Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×

Allow Controller to run on a Single IP Address

Submitted by -

Currently, as per the discussions in this thread, the controller binds to all IP addresses available on the host system. The port the server runs on is already configurable through the system.properties file, however the IP address is not (system_ip= is not used for this purpose). Currently therefore, the controller binds to the same port on every IP address.

I propose that the IP address be made configurable to bind to only a single IP if required. This would allow the the controller to run on say port 443 whilst another service, such as a web server, was also listening on port 443 on another IP address.

 

 

Duplicates
http://community.ubnt.com/t5/UniFi-Feature-Requests/Bind-Unifi-controller-to-specific-IP-addres-ses/idi-p/696521

Comments
by
on ‎09-22-2014 06:16 PM

Where is the +1000 upvote button? Heart

This problem and some well-meaning responses I've seen on the forums make me want to scream. Many (most?) network apps/services, including Tomcat-embedded apps allow users to specify to which ports/addresses they bind. This should be a fairly simple change by allowing us to "have at" server.xml.

 

↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓


kishanthan wrote:

In most cases, the users expect the embedded tomcat also to behave like the same way as a standalone tomcat instance. For example, if they want to change the global level server configuration, they expect the usage and support of server.xml for embedded tomcat as-well.


↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑

by Ubiquiti Employee
on ‎06-28-2015 04:31 PM
Status changed to: Under Consideration
 
by
on ‎07-01-2015 01:14 AM

Additional things for consideration: One should be able to specify different ip addresses for the controller and the portal as well. What I'm trying to do is to bind the administration portal to a single IPv6 address, so it could be globally reachable, and easily transportable between servers. On the other hand the AP could only contact the controller over IPv4 (or on a different address when IPv6 becomes available)

by
on ‎11-09-2015 06:50 PM

this... i am running my controller on a server which has 4 NICs, 3 in use and all 3 on separate VLANS for different purposes. Unifi is taking up the ports across all the NICs when wireless is deligated to a specific VLAN. It is a waste of useful ports on the server with the controller listening across all of them. I would also like administration and device discovery to be configurable so I can put management traffic onto a secure management network and discovery traffic remain on the wireless vlan.

by
‎01-14-2016 05:20 AM - edited ‎01-14-2016 05:21 AM

There is actually a pretty easy workaround for this;

 

As most have a multiple nic problem I presume they are all some kind of routers/firewalls.

 

Change listen port in system.properties to some random port that is never used.

 

Add a rdr rule in your firewall, i.e for pf in freebsd;
rdr pass on em0 proto tcp from any to :the-listen-ip-i-want-to-use: port 443 -> port :my-random-port:

by
on ‎01-14-2016 06:25 AM

No, this is a server with multiple NICs. The controller is being run as a service when system starts, and binds to 8443 or whatever configured port to all interfaces. I would like to bind it to one specific interface.

by
on ‎09-04-2016 06:32 AM

Hello, i need this solution to. When is it implemented?

It works with apache tomcat isnt it? so maybe there is a solution?

 

by
on ‎09-14-2016 01:56 AM

 Also looking for this..

by
on ‎11-11-2016 11:26 PM

I'm having the same issue as @sgroel above, namely: single machine with multiple NICs.  The Unifi Controller software is being super greedy, and binding to the ports I specificed (good!) but across all IPs on that machine (bad!).

 

Anything we can do to get this escalated?  I see we've got tickets >2 years old - so I am not filled with confidence at the moment...

by
on ‎01-30-2017 08:28 AM

+1 - this is absolutely something we need in our deployment.