Reply
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

Update: Release v0.6.1

 

https://github.com/sprockteam/easy-ubnt/releases/tag/v0.6.1

 

Notable improvements:

 

  • A command-line option to skip the UFW setup
  • Force the use of Google DNS when validating the domain to use for certbot

 

Thanks to @florisvdk and @adrianmmiller for feedback on this one!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

[ Edited ]

Installation of UniFi Network Controller 5.11.10 using Easy UBNT went good! ;-)

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 6
Registered: ‎01-20-2019
Kudos: 4

Re: Easy UBNT: Install, Update and Secure UBNT Software

[ Edited ]

Just gave it a run and swapped over a site, worked perfectly on an AWS Lightsail instance running Ubuntu 18.04 (completely fresh instance).

 

Out of curiosity, as future versions of UniFi Controller are released will a simple sudo apt update && apt upgrade -y update it?


Thanks again @SprockTech !!!

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@SatisfyIT wrote:

Just gave it a run and swapped over a site, worked perfectly on an AWS Lightsail instance running Ubuntu 18.04 (completely fresh instance).

 

Out of curiosity, as future versions of UniFi Controller are released will a simple sudo apt update && apt upgrade -y update it?


Thanks again @SprockTech !!!


Thanks for the feedback, glad it went well. :-)

 

I actually removed the apt source list portion for the UniFi Controller starting in 0.6.0. I have plans to put it back in the 0.6.2 actually, just figuring how to best work it in. Basically, since you have the option now to easily install any available version and even beta releases using the script, having the apt source in some cases could cause issues. But, if you end up installing the latest stable, which most people will, then having the apt source makes sense, so I'll add it back in those cases.

 

What you can do now though is issue the following commands, modified slightly from the official instructions:

 

 

echo 'deb http://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 06E85760C0A52C50
sudo apt-get update

 

 

Then you can use apt-get to upgrade when you'd like, though I would use 'apt-get dist-upgrade -y' as explained here:

 

https://askubuntu.com/a/81594

 

Hope that helps!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 34
Registered: ‎04-02-2019

Re: Easy UBNT: Install, Update and Secure UBNT Software

[ Edited ]

this amazing,

it works like a magic bullet Man Happy

the script install the controller and the ssl ?

Sorry I am new to this, if my question is dummy apologies.

i already had the controller installed on Ubuntu server 18.04 and SSL installed thanks to frank on this post install letsencrypt

i had rerun this script over my installation so I need to know what is new on the script what it does.

i've seen the fail2ban its really something my envirenment needs. is this included in the script or will have to install and configure manually ?

thank you 

Emerging Member
Posts: 50
Registered: ‎02-22-2018
Kudos: 1

Re: Easy UBNT: Install, Update and Secure UBNT Software

ok, so after I run this

sudo bash easy-ubnt.sh -d domain.com

presumably I'm using my actual domain name....what do I do after the script successfully runs?

 

going to unifi.mydomain.com does not work

 

this is what I see from the script: 

Running service unifi restart [ok]

Waiting for UniFi Network Controller to finish loading...

easy-ubnt.sh: line 1314: __unifi_controller_port_tcp_inform: unbound variable


Cleaning up script, please wait...

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@bigverm23 wrote:

ok, so after I run this

sudo bash easy-ubnt.sh -d domain.com

presumably I'm using my actual domain name....what do I do after the script successfully runs?

 

going to unifi.mydomain.com does not work

 

this is what I see from the script: 

Running service unifi restart [ok]

Waiting for UniFi Network Controller to finish loading...

easy-ubnt.sh: line 1314: __unifi_controller_port_tcp_inform: unbound variable


Cleaning up script, please wait...


Thanks for bringing that my attention! I also had someone report on that in the Discord channel. I'm incorporating a fix for that in the next release, I should have that done soon.

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

Update: Release v0.6.2

 

https://github.com/sprockteam/easy-ubnt/releases/tag/v0.6.2

 

Added

  • More helpful script variables
  • Test script command line option
  • Checks for Cloud Key (still working on this)
  • Better logging in command functions
  • Legacy security repo for OpenJDK (for newer Ubuntu versions)
  • Helper for SSH config changes on script exit
  • Dump of global variables to log file

Changed

  • Command line firewall option, it is now -f "on" or -f "off"
  • Location of symlink creation for latest log file
  • Tweaks to display output functions
  • Improved flow of OpenSSH, Certbot and UFW setup
  • Always echo UBNT product info in __eubnt_ubnt_get_product
  • Improved detection of variables in __eubnt_initialize_unifi_controller_variables
  • Improved logic in __eubnt_is_unifi_controller_running
  • Tweaked menu and input handling in __eubnt_install_unifi_controller
  • Recommended DNS is now Google

Fixed

  • Error handling in command functions
  • Error handling in package functions
  • Duplicate TCP port checking in UFW setup
  • Typos throughout
  • Certbot bypass when in quick mode with no domain name specified

Removed

  • WebUpd8 Oracle Java
  • Java and MongoDB holds in package updates

 

@bigverm23 @cyberbot - If you guys want to try it and and report back any issues, thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

The development branch has been updated, see here:

 

https://github.com/sprockteam/easy-ubnt/tree/development

 

You can run it using this quick command:

 

wget sprocket.link/eubntdev -O easy-ubnt.sh && sudo bash easy-ubnt.sh

Some notable changes:

 

  • Automatically finds the latest version/installer for UniFi Network Controller (i.e. 5.10.23 and 5.6.42)
  • Automatically adds/removes the UniFi Network source list file for apt-get if the installed version is not an older one (@SatisfyIT)

 

I'd appreciate any feedback, thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

All,

 

Just made v0.6.3 official, let me know if anyone experiences any issues, thanks!

 

https://github.com/sprockteam/easy-ubnt/releases/tag/v0.6.3

 

Note: I ended up making the apt source list setup a default option that can be declined if you wish. Since you can install previous versions of UniFi using this script, the apt source setup will only be an option if the latest stable or 5.6 version has been installed.

 

Added

  • Option to setup official UniFi Network Controller source list in apt-get
  • Checks for current stable release that hasn't been published to the UBNT repo

Changed

  • Changed "LTS" to "5.6" for UniFi Network Controller
  • Improved Java8 install process
  • Script debug and error handling display
  • Improved UniFi Network Controller variable detection

Fixed

  • Error handling issues
  • MongoDB package install issues
  • Command line options on help screen output

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Member
Posts: 303
Registered: ‎10-16-2017
Kudos: 32
Solutions: 5

Re: Easy UBNT: Install, Update and Secure UBNT Software

I used it for setting up it on an existing controller based on ubuntu server 16.04. I have one wish:

- a startup selection where I can select what I want to install (Unifi controller, lets encrypt, openssh). So I dont need to used the  hole first part, when I only want to install lets encrypt

- auto renew through crontab 

 

It helped much me to easily set up an certificate 

best regards
Torsten

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@TVT73 wrote:

I used it for setting up it on an existing controller based on ubuntu server 16.04. I have one wish:

- a startup selection where I can select what I want to install (Unifi controller, lets encrypt, openssh). So I dont need to used the  hole first part, when I only want to install lets encrypt

- auto renew through crontab 

 

It helped much me to easily set up an certificate 


 

Great feedback, thanks!

 

- A startup selection menu is already planned, great idea

- For the auto renew, are you talking about the cert? If so, certbot takes care of that, this script just add a hook to that

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Member
Posts: 303
Registered: ‎10-16-2017
Kudos: 32
Solutions: 5

Re: Easy UBNT: Install, Update and Secure UBNT Software

Hello Klint,

yes I mean the cert. In my understanding we still need to add a cronjob to do this automatically. Why not the script for setting it up takes care of it, it can ask if the user is wishing it doing automatically. 

 

Good Work. It´s a bit work to find your solution, it´s nearly unknown, we should do some advertise for it :-) 

best regards
Torsten

Veteran Member
Posts: 5,045
Registered: ‎06-13-2015
Kudos: 1356
Solutions: 235

Re: Easy UBNT: Install, Update and Secure UBNT Software


@TVT73 wrote:

Hello Klint,

yes I mean the cert. In my understanding we still need to add a cronjob to do this automatically. Why not the script for setting it up takes care of it, it can ask if the user is wishing it doing automatically. 

 

Good Work. It´s a bit work to find your solution, it´s nearly unknown, we should do some advertise for it :-) 


@TVT73 I agree with how good this set of scripts is set up!

 

Regarding the LE cert renewal; IIRC certbot will create a cron job for you, no need to do this manually.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@slooffmaster wrote:

 

Regarding the LE cert renewal; IIRC certbot will create a cron job for you, no need to do this manually.


 

Yes, the file setup automatically by certbot should be here:

 

/etc/cron.d/certbot

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Member
Posts: 186
Registered: ‎03-10-2015
Kudos: 26
Solutions: 1

Re: Easy UBNT: Install, Update and Secure UBNT Software

So I see on the star that there is a Stable and a Dev branch... Is there anywhere listed that describes the diffrence? 

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@Shadowed wrote:

So I see on the star that there is a Stable and a Dev branch... Is there anywhere listed that describes the diffrence? 


 

Basically I use the dev branch to push new feature commits before making an official "release". Does that help? I started to make "pre-releases" but that was just too complicated, so I'm sticking with official releases in the stable/master branch and new/pre-release features in the dev branch. Occasionally I may ask for folks to try the dev branch if they are able, just to get some more feedback before pushing to the master. Man Happy

 

Thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Member
Posts: 186
Registered: ‎03-10-2015
Kudos: 26
Solutions: 1

Re: Easy UBNT: Install, Update and Secure UBNT Software

I guess I could better word the question as; is there a place that you note what is different between the two branches feature/bug wise?

 

Is the possibly the difference between branches? 

 

Current status for UniFi Installer:

  • Version 0.x is currently beta
  • Relies on BASH3 Boilerplate and ShellCheck for framework and guidance
  • Should work on any 32-bit or 64-bit Intel, AMD or ARM processor (i386, amd64, armhf and arm64)
  • Should work on any Debian/Ubuntu-based OS, including Linux Mint
  • Installs/upgrades Java 8, MongoDB 3.4 (if needed)
  • Allows for selection of any UniFi Network Controller published by UBNT (currently goes back to 5.4)
  • Allows for entering Early Access URLs to install beta versions
  • Installs/upgrades OpenSSH Server
  • Installs/upgrades UFW (Uncomplicated Firewall) and adds firewall rules
  • Installs and sets up certbot for Let's Encrypt and imports the certificate to the UniFi Network keystore (per this solution)
  • Sets HTTPS protocols and ciphers to maximum supported
  • Optionally shows release notes for chosen software version
  • Checks if required ports are open to the Internet
  • Support to run the script quickly without prompts
  • Sets up a swap file if none present

 

Next steps for UniFi Installer while in 0.x beta:

  • Prune/repair database before upgrade if needed
  • Tweak the default UniFi settings for JVM and listening ports
  • Add options to remove/change security features that have already been setup
  • Add option to remove UniFi itself and related packages
  • Add support for Docker using the project
  • Enhance OpenSSH security with fail2ban and Duo
  • Add options to limit access to the controller (i.e. via Duo and/or UFW Lockdown)
  • Add Let's Encrypt support for DNS challenge with Cloudflare
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

Gotcha. That list is kind of a directional overview. As far as what features have made it into the dev branch, check the commit messages in GitHub. See here:

 

https://github.com/sprockteam/easy-ubnt/commits/development

 

Once a new release is pushed to the master branch, you’ll see an official change log with the release announcement.

 

Hope that helps!

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Highlighted
New Member
Posts: 1
Registered: a week ago
Kudos: 1

Re: Easy UBNT: Install, Update and Secure UBNT Software

Hey all,

 

Thanks for all your hard work, this is a really awesome idea and exactly what I was looking for.

 

Just installed on Ubuntu 18.04.2. The controller installed fine, but the firewall broke access to...everything. As soon as I disabled it everything came back up. I tried opening each port manually first via CLI but that didn't do anything.

 

Also, I'm a huge noob and I couldn't figure out how to set up lets encrypt...so I skipped it. It's something that I want to set up (I think) but I don't understand what the domain name request was for. It might be beneficial to some users to include some supernoob instructions for things, like a short sentence on what exactly we're enabling, why it's useful, and how to configure it for our system.. 

Reply