Installing UniFi controller in Docker Container

Instructions followed from here. Some changes were made
Commands work on Ubuntu 16.04

Install Docker

sudo apt install -y docker docker.io
systemctl enable docker
systemctl start docker

Install UniFi

sudo docker pull jacobalberty/unifi:latest

Setup Docker Image

The following command sets up a container which we can later manipulate to start and stop the “service”
You can specify where you want the UniFi files to reside if desired.

sudo docker run -d --init --restart=unless-stopped --name=unifi-controller --net=host --volume=/docker/unifi:/var/lib/unifi -p 8080:8080/tcp -p 8081:8081/tcp -p 8443:8443/tcp -p 8843:8843/tcp -p 8880:8880/tcp -p 8883:8883/tcp -p 3478:3478/udp jacobalberty/unifi:latest

Docker commands

List docker containers

sudo docker container list
367c7a1465ec        jacobalberty/unifi:latest   "/usr/loca/bin/dock…" 15 minutes ago      Up 14 minutes (healthy) unifi-controller

List docker images on system

sudo docker images
jacobalberty/unifi latest baebbe301633 9 days ago 711MB

Stop container. Also stops the UniFi service. Change the ID to your container ID.

sudo docker stop 367c7a1465ec

Other notes

When setting up the Docker image, the directory specified was “/docker/unifi” so all the UniFi files are in there and it looks like if you manipulate the files, it makes the changes fine. At least for setting up the SSL certificates.

Change Static IP on AirFiber over SSH

Log into device

SSH into AirFiber

ssh ubnt@192.168.1.20

Modify config file

Open up the “/tmp/system.cfg” configuration file

vi /tmp/system.cfg

Find the line that has the ip address and modify the address.
Note that you’ll need to hit i to enter text if you are using vi

...
netconf.3.hwaddr.status=disabled
netconf.3.ip=192.168.1.10   <-- Change IP here
netconf.3.mtu=1500 
...

Save file by hitting the esc key then type :x and then hit Enter

Save changes and reboot

Now run the following command to write the changes to the device. Once it comes back up it should have the new IP address from the config file.

cfgmtd -f /tmp/system.cfg -w && reboot

no matching cipher found. Their offer: aes128-cbc,3des-cbc…

When trying to SSH to older devices like a Ubiquiti Bullet2, you may receive an error saying.

no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc

Work around it to manually specify the cipher with the “-c” option. You will also probably need to specify the KexAlgorithm

ssh -c aes128-cbc -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.20

You can see what ciphers ssh supports by running “ssh -Q cipher”

Example output

ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

More information
https://www.openssh.com/legacy.html

UNMS – Set user as Super Admin from command line

The following commands can be run from a ssh session to your UNMS instance.

Show Current Users

sudo ~unms/app/unms-cli set-superadmin

Should get something like the following

            UNMS Users
 ┌─────────┬───────────┬───────────────────────────┬──────────────┬────────────┐
 │ (index) │ username  │           email           │     role     │ two-factor │
 ├─────────┼───────────┼───────────────────────────┼──────────────┼────────────┤
 │    0    │  'larry'  │  'larry@incredigeek.com'  │   'admin'    │   false    │
 │    1    │   'bob'   │   'bob@incredigeek.com'   │   'admin'    │   false    │
 └─────────┴───────────┴───────────────────────────┴──────────────┴────────────┘

Change User to Super Admin

To change a user to a Super Admin, add “–username username” to the above command.

Example:

sudo ~unms/app/unms-cli set-superadmin --username bob
            UNMS Users
 ┌─────────┬───────────┬───────────────────────────┬──────────────┬────────────┐
 │ (index) │ username  │           email           │     role     │ two-factor │
 ├─────────┼───────────┼───────────────────────────┼──────────────┼────────────┤
 │    0    │  'larry'  │  'larry@incredigeek.com'  │   'admin'    │   false    │
 │    1    │   'bob'   │   'bob@incredigeek.com'   │ 'superadmin' │   false    │
 └─────────┴───────────┴───────────────────────────┴──────────────┴────────────┘

Note that there does not appear to be a way to

UniFi Cameras – configure static IP or DHCP from command line

The UniFi cameras are different then the AirMax line in how the configuration works. There is a “/tmp/system.cfg” file, but it does not contain most of the configuration option. In the default directory there are some files which appear to handle the device configuration.

The network configuration file is “ubnt_networkd.conf”

Edit the file by opening it up in vi or a different text editor.

Static IP config

{
     "cfgver": 2,
     "dhcp": {
         "fallbackIP": "192.168.1.20",
         "fallbackNetmask": "255.255.255.0",
         "status": 0  <-- 0=Static 1=DHCP
     },
     "dns": {
         "ns1": {
             "ip": "8.8.8.8",
             "status": 1
         },
         "ns2": {
             "ip": "4.2.2.2",
             "status": 1
         }
     },
     "routes": {
         "gateway": "192.168.5.1"
     },
     "statik": {
         "ip": "192.168.5.11",
         "netmask": "255.255.255.0"
     }
}

If you want to set the static address, you should be able to edit the settings in this config and leave DHCP status disabled.

DHCP config

To set the Camera to use DHCP, under dhcp change “”status”: 0″ to “”status”: 1″

{
     "cfgver": 2,
     "dhcp": {
         "fallbackIP": "192.168.1.20",
         "fallbackNetmask": "255.255.255.0",
         "status": 1
     },
     "dns": {
         "ns1": {
             "ip": "8.8.8.8",
             "status": 1
         },
         "ns2": {
             "ip": "4.2.2.2",
             "status": 1
         }
     },
     "routes": {
         "gateway": "192.168.5.1"
     },
     "statik": {
         "ip": "192.168.5.11",
         "netmask": "255.255.255.0"
     }
}

After the settings are applied the camera will use use DHCP regardless of the statik ip settings.

Save changes

Use the following command to write the changes to persistent storage

ubnt_cmd_persist.sh

And reboot the camera.

reboot

Camera should pull a DHCP address when it boots up

Ubiquiti set DHCP from command line

Edit the “/tmp/system.cfg”

Change the line that contains “dhcpc.status=disabled” to

dhcpc.status=enabled

add the following lines

dhcpc.1.devname=br0         
dhcpc.1.fallback=192.168.1.20
dhcpc.1.fallback_netmask=255.255.255.0
dhcpc.1.status=enabled

Save and exit and save changes

/usr/etc/rc.d/rc.softrestart save

Log into the GUI and verify everything looks correct. Under the network tab it was still showing that it had a static address, although it pulled a DHCP IP.

Change Channel Width on Ubiquiti AC CPE Over SSH

SSH into CPE

ssh ubnt@192.168.1.20

open up the “/tmp/system.cfg” file

vi /tmp/system.cfg

Find the “radio.1.chanbw=” line and change to the following

radio.1.chanbw=10

Note: it may say “radio.1.chanbw=0” that looks to be the default and works for 20mhz

exit file with

esc + :wq + Return or Enter

Save settings with

/usr/etc/rc.d/rc.softrestart save 

Change AP to 10Mhz and the CPE should reconnect.

Ubiquiti – Renewing DHCP client lease from command line

AirOS uses udhcpc for the DHCP client on Ubiquiti Radios. To renew the DHCP address you can kill the udhcpc process and it’ll automatically restart and get a new address.

Renew DHCP lease

Kill udhcpc with the following command.

killall udhcpc

Other info

Print info about the DHCP lease. May need to change “info.br1” to “info.eth0” or some other interface.

cat /etc/udhcpc/info.eth0 

Example output.

XW.v6.2.0# cat /etc/udhcpc/info.br1 
u_interface="br1"
u_broadcast=""
u_subnet="255.255.255.0"
u_ip="10.93.0.10"
u_router="10.93.0.1"
u_dns="8.8.8.8 1.1.1.1"
u_hostname=""
u_serverid="10.93.0.1"
u_domain=""
u_leasetime=600
u_timestamp="1143249941"
u_started=1142593
u_pid=936
XW.v6.2.0# 

Command arguments that udhcp is run with. Info was collected by running the “ps | grep udhcp” command. Note that the interface “eth0” can be different if the device is in bridge mode.

/sbin/udhcpc -f -i eth0 -s /etc/udhcpc/udhcpc -p /var/run/udhcpc.eth0.pid -h device_name

udhcpc help output

XW.v6.2.0# udhcpc --help
BusyBox v1.24.2 (2019-07-03 11:13:35 EEST) multi-call binary.

Usage: udhcpc [-fbqvRB] [-t N] [-T SEC] [-A SEC/-n]
        [-i IFACE] [-s PROG] [-p PIDFILE]
        [-oC] [-r IP] [-V VENDOR] [-F NAME] [-x OPT:VAL]... [-O OPT]...

        -i,--interface IFACE    Interface to use (default eth0)
        -s,--script PROG        Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
        -p,--pidfile FILE       Create pidfile
        -B,--broadcast          Request broadcast replies
        -t,--retries N          Send up to N discover packets (default 3)
        -T,--timeout SEC        Pause between packets (default 3)
        -A,--tryagain SEC       Wait if lease is not obtained (default 20)
        -n,--now                Exit if lease is not obtained
        -q,--quit               Exit after obtaining lease
        -R,--release            Release IP on exit
        -f,--foreground         Run in foreground
        -b,--background         Background if lease is not obtained
        -S,--syslog             Log to syslog too
        -r,--request IP         Request this IP address
        -o,--no-default-options Don't request any options (unless -O is given)
        -O,--request-option OPT Request option OPT from server (cumulative)
        -x OPT:VAL              Include option OPT in sent packets (cumulative)
                                Examples of string, numeric, and hex byte opts:
                                -x hostname:bbox - option 12
                                -x lease:3600 - option 51 (lease time)
                                -x 0x3d:0100BEEFC0FFEE - option 61 (client id)
        -F,--fqdn NAME          Ask server to update DNS mapping for NAME
        -V,--vendorclass VENDOR Vendor identifier (default 'udhcp VERSION')
        -C,--clientid-none      Don't send MAC as client identifier
        -v                      Verbose
Signals:
        USR1    Renew lease
        USR2    Release lease
XW.v6.2.0# 

Note that you can also send a signal to the PID of udhcpc and have it renew the address. To do that use the following command, replacing pidofudhcpc to pid of udhcp.

kill -s USR1 pidofudhcpc

or use the following command to find the pid for you.

kill -s SIGUSR1 $(pgrep udhcpc)

Ubiquiti AirMax – Set radio to use DHCP from command line

Gain access to radio via ssh

ssh ubnt@192.168.1.20

open up the /tmp/system.cfg

vi /tmp/system.cfg

Delete the following line. To move the cursor to the following line and type “dd” and vi will delete the whole line.

dhcpc.status=disabled   

Add the following 5 lines. Hit “i” to enter vi insert mode.
br0 should be correct interface in most scenarios.

dhcpc.1.devname=br0          
dhcpc.1.fallback=192.168.1.20
dhcpc.1.fallback_netmask=255.255.255.0
dhcpc.1.status=enabled
dhcpc.status=enabled

Save the file by hitting esc and then “:wq” followed by Return/Enter

Save the config changes and reboot the radio so it pulls an address.

/usr/etc/rc.d/rc.softrestart save && reboot

Helpful EdgePoint commands

Initial setup from command line

initial-setup 

show interfaces

ubnt@ubnt:~$ show interfaces
 Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
 Interface    IP Address                        S/L  Description                 
 ---------    ----------                        ---  -----------                 
 br0          10.2.2.1/24                  u/u  Local Bridge                
 br0.73       -                                 u/u                              
 br0.75       -                                 u/u                              
 eth0         192.168.99.1/24                   u/u  Internet                    
 eth1         -                                 u/u  Local Bridge                
 eth2         -                                 u/D  Local Bridge                
 eth3         -                                 u/u  eth3-pc1      
 eth4         -                                 u/u  eth4-printer         
 eth5         -                                 u/u  eth5-pc3 
 eth6         -                                 u/u  eth6-rotuer         
 eth7         -                                 u/u  eth7-extra                 
 lo           127.0.0.1/8                       u/u                              
              ::1/128                          
 ubnt@ubnt:~$

Double tab in session to show more commands

wsubnt@ubnt:~$ 
 Possible completions:
   add           Add an object to a service
   clear         Clear system information
   configure     Enter configure mode
   connect       Establish a connection
   copy          Copy data
   debug         Enable debugging of specified routing protocol
   delete        Delete a file
   disconnect    Take down a connection
   generate      Generate an object 
   initial-setup Enter initial configuration dialog
   no            Disable or reset operational variable
   ping          Send Internet Control Message Protocol (ICMP) echo request
   ping6         Send IPv6 Internet Control Message Protocol (ICMP) echo request
   reboot        Reboot the system
   release       Release specified variable
   rename        Re-name something.
   renew         Renew specified variable
   reset         Reset a service 
   restart       Restart a service
   set           Set system or shell options
   show          Show system information
 ubnt@ubnt:~$ ws