Normally we wouldn’t recommend hosting applications on your firewall, but considering the UniFi Network Application (Controller) is connected closely to your network, there is at least some rational for running MongoDB on your firewall 😎
All you need to get started is a working VyOS installation. At this moment I am using v1.4 and v1.5 would be the same procedure.
I also want to say thanks to the LinuxServer.io team who has done a great job maintaining this docker image. See more details on the image itself at https://github.com/linuxserver/docker-unifi-network-application
Staging Files
We’ll need to mount a few paths to the filesystem for data persistence. Also a configuration file will need to be created to initialize the database settings.
Create the following two directory paths.
mkdir -p /config/unifi/db
mkdir -p /config/unifi/app
Create a file with your MongoDB initialization parameters.
You may want to consider changing the password from CHANGEME to something more legit.
bash -c 'cat > /config/unifi/init-mongo.js' << "EOF"
db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "CHANGEME", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "CHANGEME", roles: [{role: "dbOwner", db: "unifi_stat"}]});
EOF
Configure Containers
Let’s first add the two images we’ll need to the system with the following operational commands.
add container image docker.io/mongo:4.4
add container image lscr.io/linuxserver/unifi-network-application:latest
And now it’s time to go into configure mode and set the container details.
Items you will probably want to adjust are:
MEM_LIMIT, in the example below I set it to 512 because that’s the VyOS container default, and my test network was small. You may need to increase this along with the container memory limit depending on the size of your network.MONGO_PASS, the same sample password from above was used, this needs to match what you entered into the MongoDB init script.TZ, I’ve set it to Toronto, you’ll probably want to set this to your region.
configure
set container name unifi-db allow-host-networks
set container name unifi-db image 'docker.io/mongo:4.4'
set container name unifi-db volume db destination '/data/db'
set container name unifi-db volume db source '/config/unifi/db'
set container name unifi-db volume init destination '/docker-entrypoint-initdb.d/init-mongo.js'
set container name unifi-db volume init mode 'ro'
set container name unifi-db volume init source '/config/unifi/init-mongo.js'
set container name unifi-network-application allow-host-networks
set container name unifi-network-application environment MEM_LIMIT value '512'
set container name unifi-network-application environment MONGO_DBNAME value 'unifi'
set container name unifi-network-application environment MONGO_HOST value 'localhost'
set container name unifi-network-application environment MONGO_PASS value 'CHANGEME'
set container name unifi-network-application environment MONGO_PORT value '27017'
set container name unifi-network-application environment MONGO_USER value 'unifi'
set container name unifi-network-application environment PGID value '1000'
set container name unifi-network-application environment PUID value '1000'
set container name unifi-network-application environment TZ value 'America/Toronto'
set container name unifi-network-application image 'lscr.io/linuxserver/unifi-network-application:latest'
set container name unifi-network-application port application destination '8080'
set container name unifi-network-application port application source '8080'
set container name unifi-network-application port discovery destination '10001'
set container name unifi-network-application port discovery protocol 'udp'
set container name unifi-network-application port discovery source '10001'
set container name unifi-network-application port httpportal destination '8880'
set container name unifi-network-application port httpportal source '8880'
set container name unifi-network-application port https destination '8443'
set container name unifi-network-application port https source '8443'
set container name unifi-network-application port httpsportal destination '8843'
set container name unifi-network-application port httpsportal source '8843'
set container name unifi-network-application port l2discovery destination '1900'
set container name unifi-network-application port l2discovery protocol 'udp'
set container name unifi-network-application port l2discovery source '1900'
set container name unifi-network-application port stun destination '3478'
set container name unifi-network-application port stun protocol 'udp'
set container name unifi-network-application port stun source '3478'
set container name unifi-network-application volume config destination '/config'
set container name unifi-network-application volume config source '/config/unifi/app'
commit
save
You can now browse to port 8443 https://...:8443 on your routers IP address, for example if your router is 192.168.1.1 you would browse to https://192.168.1.1:8443
It will probably take a few minutes to go live depending on how powerful your hardware is. On my 2-core Celeron N3350 with 2GB of RAM, it took about 3 minutes.
From here on you can use it like any other UniFi controller, without needing to purchase a separate Cloud-key or host it in the cloud.
Upgrading
It’s as simple as running the following two commands.
update container image unifi-network-application
restart container unifi-network-application