Reply
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@ramius179 wrote:
I have try with the new version

it works like a charm

thank you very much !!

Great! Thanks for reporting back. :-)

 

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 25
Registered: ‎09-16-2014
Kudos: 5

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Re-ran the script and got my cert updated! Thank you. I did notice that if you do the "dry-run" in the script, the cert didn't get installed. I had to do it over again without the dry-run and it installed the cert. Not actually sure what that dry-run does though Man Very Happy

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@srmorris2 wrote:

Re-ran the script and got my cert updated! Thank you. I did notice that if you do the "dry-run" in the script, the cert didn't get installed. I had to do it over again without the dry-run and it installed the cert. Not actually sure what that dry-run does though Man Very Happy


Great, thanks for the update! The "dry run" will basically check to make sure there isn't going to be an issue with the validation process, but it won't actually obtain or renew a certificate. So in this case, it will run the pre and post scripts to check for errors and also check to see if port 80 (HTTP) is accessible for the validation communication. Hope that helps!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 6
Registered: ‎01-20-2019
Kudos: 4

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Just did this on a Amazon Lightsail instance ($5pm size) and it went brilliantly! Big thank you!

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SatisfyIT wrote:

Just did this on a Amazon Lightsail instance ($5pm size) and it went brilliantly! Big thank you!


 

Glad that worked for you, and thanks for the feedback!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 6
Registered: ‎01-20-2019
Kudos: 4

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

@SprockTech 

 

Just did the script again on a fresh Lightsail instance last night.

 

Once again it all went very very well, however one thing I did notice:

  • Script asks if you want to change your SSH Port to a Custom Port.
  • Enter Y and then enter the Custom Port.
  • Script does the Port check which fails for SSH as it is not open in UFW.
  • Script asks if you want to proceed anyway, (select Yes)
  • Later in the install the script then opens the custom SSH port in UFW.

Would it be best to open the Custom SSH port via the UFW process before the script does the Port Check so that this does not fail?

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SatisfyIT wrote:

@SprockTech 

 

Just did the script again on a fresh Lightsail instance last night.

 

Once again it all went very very well, however one thing I did notice:

  • Script asks if you want to change your SSH Port to a Custom Port.
  • Enter Y and then enter the Custom Port.
  • Script does the Port check which fails for SSH as it is not open in UFW.
  • Script asks if you want to proceed anyway, (select Yes)
  • Later in the install the script then opens the custom SSH port in UFW.

Would it be best to open the Custom SSH port via the UFW process before the script does the Port Check so that this does not fail?


 

Thanks again for the feedback! UFW should be disabled during the check, see here:

 

https://github.com/sprockteam/easy-ubnt/blob/master/unifi-installer.sh#L1283

 

The port probe is intended to verify that any upstream firewall is not blocking ports. Do you think that your upstream firewall just hadn't updated to the new port yet when you did the check?

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SprockTech wrote:

@SatisfyIT wrote:

@SprockTech 

 

Just did the script again on a fresh Lightsail instance last night.

 

Once again it all went very very well, however one thing I did notice:

  • Script asks if you want to change your SSH Port to a Custom Port.
  • Enter Y and then enter the Custom Port.
  • Script does the Port check which fails for SSH as it is not open in UFW.
  • Script asks if you want to proceed anyway, (select Yes)
  • Later in the install the script then opens the custom SSH port in UFW.

Would it be best to open the Custom SSH port via the UFW process before the script does the Port Check so that this does not fail?


 

Thanks again for the feedback! UFW should be disabled during the check, see here:

 

https://github.com/sprockteam/easy-ubnt/blob/master/unifi-installer.sh#L1283

 

The port probe is intended to verify that any upstream firewall is not blocking ports. Do you think that your upstream firewall just hadn't updated to the new port yet when you did the check?

 

--

Klint


 

Scratch that, I know what the problem is. If you change the port for OpenSSH, that doesn't take affect until the service restarts, which doesn't happen until the very end of the script as it exits. Let me noodle through the best way to handle this situation. Thanks for catching that!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 6
Registered: ‎01-20-2019
Kudos: 4

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

[ Edited ]

@SprockTech wrote:

 

Scratch that, I know what the problem is. If you change the port for OpenSSH, that doesn't take affect until the service restarts, which doesn't happen until the very end of the script as it exits. Let me noodle through the best way to handle this situation. Thanks for catching that!

 

--

Klint


No worries! I will keep a keen eye out for the update Smiley Happy
Unfortunately I am not savvy enough to go through the script and help with a solution but happy to test it on a fresh instance!

Emerging Member
Posts: 50
Registered: ‎02-22-2018
Kudos: 1

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

how do I uninstall this script?

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@bigverm23 wrote:

how do I uninstall this script?


Thanks for the question. The script does a few things. Is there anything in particular you are wanting to remove?

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SprockTech wrote:

@bigverm23 wrote:

how do I uninstall this script?


Thanks for the question. The script does a few things. Is there anything in particular you are wanting to remove?

 

--

Klint


If you just want to remove the Controller, you can use this command:

 

sudo apt-get remove unifi

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@SatisfyIT wrote:

@SprockTech wrote:

 

Scratch that, I know what the problem is. If you change the port for OpenSSH, that doesn't take affect until the service restarts, which doesn't happen until the very end of the script as it exits. Let me noodle through the best way to handle this situation. Thanks for catching that!

 

--

Klint


No worries! I will keep a keen eye out for the update Smiley Happy
Unfortunately I am not savvy enough to go through the script and help with a solution but happy to test it on a fresh instance!


I've got to step away from the community for a bit to re-focus my energies. For now, I've pushed my current re-work of this script here: https://github.com/sprockteam/easy-ubnt/tree/v0.6.0-rc.1

 

If any of you have questions or issues, please feel free to PM me.

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 17
Registered: ‎05-13-2018
Kudos: 5

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller

Script works perfectly thanks for the easy to use script. Thanks for sharing and keep up the good work Man Happy

 

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure the UniFi SDN Controller


@wii747 wrote:

Script works perfectly thanks for the easy to use script. Thanks for sharing and keep up the good work Man Happy

 


Thanks for the feedback!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

For those following along, most of the major re-factoring work to move to 'easy-ubnt.sh' has been done. Right now, I've got it availalble for those who want to try it here:

 

https://github.com/sprockteam/easy-ubnt/tree/v0.6.0-rc.1

 

A significant piece that is still missing, but will make it into a future 0.6.x release is the enhanced certbot deploy hook script, which is here for those interested: https://github.com/sprockteam/easy-ubnt/blob/v0.6.0-rc.1/lib/unifi-controller_certbot-deploy.sh

 

I'll update the master repo after some more testing. Feedback is welcome. Thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@SprockTech wrote:

For those following along, most of the major re-factoring work to move to 'easy-ubnt.sh' has been done. Right now, I've got it availalble for those who want to try it here:

 

https://github.com/sprockteam/easy-ubnt/tree/v0.6.0-rc.1

 

A significant piece that is still missing, but will make it into a future 0.6.x release is the enhanced certbot deploy hook script, which is here for those interested: https://github.com/sprockteam/easy-ubnt/blob/v0.6.0-rc.1/lib/unifi-controller_certbot-deploy.sh

 

I'll update the master repo after some more testing. Feedback is welcome. Thanks!

 

--

Klint


UPDATE: The changes have been merged into the master. I'll be posting release notes shortly.

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software

[ Edited ]

All,

 

First, some notes that I posted in the main topic post but wanted to share as a reply as well so everyone sees it:

 

  • The 'unifi-installer.sh' script is now deprecated, use the 'easy-ubnt.sh' script instead
  • For issues using this project, please create an issue on GitHub
  • Please share this project with the UBNT Community by kudoing this post and adding your comments to the thread
  • You can reach me more easily on Discord by tagging me in the #unifi-controller channel or via direct message

 

Now, here is a link to the release notes for v0.6.0:

 

https://github.com/sprockteam/easy-ubnt/releases/tag/v0.6.0

 

And a quick tip, there is already a release candidate for v0.6.1, so I've decided to make a short link that I'll update to the latest RC whenever there is one. If you want to try it you can do so using this:

 

wget sprocket.link/eubntrc -O easy-ubnt.sh

 

Feedback is welcome, thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
New Member
Posts: 6
Registered: ‎01-20-2019
Kudos: 4

Re: Easy UBNT: Install, Update and Secure UBNT Software

Awesome work @SprockTech !!!

 

Will give it a run through later today and migrate one of my existing sites.

Regular Member
Posts: 576
Registered: ‎01-28-2016
Kudos: 129
Solutions: 17

Re: Easy UBNT: Install, Update and Secure UBNT Software


@SatisfyIT wrote:

Awesome work @SprockTech !!!

 

Will give it a run through later today and migrate one of my existing sites.


Cool, post back how it goes, thanks!

 

--

Klint

UEWA | Primary Innovator at Sprocket Technology
UniFi Network Notes | Easy UBNT | UFW Lockdown | Companion API | Host on Vultr
Reply