UNMS - Optional Installation Steps


Overview


This article describes additional features of UNMS installation process. It includes changing ports for accessing through GUI, setting ports for communication with devices, working behind a proxy and more.


Table of Contents


  1. Managing the SSL certificate for access via HTTPS (optional)
  2. Changing the HTTP and HTTPS ports (optional)
  3. Changing the device inform port (optional)
  4. Running UNMS behind a reverse proxy (optional)
  5. Changing the UNMS container's IP address (optional)
  6. Cloud
  7. UNMS Data
  8. Devices Latency and Outage Statistics

Managing the SSL certificate for access via HTTPS (optional)


Back to Top

By default, UNMS uses Let's Encrypt to automatically create and manage an SSL certificate for its domain name. The certificate is saved under /home/unms/data/cert/live . Use installation script arguments --ssl-cert-dir <DIRECTORY> , --ssl-cert <FILENAME> , --ssl-cert-key <FILENAME> and optionally --ssl-cert-ca <FILENAME> to manage the certificate manually. The argument--ssl-cert-ca <FILENAME> is temporarily not available in version 0.11.0. It will be fully supported in version 0.11.1+.

$ curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh 
$ sudo bash /tmp/unms_install.sh --ssl-cert-dir /etc/certificates --ssl-cert fullchain.pem --ssl-cert-key privkey.pem

Make sure that the UNMS has read permission on the certificate directory and all files.


Changing the HTTP and HTTPS ports (optional)


Back to Top

Use installation script arguments --http-port <NUMBER> and --https-port <NUMBER> to configure the UNMS server to listen on non-standard ports. Defaults are 80 (HTTP) and 443 (HTTPS).

$ curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh 
$ sudo bash /tmp/unms_install.sh --http-port 8080 --https-port 8443
ATTENTION
Please be aware that UNMS must be accessible from the internet via HTTP port 80 if you want to use automatic SSL certificate management via Let's Encrypt.

Changing the device inform port (optional)


Back to Top

User tip
Inform port is the port that your devices use to connect to UNMS.

Please be aware that UNMS must be accessible from the internet via HTTP port 80 if you want to use automatic SSL certificate management via Let's Encrypt. Using a separate inform port is useful when you need to expose the port outside your private network, but don't want to expose the UNMS GUI. Use installation script argument --ws-port <NUMBER> to configure the UNMS WebSocket server to use a separate port for communication with your devices.

$ curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh 
$ sudo bash /tmp/unms_install.sh --ws-port 8444

Running UNMS behind a reverse proxy (optional)


Back to Top

Use installation script arguments --behind-reverse-proxy ,--public-https-port <NUMBER> and --public-ws-port <NUMBER> if you plan to run UNMS behind a reverse proxy server. The setting--public-https-port is only necessary if the proxy listens for HTTPS on a different port than UNMS. The setting--public-ws-port is only necessary when you use --ws-port (as mentioned in the section above) to separate the inform port form the HTTPS port.

$ curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh
$ sudo bash /tmp/unms_install.sh --behind-reverse-proxy --public-https-port 443 --http-port8080 --https-port 8443 

Please be aware that this puts the responsibility of managing an SSL certificate on the reverse proxy and disables the automatic certificate management via Let's Encrypt. The reverse proxy must still use HTTPS for communication with UNMS, optionally with a custom SSL certificate. HTTP-only communication between UNMS and the reverse proxy is not supported. The UNMS - Reverse Proxy Examples article (coming soon) shows working reverse proxy configurations for Nginx and Apache.


Changing the UNMS container's IP address (optional)


Back to Top

Use installation script argument --subnet <CIDR> to change the UNMS container's subnet if you experience IP address conflicts.

$ curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh 
$ sudo bash /tmp/unms_install.sh --subnet 172.45.0.1/24

You may also wish to change the IP address of the docker0 bridge created by Docker. See the docker user guide for more information. Please note that this may affect containers other than UNMS running on your system.


Cloud


Back to Top

We recommend using the latest version of Ubuntu 16.04.1 LTS (Xenial Xerus) or Amazon AMI. Here are examples of suitable cloud services:

  • AWS, EC2 instance, t2.small (2 GB RAM), Ubuntu 16.04.1 LTS (Xenial Xerus)
  • DigitalOcean, basic droplet (2 GB RAM), Ubuntu 16.04.1 LTS (Xenial Xerus)

NOTE
For a detailed tutorial on DigitalOcean see: UNMS - How to Deploy on DigitalOcean.

UNMS Data


Back to Top

By default, the installation script ensures that the application settings and data (logs, site images, encryption key, etc.) are stored outside of the docker container (/home/unms/data ). This will enable you to back up that data, and more importantly, this will enable you to perform any future UNMS upgrades without any data loss.


Devices Latency and Outage Statistics


Back to Top

By default, all connected devices to UNMS will ping the UNMS host to check for latency and if any devices are being reported as offline which will result in outage statistics being generated. Ping must be allowed to the UNMS Host for this to work properly.