Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Reply
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

@lynuxs,

 

This is the project I mentioned and like I said, it will detect if any external firewalls are blocking the UniFi SDN ports.

 

Hope that helps!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Emerging Member
Posts: 50
Registered: ‎02-22-2018
Kudos: 1

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Guessing this doesnt work if I'm running Linux mint...any work around for that?

Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@bigverm23 wrote:

Guessing this doesnt work if I'm running Linux mint...any work around for that?


Thanks for the question. Currently that would be considered experimental. I haven't tested it under Mint, but you should be able to proceed past the warnings and still use the script. Can you please try it and and post your feedback? Include details about your system. I'm currently working on a 0.6 version which would open up compatibility a bit more. Thanks again!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Emerging Member
Posts: 50
Registered: ‎02-22-2018
Kudos: 1

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

### Easy UBNT: UniFi SDN Installer v0.5.6
##############################################################################

Checking system...

##############################################################################

ERROR! This script is for Ubuntu, Debian or Raspbian
You appear to have: Linux ken-pc 4.15.0-38-generic #41~16.04.1-Ubuntu SMP Wed Oct 10 20:16:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

WARNING: LinuxMint 18.3 is not officially supported

Do you want to proceed? (y/n, default y) y

### Easy UBNT: UniFi SDN Installer v0.5.6
##############################################################################

Collecting UniFi SDN Controller info...

Service status: active (running) since Sat 2018-12-29 10:00:10 EST; 4 days ago

and returns back to terminal for additional commands, nothing else happens
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Thanks for sharing that feedback. I’ll take a closer look later today.

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

@bigverm23,

 

Thanks again for sharing your feedback. It looks like there were some unbound variables in the script. I've pushed an update to the code, please download and run it again and let me know how it goes for you.

 

wget https://github.com/sprockteam/easy-ubnt/raw/master/unifi-installer.sh -O unifi-installer.sh
sudo bash unifi-installer.sh

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

All,

 

I've pushed a minor commit, now at version 0.5.7:

 

  • Fixed unbound variables
  • Updated HTTPS ciphers and protocols in __eubnt_setup_certbot function

 

See the code here:

 

https://github.com/sprockteam/easy-ubnt/commit/3ea0c65ee0b27cd26ae0971fb96eb8f2888918fd

 

--

Klint

 

P.S. I've been working on the 0.6.0 release. Man Wink

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

@ricktendo,

 

Have you seen this project?

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

[ Edited ]

@UBNT-cmb @UBNT-MikeD 

 

Just a few things I'd suggest changing in the debconf files for the UniFi SDN Debian package. These suggestions come after trying to work with the Debian package in this project, and also after seeing people on the forum lose data after an "apt-get purge unifi" command.

 

  • Change the preinst script so it doesn't override the debconf template for "has_backup"
  • Change the postrm script to check if the user wants to remove the data folder on purge
  • Add the corresponding "purge_data" boolean to the template file

 

See here: https://github.com/sprockteam/easy-ubnt/commit/dd16f53a7f55bad6dad50aa7b698f0192a81b1b7

 

Thanks!

 

--

Klint

 

P.S. If you have any suggestions for this project, let me know. Man Wink

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Minor update to 0.5.8:

 

  • Improved __eubnt_get_unifi_release_notes function
  • Fixed apt-file search running un-necessarily
  • Added fix for sudo/localhost issue on Ubunutu
  • Added apt-transport-https package install
  • Added check before running dist-upgrade
  • Added check for unifi service before restarting it
  • Now forcing dialog interface for tzdata

 

See it here: https://github.com/sprockteam/easy-ubnt/commit/ecbdac373bb215134df8cb38d639f2e4ba37a081

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 37
Registered: ‎11-16-2017
Kudos: 2

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Hello,

 

I have tried it and it install all and the let's encrypt seems to work but it is not use by unifi.

 

the chalenge appear complete but when i connect to my server i still have the self signated certificate.

 

do you have a work around to push the let's encrypt certificate to unifi ?

 

thanks in advance

 

ramius179

Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Hey @ramius179 

 

Are you accessing the controller using the domain name and not the IP address?

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 37
Registered: ‎11-16-2017
Kudos: 2

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

yes, i tried on 3 different browser (i was thinking it's the cache of the browser).

 

but still the same.

i get the default self signed certificate

Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

[ Edited ]

@ramius179 wrote:

yes, i tried on 3 different browser (i was thinking it's the cache of the browser).

 

but still the same.

i get the default self signed certificate


Thanks. What controller version is this? Can you PM the log file from your latest run of the script, should be at: /var/log/easy-ubnt/unifi-installer-latest.log (edited to fix log filename)

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Minor update to 0.5.9:

 

  • Fixed issue with setting up certbot package sources in Ubuntu (thanks @florisvdk)
  • Removed port check in certbot setup
  • Enhanced UFW status check
  • Changed to automatically use detected public IP address in quick mode

 

See it here: https://github.com/sprockteam/easy-ubnt/commit/b08d4a0b343044ab6a0ec340c23e146200c65050

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@ramius179 wrote:

yes, i tried on 3 different browser (i was thinking it's the cache of the browser).

 

but still the same.

i get the default self signed certificate


Can you try the latest version? There was an error in the script that could've been affecting you.

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Highlighted
New Member
Posts: 25
Registered: ‎09-16-2014
Kudos: 5

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

I received an email from Lets Encrypt that my cert will be expiring soon. I originally setup my new server fully with your script. If I re-run it will that allow me to refresh the cert? Also is there a good way to automatically do that?

Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@srmorris2 wrote:

I received an email from Lets Encrypt that my cert will be expiring soon. I originally setup my new server fully with your script. If I re-run it will that allow me to refresh the cert? Also is there a good way to automatically do that?


Good question. It should auto renew without you doing anything. Mine is up for renewal soon too. I’ll double check it later and report back. 

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 580
Registered: ‎01-28-2016
Kudos: 135
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SprockTech wrote:

@srmorris2 wrote:

I received an email from Lets Encrypt that my cert will be expiring soon. I originally setup my new server fully with your script. If I re-run it will that allow me to refresh the cert? Also is there a good way to automatically do that?


Good question. It should auto renew without you doing anything. Mine is up for renewal soon too. I’ll double check it later and report back. 

 

Klint


I checked my server and it indeed was trying to automatically renew but couldn't because it was trying to reach the server at port 443 instead of port 80. Basically I should've explicitly declared HTTP and port 80 as the preferred challenge verification method instead of assuming that would always be the default. I pushed a couple of more commits to GitHub to fix that and also fix an issue with apt-get so it can use HTTPS.

 

@srmorris2 Go ahead and download a fresh copy of the script and run it again. Go through the Let's Encrypt setup portion again. It will update the certbot config to use HTTP as the preferred challenge and then you should be good for auto renewals in the future. Post back how it goes.

 

Thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 37
Registered: ‎11-16-2017
Kudos: 2

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

I have try with the new version

it works like a charm

thank you very much !!
Reply