This guide is for installing the Ubiquiti UniFi Controller software on a fresh CentOS 7 server. This guide has been updated, by request, to run the UniFi controller as a non-root user (called ubnt) and configure firewalld, and I will be installing as root. However, we'll be disabling SELinux for simplicity sake. You may choose to enable SELinux in your production environment (my SELinux skills are lacking).
***Last update on 11/05/2018, to UniFi version 5.9.29 and MongoDB 3.4 (UniFi currently has issues with MongoDB 3.6; I highly recommend you use 3.4 for the time being!).
Let's Get Started!
0.) Disable SELinux and update server:
sed -i /etc/selinux/config -r -e 's/^SELINUX=.*/SELINUX=disabled/g'
yum -y install epel-release && yum -y update
systemctl reboot
1.) Install MongoDB 3.4 Repo:
vi /etc/yum.repos.d/mongodb-org.repo
---
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
---
2.) Prerequisites:
useradd -r ubnt
yum -y install mongodb-org java-1.8.0-openjdk unzip wget
3.) Download and Extract UniFi Controller v5.9.29:
cd ~ && wget https://dl.ubnt.com/unifi/5.9.29/UniFi.unix.zip
unzip -q UniFi.unix.zip -d /opt
chown -R ubnt:ubnt /opt/UniFi
4.) Create Startup Script with Systemd:
vi /etc/systemd/system/unifi.service
---
#
# Systemd unit file for UniFi Controller
#
[Unit]
Description=UniFi AP Web Controller
After=syslog.target network.target
[Service]
Type=simple
User=ubnt
WorkingDirectory=/opt/UniFi
ExecStart=/usr/bin/java -Xmx1024M -jar /opt/UniFi/lib/ace.jar start
ExecStop=/usr/bin/java -jar /opt/UniFi/lib/ace.jar stop
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
---
5.) Configure Firewalld
Firewalld is new to me, as it's a recent addition to EL7. Sure, I can disable firewalld, and install iptables, but I figure I should get used to firewalld since it's now the default. Truth be told, working with firewalld is not difficult. In short, you have zones, and you apply "services" to these zones. These firewalld services are XML formatted configs listing the ports that need to be opened. In the case of UniFi, we are creating a unifi service, applying that to the "home" zone, and setting the "home" zone as default. With a reboot, it all applies.
systemctl stop firewalld.service
vi /etc/firewalld/services/unifi.xml
---
<?xml version="1.0" encoding="utf-8"?>
<service version="1.0">
<short>unifi</short>
<description>UniFi Controller</description>
<port port="8081" protocol="tcp"/>
<port port="8080" protocol="tcp"/>
<port port="8443" protocol="tcp"/>
<port port="8880" protocol="tcp"/>
<port port="8843" protocol="tcp"/>
<port port="10001" protocol="udp"/>
<port port="3478" protocol="udp"/>
</service>
---
systemctl start firewalld.service
firewall-cmd --set-default-zone=home # You can use one of the other zones, if you like. I prefer using home instead of the default "public", just adjust accordingly below.
firewall-cmd --permanent --zone=home --change-interface=eth0 # I only have one active interface on my UniFi server, eth0. This should be the interface that UniFi will be using.
firewall-cmd --permanent --zone=home --add-service=unifi
6.) Enable on Startup
systemctl enable unifi.service && systemctl disable mongod.service
7.) Cleanup
rm -rf ~/UniFi.unix.zip
systemctl reboot
To access the webUI, browse to https://IP_OF_SERVER:8443 and follow the simple setup wizard. Pretty easy install, and seems to work great on CentOS 7.
Hope you enjoyed, and please contact me if you have any feedback!