Guide: How to run UniFi Controller on the Firewalla Gold Series Boxes

Follow

Comments

124 comments

  • Avatar
    Blake

    Is there something that should be done after step 1 and before step 2?  I tried running the command in step 2 and got the following error:

    Error: No such network: unifi_default

    Error: any valid prefix is expected rather than "null".

    0
    Comment actions Permalink
  • Avatar
    Blake

    So I got this figured out today and Unifi Controller is up and running.  Here's what I didn't know and the guide didn't make entirely clear.  Probably bc this guide is for Pros, which I am not.

    After step 1 you need to run the following command: docker-compose up -d

    Once the compose file is executed and the container is pulled you can move onto Step 2.

    I misinterpreted step 3 as needing to manually create a file containing those 2 commands and place it into a directory.  What it really means is just run those 2 commands making sure you replace the GOLD_LAN_IP with your Gold's IP address.  Once I did that I was able to get to the Controller setup wizard.

    The last hurdle is that I wasn't able to use my Ubiquiti account to create the Site in this controller, so what you have to do is to create a local account.  I can't remember what you click to do that, but it's not hard to find.

    Now, that I did all of that I was able to get into the controller and my switches were there and adoptable.

    If you are a complete n00b like me hopefully this helps.

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Thanks, Blake!

    I would say step 3 is not a typical way for documentation to show that those are shell commands, so I made many of the same assumptions you did. Something like this might be better. 

    $ echo address=/unifi/[GOLD_LAN_IP] > ~/.firewalla/config/dnsmasq_local/unifi

    # Restart DNS Service

    $ sudo systemctl restart firerouter_dns


    Now I have the unifi controller running on FWGold! I'm thinking I may hold off migrating from the controller I have on my Synology to allow FW to harden the release a bit more. But it is great to know I can consolidate if I want to. 

    1
    Comment actions Permalink
  • Avatar
    Support Team

    @Blake

    Updated the doc that you don't have to run command docker-compose up -d, sudo systemctl start docker-compose@unifi will do everything.

     

    @Michael

    Updated the doc!

     

    1
    Comment actions Permalink
  • Avatar
    Zach Schramm

    Now that Blue Plus contains docker support, will this become available on those as well?

     

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Yes, there will be a separate doc on Blue Plus.

    0
    Comment actions Permalink
  • Avatar
    Blake

    So I had to reboot my firewalla and attempted to follow this guide again and I can't get the controller functioning.  I even removed everything I could find related to unif and run through the process and I can't get to the controller by using my LAN IP.  When I try to run the compose command I get this error:

    ERROR: for unifi  Cannot start service unifi: Invalid address 172.16.1.2: It does not belong to any of this network's subnets

    I'm pretty sure you updated the guide since the first time I went through it and I can't figure out what all changed to troubleshoot.  Any help would be appreciated.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Did you check steps 2 & 3 which aren't permanent ?

    0
    Comment actions Permalink
  • Avatar
    Blake

    Yes, I completed steps 2 and 3 again.  I went through the whole thing, and then when I tried to reach the controller it failed to load the page.  It says failed to reach the server.

    0
    Comment actions Permalink
  • Avatar
    Support

    @Blake Try sudo docker network rm unifi_default and then sudo docker-compose up -d

    If not working, sudo docker-compose down and start over again.

    1
    Comment actions Permalink
  • Avatar
    Blake

    That worked!  So I ran the first command, then moved to the docker unifi directory and ran the second command.  Then I completed step 2 and 3 of the guide again and I can finally get to the controller.  I had to setup a new local admin account and couldn't use my UI account but I'm in.  Thanks.

    1
    Comment actions Permalink
  • Avatar
    Nicolas Evens

    Been using this for weeks now, love it !!

    If you guys have some time, could you give a shot at "home assistant" ?

    Docker install is easy but networking...

    Installation on Docker - Home Assistant (home-assistant.io)

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @nicolas, Having tried both, I prefer homebridge to home assistant. Here's a guide https://github.com/oznu/docker-homebridge/wiki/Running-Homebridge-on-Firewalla-Gold

    1
    Comment actions Permalink
  • Avatar
    Nicolas Evens

    @Michael thank you, your guide is great!

    Homebridge seems to be more of an interface to HomeKit than a standalone software. I do not have Apple devices so not sure it's a good fit for me.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Nicolas, you are right Homebridge is mostly about homekit. It does have some plugins for Google,  zwave, and alexa. 

    0
    Comment actions Permalink
  • Avatar
    Blake

    So now that I have 1.971 I've added the new file necessary to kick start the controller after every reboot.  However, and forgive me if this is a dumb question, but what does this part of the guide mean:

    If you have installed unifi controller before 1.971, please change your docker-compose.yaml file accordingly and run the following commands

    In what way would I need to update the compose file?

    0
    Comment actions Permalink
  • Avatar
    Support

    @Blake If your controller is up and running then you are good. We made a change in network section of docker-compose file. A previous configured docker container might cause conflict with the recommended settings now.

    0
    Comment actions Permalink
  • Avatar
    Christopher J. Shaker

    I had the earlier configuration, and am having a hard time updating it to the new instructions.

    Is there some easy way to remove the entire docker configuration, without reflashing the router?

    Thank you,
    Chris Shaker

    0
    Comment actions Permalink
  • Avatar
    Blake

    Try running sudo docker compose down. Then start over. If that works it’s much easier than the method I used.

    docker compose down is supposed to remove the container.  So running that and then starting over using this guide should work.  Also, I found it easier to use Filezilla to connect to the Firewalla to create the directories and upload the yaml file since I don't really have much experience in using commands to do that.  Just in case that helps anyone as inexperienced as I am accomplish this.

    0
    Comment actions Permalink
  • Avatar
    Christopher J. Shaker

    Thank you for the information

    -1
    Comment actions Permalink
  • Avatar
    Blake

    Has anyone tried updating their controller or updating any of the devices?  I can't seem to do any firmware updates from the container.

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Blake to upgrade the controller you update the docker container. Updating devices happensmfrom the controller software.

    0
    Comment actions Permalink
  • Avatar
    Blake

    how do you update the container?  A link to instructions would suffice.

    1
    Comment actions Permalink
  • Avatar
    Blake

    Thanks @Michael.  That did the trick.

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    You bet @Blake! Glad you are in business.

    1
    Comment actions Permalink
  • Avatar
    Dave

    Could this method be adapted to install TP-Link's Omada Software Controller? I have a few EAP245 and this would save me having to get their hardware controller

    0
    Comment actions Permalink
  • Avatar
    Chris

    I've got this working just fine. One question though.

    While testing my Guest network I realised I was able to load Unifi and Pihole - but that network has a block on all local LAN traffic. For instance I am unable to route to a server on the LAN.

    I am guessing this must be because in step 2 and 4 we're making the subnet WAN routable? How do I un-do that? I don't really understand why we're using different commands in 2 and 4 (`sudo ip route` vs. `sudo ipset create`).

    1
    Comment actions Permalink
  • Avatar
    Alex

    Is the ip route command with table wan_routable really necessary? I only used the command with lan_routable and cannot see any problems (also I removed the two lines in the start_unifi.sh script).

    What's wan_routable doing?

    @Chris: Also without the wan_routable command I could connect to the unifi controller from my guest network .. so I add in the firewalla app a custom block rule for my guest network .. block ip range 172.16.1.0/24. It's working fine.

    0
    Comment actions Permalink
  • Avatar
    Dave B

    I'm trying to do this on a Firewalla Blue Plus.  My controller adopted and provisioned the initialized WAP and it seems to work just fine. 

    When I run:

    sudo ip route add 172.16.1.0/24 dev br-$(sudo docker network ls | awk '$2 == "unifi_default" {print $1}') table lan_routable
    sudo ip route add 172.16.1.0/24 dev br-$(sudo docker network ls | awk '$2 == "unifi_default" {print $1}') table wan_routable

    I get this:

    Error: argument "lan_routable" is wrong: "table" value is invalid

    My docker-compose file is identical to what is provided in the procedure above. Any advice?

    0
    Comment actions Permalink

Please sign in to leave a comment.