04-02-2019 04:56 AM
The whole point of the script mentioned is for UNMS and UCRM to work behind 1 public IP
What exactly are you trying to accomplish?
Sounds like you want 2 different servers maybe 2 VM's?
04-02-2019 06:59 AM
We have 3 BT lines here each with its own public IP address. I was hoping to run all 3 services on the same server but map each one to its own private IP address then using the router map them to the public IP address. I was thinking of VM's but this take more processor power, ram and disk space, not to medtion 3 lots of hardware. I was trying to keep the server as a low powered system using approximately 40W TDP processor. Also I have never used a linux based VM (I have ran linux in VM but only on windows)
If you have some better ideas I am all ears as my first option was to run 3 servers, one for each service. Thanks
04-02-2019 07:51 PM
The concept of a reverse proxy is that you can have as many domains as you want pointed to the same public IP address. For example, you can have aircontrol.domain.com, unms.domain.com, unifi.domain.com, ucrm.domain.com all pointed to the exact same IP, on one computer, that only has one set of 443/80 ports available. Nginx will read what domain was requested and route it to the correct internal port. This allows you to have UNMS on 8443, UCRM on 9443, AirControl on 10443, etc. You can then use Let's Encrypt to generate certificates for all the domains that you have set up in /etc/nginx/sites-available.
The notes in @rspaeth's script were helpful to me, because I kept getting a 502 on the HTTPS port. Turns out UCRM blocks all HTTPS traffic until the Let's Encrypt certificate retrieveal GUI thing successfully runs, even though my setup doesn't use that certificate.
04-02-2019 09:13 PM - edited 04-02-2019 09:14 PM
100% correct on ALL points. However, there are cases where a reverse proxy will not help. Other than just wanting to do it one way or the other, the NetFlow port is a great example. My script simply leaves the UNMS NetFlow port at 2055, but then must set UCRM to 2056. Elsewhere, your router(s) would need to be set to either unms.example.com or ucrm.example.com, but also 2055 or 2056, depending on which server you wanted handling the NetFlow.
Now to be honest, I personally would never set it up this way, or might even set UNMS at 2056 and UCRM at 2057 and then use nginx with a custom module or stream and post_action (or better yet, some iptables rules) to mirror the data to both UCRM and UNMS. I guess it would depend on the situation.
If you are still wanting to acheieve what you previously asked, let me enumerate some of my findings...
UCRM installs and performs almost exactly as my pseudo-recommendations predicted. Below are the steps to do exactly what you want:
1. Setup your machine with both IPs. It does not matter if they share the same physical interface or not. Let's say you used 220.127.116.11 for the UCRM desired IP here.
2. Install UCRM exactly as commonly as possible, using the install script:
curl -fsSL https://ucrm.ubnt.com/install > /tmp/ucrm_install.sh && bash /tmp/ucrm_install.sh
* Using sudo as desired.
3. Let the installation complete.
4. Run the following commands:
# Change to the UCRM root directory. cd /home/ucrm # Fix-up the 'docker-compose.yml' file with our changes. sed -i 's#80:80#"18.104.22.168:80:80"#' docker-compose.yml sed -i 's#81:81#"22.214.171.124:81:81"#' docker-compose.yml sed -i 's#443:443#"126.96.36.199:443:443"#' docker-compose.yml sed -i 's#2055:2055/udp#"188.8.131.52:2055:2055/udp"#' docker-compose.yml # Rebuild the necessary docker images using the new settings. docker-compose up -d
* Being sure to substitute 184.108.40.206 with your desired IP address for the UCRM server.
You will now notice that the UCRM server is running as you wanted and ONLY listening on the IP you provided.
NOTES: This SHOULD survive updates, but I have yet to test it. It will obviously survive reboots.
@UBNT-Petr since i do not know any of the UNMS guys, maybe you could get the right folks linked to this post, regarding the following?
Because you started with this one, no doubt you were frustrated...
Currently, the UNMS docker-compose.yml is created/re-written by the updater/installer system and is not as simple to override here. Also, the fluentd container seems to be causing some grief even doing one-off changes to the docker-compose system.
You will likely not be able to install UNMS normally, as all of the ports will cause conflicts at this point with the above UCRM. In a normal installation process, I would like "docker-compose down" the UCRM system whiel we do this, but a work-around will need to be determined for the following first.
- Running the update.sh script seems to ALWAYS overwrite the docker-compose.yml and docker-compose.yml.template files regardless of their existence or difference. Glancing through the install-full.sh I noticed that in "migrate_app_files()" function, it appears to be checking for existing docker-compose.yml and docker-compose.yml.template files in the HOME_DIR before copying new files in place. The problem is that they live in HOME_DIR/app.
I am my no means a shell scripting wiz, but that would lead me to believe that even me calling update.sh to rebuild the installation overwrites any changes we may have made. Please correct me if I am wrong.
- Also, I cannot seem to get even temporary docker-compose changes to take place due to an error with the fluentd container dependency. Any chance some docker guru could shed some light on a way to "docker-compose up -d" the UNMS system?
I would love to have an answer to these for the folks here. As once I can get around this hurdle, I can fire up a script to install both side-by-side using this method as well.
04-03-2019 12:39 PM
I have a fully workable solution for your request now. I will be bundling all my notes up into a script for this and then include the info here later tonight.
04-04-2019 12:18 AM
@AV-Tech / All,
Please check the repo: https://github.com/mvqn/ubnt-scripts for the new unms-ucrm-multi script to install both UNMS and UCRM on the same host, but using multiple IPs as opposed to a reverse proxy.
- I did check that UCRM seems to update just fine, after using this method.
- I have not had a chance to test UNMS updates, but I believe there is still an issue with the update system overwriting any changes to the docker-compose.yml file. If that is not a bug, then I will have to also release an update.sh script that "re-fixes" these settings. Please do NOT use this script to build a complete production system until that has been tested!
As usual, enjoy!
04-04-2019 02:14 PM
Your script works perfect!
I just need to get unifi on the same server now. Thank you very much.
I tried it on ubuntu but it would not play, so dumped that and installed debian, what gave me hell with the ip address when editing the interface file, it would just dump all connections on the nic, so I used the GUI and perfect!