i proceeded to create the container. i should be able to connect to the cloud service.
there is no possibility to connect to the cloud service unless the RUNAS_UID0 is set to true
Starting unifi controller service.
Just pulled the latest image and am running it in docker on OMV 3. Log sits at
Starting unifi controller service.
Here is the full log with 1 reboot. Trying the stable tag now.
[2017-10-12 21:12:20,643] <docker-entrypoint> Starting unifi controller service.
[2017-10-12 21:19:51,358] <docker-entrypoint> Exit signal received, shutting down
/usr/local/bin/docker-entrypoint.sh: line 1: kill: (15) - No such process
[2017-10-12 21:19:58,589] <docker-entrypoint> Exit signal received, shutting down
[2017-10-12 21:20:02,184] <docker-entrypoint> Starting unifi controller service.
New to docker but when I do an 'inspect' I don't see 10001/udp in there,
"ExposedPorts": {
"3478/udp": {},
"6789/tcp": {},
"8080/tcp": {},
"8443/tcp": {},
"8843/tcp": {},
"8880/tcp": {}
},
Is that an oversight?
Synology NAS
Example: 5.6.19-sc
Example: sudo docker run -p 8080:8080 -p 8880:8880 -p 8843:8843 -p 6789:6789 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='Europe/Berlin' -e RUNAS_UID0='false' -e UNIFI_UID=1036 -e UNIFI_GID=100 -v /volume1/docker/unifi/2017-10-18:/unifi --name 2017-10-18-unifi-5.6.19-sc -d jacobalberty/unifi:5.6.19-sc
Container runs without error.
I get an "groupmod: GID '100' already exists" error and the container does not run.
UID and GID are set in correspondece to the user I created for this container which owns the directory.
Possibly adding option -o (-o, --non-unique) to groupmod would help?!
Best regards
My APs are reporting that the STUN server on the controller is unavailable. I'm running this container with "-p 3478:3478", but when I attempt to connect using stun-client on the docker host I'm seeing an error.
bfdonny@muon:~$ docker ps --filter "name=unifi"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1b3cf7819e6 jacobalberty/unifi:stable "/usr/local/bin/docke" 15 hours ago Up 15 hours (healthy) 6789/tcp, 0.0.0.0:3478->3478/tcp, 0.0.0.0:8081->8081/tcp, 8080/tcp, 8843/tcp, 0.0.0.0:8443->8443/tcp, 3478/udp, 0.0.0.0:10001->10001/tcp, 8880/tcp unifi
bfdonny@muon:~$ stun 192.168.0.172
STUN client version 0.97
Primary: Blocked or could not reach STUN server
Return value is 0x00001c
I'm not sure if I'm just doing something wrong, or if there's some other issue.
Debian GNU/Linux 8
Example: latest
unifi:
container_name: unifi
# https://github.com/jacobalberty/unifi-docker
image: jacobalberty/unifi:latest
network_mode: host
restart: always
volumes:
- ./data/unifi:/unifi
- ./data/letsencrypt/certs/gateway.feliciterra.com:/unifi/cert
Note: A screenshot of your configuration page if using a gui is acceptable
system.properties
to keep the settings that I change.
system.properties
is set back to default (everything commented) and my changes are removed.
same
latest
for now
docker on synology nas.
a documentation section about upgrade to new container version.
I don't know.
I can't seem to find where to upload the JSON files. I am using docker with synology.
I'm working on building in custom ssl certificates. My thinking is add a new volume say /config/ for image specific configuration (to allow expansion of more quick configuration options)
then put your entire keychain in say /config/ssl.pfx. Then to trigger a new certificate you would delete /usr/lib/unifi/data/keystore and restart your container.
Posting this so if anyone wants to give any input on the feature design ahead of time they can.
After shutting down and restarting the docker this is what i get
Starting unifi controller service.
WARN: unifi service process ended without being singaled? Check for errors in /var/log/unifi.
First let me lay out what I had, I had the Unifi:5.4.11 container, setup on a Marathon/Mesos. Now, it should not matter that it was here, I volume mounted data, run, and lib directories as instructed to persistent storage, so that's great, I am also running it in HOST network mode.
This was working for me, I would run it, do things I need to do , and then I would shut it down as to not waste resources. When I needed to upgrade/config I'd just start the service and go from there. Today, when I went to start the service, it starts and stays up, however, the actual service isn't running.
My outputs are this...
From a Mesos perspective, there is nothing in Standard Error, and in Standard Log there only "Starting unifi controller service."
In the log directly, there are only two files unifi.err.log and unifi.out.log. unifi.out.log is empty (but is created when I start the container). unifi.err.log has only the string "Service killed by signal 11" it it repeats and grows if I leave things running.
If I go into the container, these are the only processes running:
1 ? Ss 0:00 /usr/bin/dumb-init -- /usr/local/bin/unifi.sh
7 ? Ss 0:00 sh /usr/local/bin/unifi.sh
10 ? S 0:00 unifi -nodetach -home /usr/lib/jvm/java-8-openjdk-amd64 -classpath /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pidfile /var/run/unifi/unifi.pid -procname unifi -outfile /var/log/unifi/unifi.out.log -errfile /var/log/unifi/unifi.err.lo
g -Dunifi.datadir=/var/lib/unifi -Dunifi.rundir=/var/run/unifi -Dunifi.logdir=/var/log/unifi -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Xmx1024M com.ubnt.ace.Launcher start
If I kill -9 pid 10 the container stops (probably expected)
Some other things:
I typically am competent at troubleshooting, but I am at a loss on how to approach this. Ideally I'd like this to work without having to start from scratch and readopt and setup my network... Anything would be appreciated.
John
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.