Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Set the Controllers Web UI IP Address

I have my controller running on a server with multiple IP addresses. I would like to only have it running on a single IP address so I can set it up on port 443 and set some DNS up. I see it is possible to set the port it uses using the unifi.https.port=8443 setting in the system.properties file. I see there is an option for setting an IP address for the APs to communicate with the controller using system_ip=a.b.c.d but I dont see any setting for the web ui to listen on, is this possible?

I see currently that it listens on all IP addresses by running:

netstat -aon | findstr 8443

Is this a limitation of the controller?

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

You can set the IP via Settings > Controller Settings > Controller Hostname/IP

 

2014-08-08_09-04-55.png


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

I've tried that and it still listens on all of the other IP address. E.g. I've set it to listen on 192.168.0.105 but I can still browse to it on 127.0.0.1 (locally), 192.168.0.101, 192.168.0.102, 192.168.0.103... etc etc. I can also confirm that in netstat it says the controller is listening on 0.0.0.0 (which means all IP's).

 

The problem with it binding to all IP addresses is that if I want it on port 443 on 192.168.0.105, if I have another service (e.g. a web server) running on port 443 on another IP address, the controller fails to start as it thinks its already in use.

 

Is this a bug with the controller or am I doing something wrong?

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

[ Edited ]

My apologies, I misunderstood. 

From the KB article on the system.properties file

If a controller machine has multiple IP interfaces, then below configuration can manually set the exact IP interface that adopted APs should communicate to the controller.

  • system_ip=a.b.c.d           # the IP devices should be talking to for inform

So add that line to the system.properties file with the appropriate IP address and restart the controller.


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

No, I think you were correct the first time. That address is the one used for APs to communicate with the controller, not the Web UI.

 

As a side note, I have tried setting this setting and restarting my controller but it doesn't make any difference to the Web UI.

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

The Controller Hostname/IP is the URL that appears in links sent out via email, mostly.  It doesn't have any impact on the listening IP for the controller.


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

OK, so is this a bug or a feature that can be fixed/implemented as it would be very useful?

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

Working on figuring that out now.  What version of controller are you running?

 

I just tried it on mine after your post and it's not working for me either.  Still digging...


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

Running 3.2.1.

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

Are those various IPs on separate physical interfaces or are they software/psuedointerfaces?

Are you sure you don't have any characters after the text on the line?  Not even a space?


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

The IP's are on the same physical interface - I don't think this should make any difference though as they all would appear the same to the OS.

 

I haven't got anything extra on the line as you can see in my attachment that shows the formatting of the file.

 

If it helps, from a software developers point of view, I assume the controller creates a standard binding in Java without specifying an IP address or by specifying 0.0.0.0 or :: which binds to all of the IP addresses. If possible, I think it would be best to check with your developers how the Web UI picks its IP address.

systemproperties.png
Highlighted
Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address

I got some further clarification from the engineers.  The system_ip= is the IP address that is to be used as the inform IP of a UAP once adopted as the UAP reports back to the controller periodically. At the present time, there is no way to lock the listening socket down to a specific IP for the management interface.  Currently, the recommended action is a software firewall on the controller machine itself, restricting the packets that come in for port 8443 to a specific IP.

 

You may want to make a feature request for this as I can see scenarios where it would be useful.


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

Thank you for the clarification. The problem with this method however is that it still means nothing else can be listening on the same port across the whole system.

 

I have created a feature request here if anyone would like to vote for it.

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address


lukebrowning wrote:

Thank you for the clarification. The problem with this method however is that it still means nothing else can be listening on the same port across the whole system.

 

I have created a feature request here if anyone would like to vote for it.


That's a good example of a use case for this.  The one problem there is that another system (i.e. Apache) wouldn't be able to listen across the whole system, but would be able to listen on all IPs except the one bound to UniFi.

 

Have you considered changing the listening port for UniFi?  I know it's not quite what you're looking for, but would free up whatever ports you need freed up.


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
New Member
Posts: 10
Registered: ‎05-13-2014
Kudos: 74

Re: Set the Controllers Web UI IP Address

Well my initial goal was to put the controller on port 443 so that administrators could browse to it by using https:// instead of having to remember a port.

And the thing is, I wouldn't expect a apache to bind to all addresses, or if it did, I would at least be able to stop it from binding to a certain IP address.

Anyway, thanks for your help. I don't think I will be able to acheive what I wish to unless that feature request gets accepted.

New Member
Posts: 24
Registered: ‎01-29-2014
Kudos: 6
Solutions: 1

Re: Set the Controllers Web UI IP Address

[ Edited ]

UBNT-MattB wrote:

...the recommended action is a software firewall on the controller machine itself, restricting the packets that come in for port 8443 to a specific IP...


I mean no offense, but this recommendation is entirely useless for the OP's purposes. The OP (as do I, and certainly many others) wants to configure the UniFi Controller service/daemon to bind to/listen on a specific IP address.

The recommendation to restrict ingress packets on port 8443 to a specific IP in no way prevents the UniFi Controller service/daemon from glomming on all IP addresses. It merely prevents clients from connecting to the UniFi Controller through any IP addresses other than the IP address(es) allowed by firewall rules.

New Member
Posts: 24
Registered: ‎01-29-2014
Kudos: 6
Solutions: 1

Re: Set the Controllers Web UI IP Address


UBNT-MattB wrote:

...The one problem there is that another system (i.e. Apache) wouldn't be able to listen across the whole system, but would be able to listen on all IPs except the one bound to UniFi...


Except this isn't a problem in that this is precisely what the OP is seeking: The ability to bind Ubiquiti Controller's various ports to a specific IP address (e.g. 192.168.1.90:80, 192.168.1.90:443, etc.) so that the Apache httpd daemon (or similar web services) can run on the same server, but bound to a different IP address (e.g. 192.168.1.91:80, 192.168.1.91:443, etc.). This would allow Ubiquiti Controller and other web services such as Apache to peacefully co-exist on the same server (multiple network interfaces/IP addresses), and use standard ports (e.g. 443, 80) without conflicts.

Ubiquiti Employee
Posts: 10,772
Registered: ‎02-10-2014
Kudos: 3150
Solutions: 858
Contributions: 17

Re: Set the Controllers Web UI IP Address


regexaurus wrote:

UBNT-MattB wrote:

...The one problem there is that another system (i.e. Apache) wouldn't be able to listen across the whole system, but would be able to listen on all IPs except the one bound to UniFi...


Except this isn't a problem in that this is precisely what the OP is seeking: The ability to bind Ubiquiti Controller's various ports to a specific IP address (e.g. 192.168.1.90:80, 192.168.1.90:443, etc.) so that the Apache httpd daemon (or similar web services) can run on the same server, but bound to a different IP address (e.g. 192.168.1.91:80, 192.168.1.91:443, etc.). This would allow Ubiquiti Controller and other web services such as Apache to peacefully co-exist on the same server (multiple network interfaces/IP addresses), and use standard ports (e.g. 443, 80) without conflicts.


I take no offense and definitely see the need for this for the applications that both you and the OP have stated.  The OP created a feature request, which I upvoted as well.  It's a very useful feature.


Many Questions are Answered in the KnowledgeBase
Don't forget to kudo helpful posts and mark threads as solved
Forum Rules
Member
Posts: 126
Registered: ‎02-15-2014
Kudos: 32
Solutions: 9

Re: Set the Controllers Web UI IP Address

As a work around, you could leave the Unifi Controller on port 8443, but then in Apache create a redirect for traffic on 192.168.0.105:443 to 192.168.0.105:8443

 

Its not ideal, but I think it will work for what you require.

New Member
Posts: 24
Registered: ‎01-29-2014
Kudos: 6
Solutions: 1

Re: Set the Controllers Web UI IP Address

Not ideal, but as noted, it works for my purposes. Cat Very Happy

Should have thought of that, but I was too focused on what UniFi Controller wasn't allowing me to do. Cat Embarassed

 

Thank you!

Reply