meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubiquiti:controller [2020/07/20 15:44] – created niziakubiquiti:controller [2021/03/20 21:41] (current) niziak
Line 4: Line 4:
   * Works correctly only with host type networking = no network separation   * Works correctly only with host type networking = no network separation
  
-===== In unprivileged LXC ===== 
  
-[[https://wiki.debian.org/LXC]]+ 
 +==== Install MongoDB < 4.0.0 ==== 
 +[[https://docs.mongodb.com/v3.6/tutorial/install-mongodb-on-debian/]]
  
 <code bash> <code bash>
-apt-get install lxc+apt install gnupg2 
 +wget -qO - https://www.mongodb.org/static/pgp/server-3.6.asc | sudo apt-key add - 
 +echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list 
 +apt-get update 
 +sudo apt install mongodb-org 
 +sudo systemctl start mongod
 </code> </code>
  
-Create user+==== Installing Unifi controller ==== 
-<code bash>sudo useradd -/bin/bash -c 'Unifi lxc user' -unifi</code> + 
-<code bash>sudo passwd unifi</code>+Inside container
 +<code bash> 
 +sudo apt-get update && sudo apt-get install ca-certificates apt-transport-https wget 
 +echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti| sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list 
 +sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg  
 +sudo apt update 
 +sudo apt install unifi
  
-Find subuids and subgids for created user 
-<code bash>sudo grep unifi /etc/sub{gid,uid}</code> 
-<code> 
-/etc/subgid:unifi:1738400:65536 
-/etc/subuid:unifi:1738400:65536 
 </code> </code>
 +Access running controller on: [[https://<IP>:8443/]]
  
-Allow new user create network interfaces+Unifi controller log location
-<file | /etc/lxc/lxc-usernet> +  * ''/usr/lib/unifi/logs/server.log'' 
-lxcgitlab veth br-lan 10 +  * ''/usr/lib/unifi/logs/mongod.log''
-</file> +
-[[https://linuxcontainers.org/lxc/manpages/man5/lxc-usernet.5.html|man 5 lxc-usernet]]+
  
-Now login as new user (using ssh or su). +==== Configure mail agent ====
-Create default lxc configureation in user directory:+
 <code bash> <code bash>
-mkdir -p ~/.config/lxc +sudo apt-get install msmtp-mta
-cp /etc/lxc/default.conf ~/.config/lxc/default.conf+
 </code> </code>
  
-Edit file below and put subuid and subgid: +See how to configure[[linux:mail:msmtp]]
-<file | ~/.config/lxc/default.conf> +
-... +
-lxc.network.link = br-lan +
-lxc.id_map = u 0 1738400 65536 +
-lxc.id_map = g 0 1738400 65536 +
-... +
-</file>+
  
-Create container: +=== adding own CA cert to controller === 
-<code bash>lxc-create -t download -n unifi</code>+To send e-mails to own SMTP server with self-signed cert. 
 +It is enough to add cert to Debian certifcate store and restart unifi controller.
  
-==== Issues ==== 
  
-Errorlxc-createunifi: confile.cset_config_net: 261 lxc.net must not have a value+To add certificate directly to JVM store: 
 + 
 +[[https://stackoverflow.com/questions/373295/digital-certificate-how-to-import-cer-file-in-to-truststore-file-using|Digital CertificateHow to import .cer file in to .truststore file using]] 
 + 
 +<code bash> 
 +sudo cp cacert.crt /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security 
 +cd /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security 
 +keytool -v -import -file cacert.crt -alias my_own_ca -keystore cacerts -storepass changeit 
 +</code>
  
-LXC3 is using different config keys. Easiest way is to convert config file: +<code>/etc/init.d/unifi restart</code>
-<code bash>lxc-update-config -c default.conf</code>+