Docker unifi and webserver questions

TechMonkey

New Member
Sep 22, 2019
9
0
1
Hello everyone. Just got a new machine and decided to go with ubuntu after windows 1903 upgrade smashed my controller and nginx setup. Im new to docker and have only spent a couple hours getting familiar with it. I wanted to propose my setup to you folks and see if you think this is a good idea.


So i need 4 (but possible up to 7 or docker containers. ) Unifi controller, pihole, next cloud, and nginix. (in the future i may move my email server to this machine as well. But that's complex so ill pass for now)

  • Are unifi certificates going to be a problem using the docker container?
  • Since i will be able to access my controller from the internet via the fqdn, is it a "good idea" to have all these services on the same machine
  • If 2 docker comtainers use the same ports, will nginix be ok in a container or does it need to run on the host?

Basically im just wanting to know if using docker is a good path to go down. I really Just want to get all the "stuff" on one machine but i dont this machine could get much done with vm's.

Thanks for your time
 

Spartacus

Well-Known Member
May 27, 2019
764
302
63
Austin, TX
  • No, I have unifi setup in docker it runs the same as it does as a standalone app certificates weren't an issue for me. If you're using a custom certificate you just have to access the docker bash so you can modify the controller files to accept the cert.
  • Docker containers can be isolated into separate networks if you're paranoid, however it should not matter if other containers are running on it. By FQDN do you mean the Cloud Access feature through UniFi Cloud Access Portal or are you actually port forwarding your unifi controller?
  • No, only one device can use the docker host's port at a time, docker will not start two containers utilizing the same ports. You can however redirect containers ports such as port 8443->80 for the unifi management page. Or vice versa 8443 ->8442 if you wanted to run two unifi
 

TechMonkey

New Member
Sep 22, 2019
9
0
1
  • No, I have unifi setup in docker it runs the same as it does as a standalone app certificates weren't an issue for me. If you're using a custom certificate you just have to access the docker bash so you can modify the controller files to accept the cert.
  • Docker containers can be isolated into separate networks if you're paranoid, however it should not matter if other containers are running on it. By FQDN do you mean the Cloud Access feature through UniFi Cloud Access Portal or are you actually port forwarding your unifi controller?
  • No, only one device can use the docker host's port at a time, docker will not start two containers utilizing the same ports. You can however redirect containers ports such as port 8443->80 for the unifi management page. Or vice versa 8443 ->8442 if you wanted to run two unifi
  • Ok so that at least points me down the correct Path. I an using ssl certs from comodo.
  • I am port forwarding and using addresses "controller.server.com; cloud.server.com; etc."
  • Ive actually been following a little tutorial on setting up a nginx dockerv with reverse proxy so ive sort of answered this already. I may be back when it comes time to actually fill in the config file. I used nginx before to only push non https traffic to https and Not as a reverse proxy so that will be new to me.
 

PigLover

Moderator
Jan 26, 2011
3,011
1,313
113
I use the unifi docker image from Jacob Alberty (jacobalbery/unfi). He’s made it dead simple to install certs. Follow the instructions on his page. His method is especially nice if you use certs that expire often and have to be reinstall (e.g., Acme/Lets Encrypt) because your procedure is basically drop the certs in the specified directory and then restart the container. Dead simple.

He’s also pretty good about doing updates with current versions, which Unifi drops fairly frequently. Including release-candidate and some of the more interesting Betas.
 
  • Like
Reactions: epicurean

TechMonkey

New Member
Sep 22, 2019
9
0
1
I use the unifi docker image from Jacob Alberty (jacobalbery/unfi). He’s made it dead simple to install certs. Follow the instructions on his page. His method is especially nice if you use certs that expire often and have to be reinstall (e.g., Acme/Lets Encrypt) because your procedure is basically drop the certs in the specified directory and then restart the container. Dead simple.

He’s also pretty good about doing updates with current versions, which Unifi drops fairly frequently. Including release-candidate and some of the more interesting Betas.
So i am using his image. Agree its simple to drop the certs in. However , every time i have done this, ive used a java command to generate a csr. That command doesn't work at all. Inside or outside the container. I dont know how to issue a cert without the csr? Do i just use the csr generator on namecheap or something?

One other question... do i need to change the host name of the server? The server is "boss" and the containers are meant to be named "unifi, cloud, pi etc. @fqdn" on my windows install that only ran the controller the host machine was unifi@fqdn That doesnt seem like it would work here with different ceritificates for each container app
 

PigLover

Moderator
Jan 26, 2011
3,011
1,313
113
Unfortunately I'm not real sure how to answer here. I use Acme/Lets Encrypt on my pfSense router, using the pfSense Acme package to manage pulling the certs, which triggers a small shell script to distribute them and re-start any containers that need a kick (like the Unifi one).
 

texteditor

New Member
Oct 8, 2019
14
2
3
So i am using his image. Agree its simple to drop the certs in. However , every time i have done this, ive used a java command to generate a csr. That command doesn't work at all. Inside or outside the container. I dont know how to issue a cert without the csr? Do i just use the csr generator on namecheap or something?

One other question... do i need to change the host name of the server? The server is "boss" and the containers are meant to be named "unifi, cloud, pi etc. @fqdn" on my windows install that only ran the controller the host machine was unifi@fqdn That doesnt seem like it would work here with different ceritificates for each container app
You'd probably have to Google a bit for the exact method as the docs and commands are weird, but the openssl tools can handle almost anything with certs