Unifi Controller Installation and Network Setup

Installation

Use Glenn R's installation scripts available here.

UFW Rules

ufw allow 3478/udp
ufw allow 5514/tcp
ufw allow 8080/tcp
ufw allow 8443/tcp
ufw allow 8880/tcp
ufw allow 8843/tcp
ufw allow 6789/tcp
ufw allow 27117/tcp
ufw allow 10001/udp
ufw allow 1900/udp
ufw allow 5656:5699/udp

SSH

ufw allow 22/tcp

Redirect port 8443 to 443

IPTABLES

iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

UFW

Open rules file in nano editor:

nano /etc/ufw/before.rules

Add the following rule:

*nat
:PREROUTING ACCEPT [0:0]
# redirect destination port 443 to 8443
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
COMMIT

Restart ufw process:

systemctl restart ufw

Nginx Proxy for Forwarding HTTP to HTTPS

Install nginx:

apt-get install nginx -y

Open default site's configuration file in editor:

nano /etc/nginx/sites-available/default

Delete old contents and add the following contents (assuming server's hostname is unifi.nasirhafeez.com):

server {
        listen 80;
        server_name unifi.nasirhafeez.com;
        return 301 https://$server_name;
}

Restart Nginx:

systemctl restart nginx

After this setup simply entering the hostname unifi.nasirhafeez.com in browser without http or https will redirect to the Unifi Controller. Using ufw rules it will also not display port 8443 in the browser (as it does by default).

Reference

15 Minute Hosted Unifi Controller Setup - Crosstalk Solutions

Force Redirect and use HTTPS - Unifi Community Forum

nasirhafeez/unifi-controller-installation-and-network-setup.md