Transfer an updated keystore to Unifi in a FreeNas jail

04 May 2019

Transfer a replacement keytore into a UniFi jail:

Installing a Unifi Controller in a Jail on FreeNAS

19 Feb 2019

Create a jail and enable VNET:

enable VNET in your jail configuration

SSH to your FreeNAS box and run: jexec <jailname> sh # (replace <jailname> with your jail's name)

Run the following commands:

pkg update && pkg upgrade -y     # Update pkgs
pkg install bash llvm40 openjdk8 # install bash, LLVM, and OpenJDK8
portsnap fetch extract           # Update ports
cd /usr/ports/net-mgmt/unifi5
make install clean BATCH=yes     # Build UniFi
sysrc unifi_enable=YES           # Enable UniFi at boot time
service unifi start              # Start UniFi

Note: If you get an error with the message Ports Collection support for your FreeBSD version has ended, run make command with ALLOW_UNSUPPORTED_SYSTEM=yes make install clean BATCH=yes

If you followed the instructions correctly (and nothing else went wrong), you have a running instance of Ubiquiti’s UniFi Controller. Once UniFi has started, you can access it by visiting https://< jail IP > :8443/.

Upgrading to the latest version

SSH to your FreeNAS box and run:

jexec <jailname> bash
portsnap fetch extract                                    # Update ports
cd /usr/ports/net-mgmt/unifi5
service unifi stop                                        # Stop UniFi
make deinstall                                            # Uninstall UniFi
ALLOW_UNSUPPORTED_SYSTEM=yes make install clean BATCH=yes # Build and install
sysrc unifi_enable=YES                                    # Enable UniFi at boot time
service unifi start                                       # Start UniFi

Create a DNS record on a Unifi Security Gateway

16 Feb 2019

Assuming you’ve enabled DNSMasq on your Unifi Security Gateway, you may wish to create local DNS records.

EDIT: these records and options seem to be overwritten after a short period. Investigating why.

EDIT: Ah-ha. The trick is to save the override file on your Unifi Controller:

[root@unifi ~]# cat /usr/local/share/java/unifi/data/sites/default/config.gateway.json
{
  "system": {
    "static-host-mapping": {
      "host-name": {
        "vinz": {
          "inet": [
            "192.168.1.11"
          ],
          "alias": [
            "smtp",
            "netdata"
          ]
        },
        "frank": {
          "inet": [
            "192.168.1.12"
          ]
        }
      }
    }
  },
  "service": {
    "dns": {
      "forwarding": {
        "options": [
          "expand-hosts"
        ]
      }
    }
  }
}

Generate a replacement keystore for a Unifi Controller

16 Feb 2019

Generating a replacement SSL keystore for your Unifi Controller isn’t that difficult; follow the instructions below.