Self Hosted UniFi Controller Tutorial: Managing Multiple Sites & Migrations with Ease!

Рет қаралды 37,722

Күн бұрын

lawrence.video/unifi
Quick & Easy 5-Minute UniFi Self Hosted Debian 12 Controller Setup & Update Script
• Quick & Easy 5-Minute ...
Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall
• Using Cloudflare Tunne...
UniFi Ports Used
help.ui.com/hc/en-us/articles...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag/
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
Time Stamps ⏱️
00:00 How To Setup UniFi Multi Site Controller
01:48 DNS for Inform
02:55 Linux Server Firewall Rules
03:49 UniFI Ports To Open
04:31 Installing The UniFi Controller
05:12 Reverse Proxy Or Cloudflare Tunnel
06:25 Enabling Multi Site Management
07:08 Inform Host Override
07:26 Adopting UniFI Devices To Remote Controller
08:37 Adding Sites And Moving Devices
10:21 Mass Adoption and Site Migration
#unifi #networking

Пікірлер: 96

@tombarber8929 11 ай бұрын

Wish this video came out like a day ago! We have like 15 locations with Unifi APs and 2 different controllers, so this afternoon I spent some time setting up new sites on our newer controller, forgetting the APs from the old controller, and adopting them to the new one. That migration option you showed would have saved some time! 😂 Great video as always though, and now I know!

@FirstLastOne 11 ай бұрын

@TechnoTim 7 ай бұрын

This is awesome Tom! I always wondered how this worked!

@TechySpeaking 11 ай бұрын

I've never seen Tom with his hair down, wild

@JoelyonMorrison 11 ай бұрын

Very Dave Grohl-ish 😂

@dakid2555 11 ай бұрын

Regarding the Adoption of AP's over layer 3, you can also setup a DHCP option 43 to set the inform to a remote Unifi controller without having to setup a temporary controller to complete the adoption. In addition any newly added AP's get routed to the correct controller without having to have one on the network with the AP's, much easier in my experience. The only challenge is that you need to convert your controller IP to hex and prefix with 01 04 as this dhcp option is stored in Hex. Another option is to set a CNAME record on the DNS server serving the APs for "unifi" to point to the inform domain name.

@Zeric1 11 ай бұрын

option 43 works well and solves a lot of issues. Note how to enter and format the prefix / ip on DHCP varies widely so one will need to research their particular dhcp server. Also don't expect a cheap consumer level router to support option 43, but prosumer or better will (pfsense, sophos, mikrotik, dd-wrt, palo alto, etc all support it).

@LThibx 11 ай бұрын

I agree with both of you. I moved my controller to a linux cloud instance months ago, and well actually I have a Unifi Edgerouter that has a field for Unifi Controller in the DHCP Server config. My understanding is that is their way of implementing Option 43 on the ER. Just put in the IP Address of the Cloud Controller. Works perfectly. I pre-configure all new devices by simply connecting to my network, it gets the correct Inform URL, and I adopt it in the correct tenant. Couldn't be more smooth. Thanks Unifi! 🥰

@carlostavaresjr958 11 ай бұрын

Great video. On my controller I have a site called Staging to get a lot of devices setup quickly or at least work on getting online and updated. Then once they are setup or near setup move them to their site. I also have a Unifi VM on my laptop for this as well for quick setups.

@ronlee1178 8 ай бұрын

Your methods and explanations are awesome! Thank you!

@turcoscorner 11 ай бұрын

Great video as usual! You can make auuto discovery work over L3 by having a cname record on your local dns of unifi pointing to your real inform url. Thanks for the great content!

@dyerseve3001 11 ай бұрын

We go one extra step, set a port on the switch untagged on the DMZ vlan (you did DMZ the controller right?), L2 adoption works and then sets inform to the external url, we can then take the device on-site and drop it into whatever network needs it.

@Zeric1 11 ай бұрын

@@dyerseve3001 It's certainly a good idea to boot up and test the device before sending it off. One still would want L3 adoption working thought at the remote site in case for some reason the device gets reset or the inform url gets messed up after deployment, which can happen.

@turcoscorner 11 ай бұрын

@@dyerseve3001 you don't need a local controller with my suggestion, as long as you have a local dns entry on both sites! Remember, you won't be changing the default inform url on the device with this suggestion! We've been using it for years and it works flawlessly

@daltonvanhorn5167 11 ай бұрын

i like the way you are morphing into Jeff Tweedy

@pcleats 11 ай бұрын

Great video by the way

@LAWRENCESYSTEMS 11 ай бұрын

Glad you enjoyed it

@slipknottin 11 ай бұрын

I definitely screwed it up when I installed some unifi devices at my sisters. I used my IP at my controller in my house then when the ISP changed my IP I lost connection with all the devices. Still haven’t fixed it and it’s been like 6 months. Some day I’ll have time to go over there and fix it.

@jcarman 11 ай бұрын

Wow. That hair! Also just noticed controller spelled wrong in the opening title screen. But great stuff as always!

@swiftswamp4599 10 ай бұрын

With hosting the controller in the cloud, is it still smart to take advantage of the UDM Pro or alike for routing on prem.

@johana3007 3 ай бұрын

Hello great video, I have followed your video and in installed the controller in AWS ec2, I’m able to login using my domain and ip, but I am not able to adopt a device, the device has the right inform URL and I have the same url in the settings, ports you mentioned are open but not luck, any ideas? Thanks

@adammiller5242 11 ай бұрын

The word "controller" is spelled wrong in your intro slide. I really enjoy your videos.

@wouterkeuper8378 8 ай бұрын

Thank you for all the usefull and fun video's over the years, one question: How do you monitor all the UniFi equipment since Ubiquiti has removed the "Sites overview" panel in the newer versions of the controller, do you intergratie this with a external software for monitoring? Or do you think the panel will eventually move the the "new" interface? Kind regards!

@LAWRENCESYSTEMS 8 ай бұрын

You can have the system send you notices when things are down or you could use a third party tool such as Auvik

@weyland-yutani. 4 ай бұрын

Where did you get your linux theme? Been trying to find the skulls for months and have been unsuccessful

@daltonchaney1504 11 ай бұрын

I had to pause a few seconds in to say, sweet hair Tom.

@LAWRENCESYSTEMS 11 ай бұрын

Thanks

@pepeshopping 11 ай бұрын

Funny, others would say, get more real/professional please.

@jlrke24 5 ай бұрын

Hello, how many sites can the Unifi Site Manager support? We are a single tenant but have about 100 sites, all are basically cut copies for firewall rules etc. We are re-considering our network requirements and the price for unifi is such an eye candy.

@SimoAtlas 11 ай бұрын

Your hair looks cool

@pepeshopping 11 ай бұрын

Funny, others would say, get more real/professional please.

@matthewmcghee1250 9 ай бұрын

What L3 device do you use at each site?

@marinsnb 11 ай бұрын

How do you allow the ports you mentioned in pfSense? Do you create a “Unifi allowed ports” alias and add some rules? What would those rules look like? Appreciate your thoughts!

@LAWRENCESYSTEMS 11 ай бұрын

Since it's only two ports and one UDP and one TCP I am not using an alias. Here is a video on how to port forward in pfsense kzbin.info/www/bejne/Z4qnh5iYf9F6mK8

@philnutman5902 3 ай бұрын

I used this method but I now get Cloudflare does not allow direct IP on the Unifi guest portal landing page, Guest ports are open on the controller.

@marco4296 11 ай бұрын

Thank you a lot for the tutorial! Just wondering if you noticed any glitching - issues on setting up multiple users for each site?

@LAWRENCESYSTEMS 11 ай бұрын

Not that I know of abd we have been running this for years

@marco4296 11 ай бұрын

@@LAWRENCESYSTEMS I've added one user to one site only and it actually added the user to each one of the sites. If I remove the user, it will be just for a single site so it will be still present in all the other sides

@Finchwizard 10 ай бұрын

My issue at the moment I’ll be looking at us we want to get customers into our cloud controller for some more simply management. Testing at my home on a UDM pro SE there’s no way to export sites and import them into a multi site controller.

@LAWRENCESYSTEMS 10 ай бұрын

Correct the UDM can not be managed via the Multi-site controller.

@Chris-The-Tech 10 ай бұрын

@lawrencesystems I have UniFi system running on a mac mini, with main router being a netgear with all the Wi-Fi turned off. My poe switch is a EdgeSwitch 8XP with 2 U6 access points. I have been told the Edgeswitch could be causing some network blips on this setup. If this is true, what could I to better to mitigate those issues.

@Chris-The-Tech 10 ай бұрын

Speed tests are always in excess of 500Mbps on a gig/40 connection.

@johnharrison712 11 ай бұрын

What if you set the unifi stuff using Public IP instead of DNS would love to see how to convert this over.

@LAWRENCESYSTEMS 11 ай бұрын

change the override and it should push it to the connected devices.

@StevenRayVaughan 5 ай бұрын

Before I even saw this tut, I had everything working the way you spoke about for Tunnels, however the inform URL sends an adoption loop when using CF tunnels for the inform URL. Should I not be using a tunnel for that and simply exposing a firewall port for 8080? Defeats the purupose I'm going for, can you shed some light on this Tom?

@LAWRENCESYSTEMS 5 ай бұрын

Don't use a tunnel for the inform URL

@vinguarinovg 5 ай бұрын

@@LAWRENCESYSTEMSHi Tom, Thank you all you do. So are you saying , the inform URL is exposed, but all other ports can be tunneled? (Through CF?) Trying to set up a secure method to control family access points.

@strauss-2478 11 ай бұрын

Hello. Great video Tom! Do you or someone else maybe know how I can get a 2FA like on the Unifi Account page? Would be a great security feature. My server is also behind a reverse proxy.

@LAWRENCESYSTEMS 11 ай бұрын

Not publicly exposing it and putting it behind a reverse proxy and creating rules for how it is accessed is a form of 2FA

@BruceKraftJr 6 ай бұрын

Does anything change now that wifiman for desktops has been released?

@LAWRENCESYSTEMS 6 ай бұрын

Not really

@ricardosarda 11 ай бұрын

I have a problem here in my company. When I install a new controller on another IP and restore my backup onto it, my switches become unreachable for one or two seconds, and the devices connected to them lose connection as well. Is there any way to prevent this from happening?

@LAWRENCESYSTEMS 11 ай бұрын

If you are moving and re-provisioning the devices they restart services to point to the new controller.

@davidyoder5890 11 ай бұрын

Im not sure how your inform and management URLs are different. Are there 2 hosts infolved or just 2 different URLs pointing to the same host?

@LAWRENCESYSTEMS 11 ай бұрын

You can have more than one domain pointed at an IP address. Also, my management URL is a cloudflare tunnel

@davidyoder5890 11 ай бұрын

@@LAWRENCESYSTEMS oh, the CF part is what got me confused. Thanks.

@StevenRayVaughan 5 ай бұрын

Per my latest comment, where would the inform URL go? I have it on my cloudflare tunnel at 8080, but I get an adoption loop. Is there something I'm doing wrong? I have to use the local IP for the server as the override because it won't take the DNS record I have for the tunnel on CF. Management works great on a tunnel, but the inform URL just doesn't seem to work, what could I be missing?@@LAWRENCESYSTEMS

@pcleats 11 ай бұрын

I am assuming that each site is running its own self hosted controller yes? The big issue I have running a self hosted controller is that each of my sites (7) are running a software package that requires port 80(hard coded and can't be changed) and the controller also requires 80. So the controller won't start. I can't run Linux because that software package does not support it. I could put it on a separate mini PC, but then why not just buy a UDM-SE. Thoughts?

@LAWRENCESYSTEMS 11 ай бұрын

We manage all our client sites on one controller.

@pcleats 11 ай бұрын

@@LAWRENCESYSTEMS So you have nothing at the remote site other than the devices themselves?

@LAWRENCESYSTEMS 11 ай бұрын

Correct, only the devices.@@pcleats

@linuxpc4me555 11 ай бұрын

Can you address unifi-video? How can I use cloud access without cloudkey? Can a unifi-video web controller be built?

@LAWRENCESYSTEMS 11 ай бұрын

UniFi video ONLY works with their hardware and their NVR system.

@linuxpc4me555 11 ай бұрын

@@LAWRENCESYSTEMS not a happy answer. But thanks for being frank! I really enjoy and look forward to your videos and knowledge

@leejordanful 11 ай бұрын

Thanks Tom, that is really relevant to me right now. I'm a bit confused about the different DNS names you used. Maybe a diagram would help to clarify why you used two different names? Thanks

@LAWRENCESYSTEMS 11 ай бұрын

You can have multiple DNS pointed at one IP. I bring that up because many people don't seem aware of that which leads to them being stuck when they wan to setup certificates for SSL. Also for the management interface I used Cloudflare tunnel which does not even point at that IP which is explained in my Cloudflare tunnel video.

@leejordanful 11 ай бұрын

@@LAWRENCESYSTEMS Thanks. I will only be accessing the controller from our internal network.

@wigglz 9 ай бұрын

Where did you get your shirt man?

@LAWRENCESYSTEMS 9 ай бұрын

Https://lawrence.video/swag

@davidew98 11 ай бұрын

What about dream machines? You can’t put a dream machine on a on-site controller

@LAWRENCESYSTEMS 11 ай бұрын

@SimoAtlas 11 ай бұрын

SSH script to automatically adopt all devices at once since they all have the same default logon credentials

@Felix-ve9hs 11 ай бұрын

Didn't know that, TIL

@Mitchomi 11 ай бұрын

Noob here. Could you use duck DNS instead of static ip?

@LAWRENCESYSTEMS 11 ай бұрын

Should work

@david.mcmahan 11 ай бұрын

I found the Flex Mini switch is a pain to adopt without a local controller.

@Zeric1 11 ай бұрын

I had issues with this in the past, "dhcp option 43" worked well to solve this. Do a google search on how to set it for your particular router (pfsense, cisco, dd-wrt, mikrotik etc).

@jj-icejoe6642 11 ай бұрын

Contorller ?

@LAWRENCESYSTEMS 11 ай бұрын

That is what UniFi calls their software that manages the devices.

@jj-icejoe6642 11 ай бұрын

It's not supposed to be controller ?@@LAWRENCESYSTEMS

@LAWRENCESYSTEMS 11 ай бұрын

@@jj-icejoe6642 Ohh, the typo, that happens.

@TechySpeaking 11 ай бұрын

First

@BenGillam 11 ай бұрын

We’re trying to move away from this now. For the most part it’s great and convenient. But every so often a software update will hose one our customer sites. For small clients that’s fine and not huge job to fix, but have had experience of a school site with 30 plus devices where it falls over. Only real fix is to remove all aps reset and re adopt them. Had to do this twice in last couple of years. In these cases we are putting a cloud key in. Every update to UniFi controller is a scary affair with this site so much so we’ve started holding back unless there is a critical vuln

@LAWRENCESYSTEMS 11 ай бұрын

Not sure what you are doing wrong as we don't have such issues and we have a lot of large deployments.