UniFi was broken with a kernel update of many popular distributions (See UniFi Forum post for details). Most distributions have now pushed a fix for the kernel, ideally you would simply update the kernel, if you can not update to a kernel with a fix then this image contains a fix you can activate throught the
JVM_MAX_THREAD_STACK_SIZE environment variable. An example of how to do this on the docker command line is
--env JVM_MAX_THREAD_STACK_SIZE=1280k. Depending on your docker stack you may need to pass this environment variable another way, please see the relevant software's documentation for passing environment variables.
This is a containerized version of Ubiqiti Network's Unifi Controller version 5.
The following options may be of use:
- Set the timezone with
- Bind mount the
Example to test with
mkdir -p unifi/data mkdir -p unifi/logs docker run --rm -p 8080:8080 -p 8443:8443 -p 3478:3478 -p 10001:10001 -e TZ='Africa/Johannesburg' -v ~/unifi/data:/var/lib/unifi -v ~/unifi/logs:/var/log/unifi --name unifi jacobalberty/unifi:unifi5
Adopting access points/switches/security gateway
Layer 3 adoption
The default example requires some l3 adoption method. You have a couple options to adopt.
The quickest one off method is to ssh into the access point and run the following commands
mca-cli set-inform http://<host_ip>:8080/inform
You can see more options on the (UniFi website)[https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Layer-3-methods-for-UAP-adoption-and-management]
Layer 2 adoption
You can also enable layer 2 adoption through one of two methods.
If you launch the container using host networking (With the
--net=host parameter on
docker run) Layer 2 adoption works as if the controller is installed on the host.
It is possible to configure the macvlan driver to bridge your container to the host's networking adapter. Specific instructions for this container are not yet available but you can read a write-up for docker at http://collabnix.com/docker-17-06-swarm-mode-now-with-macvlan-support/
There is now a new
beta branch on github to support easier building of betas. This branch does not exist on the docker hub at all,
you must check it out from github.
You simply build and pass the build argument
PKGURL with the url to the .deb file for the appropriate beta you wish to build. I believe
this will keep closest with the letter and spirit of the beta agreement on the unifi forums while still allowing relatively easy access to the betas.
This build method is the method I will be using for my own personal home network to test the betas on so it should remain relatively well tested.
If you would like to submit a new feature for the images the beta branch is probably a good one to apply it against as well.
I will be cleaing up the Dockerfile under beta and gradually pushing out the improvements to the other branches. So any major changes
should apply cleanly against the
TimeZone. (i.e America/Chicago)
used to set max thread stack size for the JVM
8080/tcp - Device command/control
8443/tcp - Web interface + API
8843/tcp - HTTPS portal
8880/tcp - HTTP portal
3478/udp - STUN service
6789/tcp - Speed Test (unifi5 only)
10001/udp - UBNT Discovery
While micro-service patterns try to avoid running multiple processes in a container, the unifi5 container tries to follow the same process execution model intended by the original debian package and it's init script, while trying to avoid needing to run a full init system.
dump-init runs a simple shell wrapper script placed at
unifi.sh executes and waits on the jsvc process which orchestrates running the controller as a service. The wrapper script also traps SIGTERM to issue the appropriate stop command to the unifi java
com.ubnt.ace.Launcher process in the hopes that it helps keep the shutdown graceful.
Example seen within the container after it was started
$ docker exec -it ef081fcf6440 bash # ps -e -o pid,ppid,cmd | more PID PPID CMD 1 0 /usr/bin/dumb-init -- /usr/local/bin/unifi.sh 7 1 sh /usr/local/bin/unifi.sh 9 7 unifi -nodetach -home /usr/lib/jvm/java-8-openjdk-amd64 -classpath /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pidfile /var/run/unifi/unifi.pid -procname unifi -outfile /var/log/unifi/unifi.out.log -errfile /var/log/unifi/unifi.err.log -Dunifi.datadir=/var/lib/unifi -Dunifi.rundir=/var/run/unifi -Dunifi.logdir=/var/log/unifi -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Xmx1024M -Xms32M com.ubnt.ace.Launcher start 10 9 unifi -nodetach -home /usr/lib/jvm/java-8-openjdk-amd64 -classpath /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pidfile /var/run/unifi/unifi.pid -procname unifi -outfile /var/log/unifi/unifi.out.log -errfile /var/log/unifi/unifi.err.log -Dunifi.datadir=/var/lib/unifi -Dunifi.rundir=/var/run/unifi -Dunifi.logdir=/var/log/unifi -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Xmx1024M -Xms32M com.ubnt.ace.Launcher start 31 10 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xmx1024M -XX:ErrorFile=/usr/lib/unifi/data/logs/hs_err_pid<pid>.log -Dapple.awt.UIElement=true -jar /usr/lib/unifi/lib/ace.jar start 58 31 bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --logappend --logpath logs/mongod.log --nohttpinterface --bind_ip 127.0.0.1 108 0 bash 116 108 ps -e -o pid,ppid,cmd 117 108 [bash]
To use custom SSL certs, you must map a volume with the certs to /var/cert/unifi
They should be named:
cert.pem # The Certificate privkey.pem # Private key for the cert chain.pem # full cert chain
For letsencrypt certs, we'll autodetect that and add the needed Identrust X3 CA Cert automatically.
- Don't run as root (but Unifi's Debian package does by the way...)
- Possibly use Debian image with systemd init included (but thus far, I don't know of an official Debian systemd image to base off)
@cybertoon this container tracks the official apt repositories from unifi The latest stable on the repositories is listed at http://dl-origin.ubnt.com/unifi/debian/dists/stable/ubiquiti/binary-amd64/Packages which is presently 5.4.18
5.5.19 is still listed as latest testing as per http://dl-origin.ubnt.com/unifi/debian/dists/testing/ubiquiti/binary-amd64/Packages
I do believe this is a mistake on ubiquiti's part but I track their repositories for consistency, as soon as they update the repositories I will update the tags.
Latest tracks the unifi apt 'stable' repository for and as of right now 'stable' still has its latest as 5.4.18
@jacobalberty - thank you or for 5.5.19 update, but why it's not in the branch latest (latest = 5.4.18)
@jacobalberty - thank you for this docker image. +1 for 5.5.x update!
Can someone tell me how to get letsencrypt working with this docker image?
@jacobalberty any updates regarding 5.5.19 stable?
@jacobalberty is the 5.5.19 a beta/testing release or is it the stable version? I know you said you were waiting until the 10th to see what they do with the debian repos. I was just checking if the 5.5.19 is stable or if it would be best to wait for you to update latest to 5.5.19 if it is not the stable release or if it's just there for testing.
@xaero the kernel isn't booted in any containers, they use the host kernel. If your kernel on your system contain the fix then you don't need JVM_MAX_THREAD_STACK_SIZE=1280k
@jacobalberty Just checking to see if the --env JVM_MAX_THREAD_STACK_SIZE=1280k fix is still needed? I see that you have this building running off 22.214.171.124 and that 126.96.36.199 was listed as the broken kernel and 188.8.131.52 is listed as a fixed kernel. Are you planning on upgrading the kernel to 184.108.40.206 for 5.5.19 Stable?