Installing and migrating Ubiquity Unifi Controller software

I recently upgraded and expanded the wireless network at the office. We replaced our outdated and failing Linksys WRT54G routers with a set of Ubiquiti Unifi UAP-AC-LITE access points. The process of upgrading the network has been one of the more enjoyable tasks I have been assigned recently and the new wireless system works amazingly well.

This guide outlines installing the Unifi Controller software on an Ubuntu 14.04 server for configuring and managing the access points as well as migration from one controller to another.

Installing Unifi:
Installing Unifi on Ubuntu is fairly simple. You can install it via apt by simply adding the Ubiquiti repository to your source list. This can be done via the following command:

You will also need to add the GPG keys for the repository:

With the repository set-up, installation is simple:

Once the software is installed, you can access the user interface and use the setup tool there. Please note that you will probably get a certificate error when accessing the interface.

The user you create during the setup process is important. Some tasks can only be done by this user, such as backup and restore tasks. It is also set as the default user account for the ssh servers on the AP once they are adopted into the network (This can be changed).

I highly recommend that you assign a domain to this server as that will make potential migrations down the line easier. In addition, there is a setting that forces adopted devices to connect to the controller using the domain name rather than IP, this will help if you need to migrate controllers later. This setting can be found under the controller pane of the settings window, you must be the original user to access this page.

Firewall configuration:
This step is not necessary, but I always recommend using at least a simple firewall on your servers. Unifi has five ports it requires for operation and they are listed below, along side their purpose.

  • 3478 – stun (UDP)
  • 8080 – http interface used by devices to inform the server
  • 8443 – https user interface
  • 8843 – https guest portal
  • 8880 – http guest portal

I use ufw for simple firewalls like this. The commands follows, simply replace with the port you wish to allow:

If you use ssh to connect to your server, don’t forget to allow port 22 or you will end up with an unresponsive server. Last, enable the firewall with the following command:

Equipment migration:
With the a controller installed, we can migrate the settings from the old controller to the new one using a built in backup & restore system. Please note that you will need to use the original user account you created during the initial setup for the backup & restore process.
Unifi Maintenance Page
This will bring over the settings and network configuration from the old controller.

The hard part of the migration will be getting the APs to connect to the new controller. My original controller did not have a domain assigned to it, so all my APs connected to the controller using a static IP.  You can force an AP to inform to a new location by connecting to the AP via SSH and issuing the following command.  Please note that we must include the port number as part of the address.

I found that by using this command I could temporarily connect the APs to the new controller, but if they were restarted, they would default to their original configuration and try to connect to the original controller.  In the end, I had to temporarily connect them to the new controller, then have the controller forget them and reset them to their factory settings, then have the controller adopt them again.  After I did this the APs retained their settings after reboots.

Software used or mentioned:
Ubuntu 14.04 lts
Ubiquiti UniFi Controller
ufw – Uncomplicated Firwewall

Hardware used or mentioned:
Ubiquiti Unifi AP-AC-Lite

References:
Unifi Installation Guide by Calvin Bui
Forum post about Unifi Ports
Forum post about Unifi Ports
Forum post about moving APs to new controller