From 8494857b2ece74f09011b932a9aa2094f5b88d9d Mon Sep 17 00:00:00 2001 From: michael Date: Mon, 31 Jul 2023 16:48:00 +1000 Subject: [PATCH] add unifi container --- Dockerfile | 79 ++++++++++++++++++++++++++++++++++++++++++++ apt-requirements.txt | 13 ++++++++ system.properties | 47 ++++++++++++++++++++++++++ 3 files changed, 139 insertions(+) create mode 100644 Dockerfile create mode 100644 apt-requirements.txt create mode 100644 system.properties diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d8bd9f7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,79 @@ +FROM debian:11-slim + +# Copy in requirements file +COPY apt-requirements.txt /tmp/apt-requirements.txt + +# Set default repos to HTTPS +# RUN sed -i '/URIs: http:\/\/deb\.debian\.org\/debian/c\URIs: https:\/\/deb\.debian\.org\/debian' /etc/apt/sources.list.d/debian.sources + +# Install package dependancies +RUN export DEBIAN_FRONTEND=noninteractive && \ + apt-get update -y && \ + xargs -a /tmp/apt-requirements.txt apt-get install -y --no-install-recommends + +# Add MongoDB key and repo, install MongoDB +# RUN curl https://pgp.mongodb.com/server-6.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-archive-keyring.gpg && \ +# echo "deb [ signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb.list && \ +# apt-get update -y && \ +# apt-get install -y --no-install-recommends mongodb-org + +# Add Unifi key and repo, install Unifi +# RUN curl https://dl.ui.com/unifi/unifi-repo.gpg | gpg --dearmor > /usr/share/keyrings/ubiquiti-archive-keyring.gpg && \ +# echo 'deb [signed-by=/usr/share/keyrings/ubiquiti-archive-keyring.gpg] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | tee /etc/apt/sources.list.d/ubiquiti.list && \ +# apt-get update -y && \ +# apt-get install -y --no-install-recommends unifi + +# Get latest version of Unifi and download deb file +RUN UNIFI_VERSION=$(curl -sX GET http://dl-origin.ubnt.com/unifi/debian/dists/stable/ubiquiti/binary-amd64/Packages \ + | grep -A 7 -m 1 'Package: unifi' \ + | awk -F ': ' '/Version/{print $2;exit}' \ + | awk -F '-' '{print $1}') && \ + echo "Unifi version: $UNIFI_VERSION" && \ + curl -o /tmp/unifi.deb -L https://dl.ui.com/unifi/$UNIFI_VERSION/unifi_sysvinit_all.deb + +# Unpack the unifi deb file, remove mongodb dependancy, then repack and install +RUN mkdir -p /tmp/unpack && \ + dpkg-deb -R /tmp/unifi.deb /tmp/unpack && \ + sed -i '/^ mongodb-server.*),/d' /tmp/unpack/DEBIAN/control && \ + echo "Updated control file:" && \ + cat /tmp/unpack/DEBIAN/control && \ + dpkg-deb -b /tmp/unpack /tmp/unifi-nomongo.deb && \ + dpkg -i /tmp/unifi-nomongo.deb + +# Copy in system.properties file +COPY system.properties /var/lib/unifi/system.properties + +# Tweak the unifi user, chown files, clean up +RUN usermod -s /bin/bash unifi && \ + chown -R unifi:unifi /var/lib/unifi && \ + chmod 600 /var/lib/unifi/system.properties && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Add unifi user, create app directores and chown to unifi user +# RUN useradd unifi-svc \ +# --uid 1000 \ +# --user-group \ +# --groups unifi,unifi-svc \ +# --create-home \ +# --shell /bin/bash && \ + # mkdir -p /unifi/data && \ + # mkdir -p /unifi/logs && \ + # chown -R unifi:unifi /unifi + +VOLUME /var/lib/unifi +VOLUME /var/log/unifi + +# Expose ports +EXPOSE 3478 8080 8443 8843 8880 + +# Change to unifi user +USER unifi + +# Set working directory +WORKDIR /var/lib/unifi + +# Set entrypoint +CMD ["/usr/bin/java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"] + + diff --git a/apt-requirements.txt b/apt-requirements.txt new file mode 100644 index 0000000..cb82ca3 --- /dev/null +++ b/apt-requirements.txt @@ -0,0 +1,13 @@ +software-properties-common +gnupg +debconf +ca-certificates +apt-transport-https +binutils +coreutils +adduser +libcap2 +curl +openjdk-11-jre-headless +logrotate +procps \ No newline at end of file diff --git a/system.properties b/system.properties new file mode 100644 index 0000000..9625fd2 --- /dev/null +++ b/system.properties @@ -0,0 +1,47 @@ +## system.properties +# +# each unifi instance requires a set of ports: +# +## device inform +# unifi.http.port=$UNIFI_INFORM_PORT +## controller UI / API +# unifi.https.port=$UNIFI_GUI_PORT +## portal redirect port for HTTP +# portal.http.port=$UNIFI_PORTAL_PORT +## portal redirect port for HTTPs +# portal.https.port=8843 +## local-bound port for DB server +# unifi.db.port=27117 +## UDP port used for STUN +# unifi.stun.port=$UNIFI_STUN_PORT +# +## the IP devices should be talking to for inform +system_ip=$UNIFI_SYSTEM_ADDRESS +## disable mongodb journaling +unifi.db.nojournal=true +## extra mongod args +# unifi.db.extraargs + +db.mongo.local=false +db.mongo.uri=mongodb://$UNIFI_DB_USER:$UNIFI_DB_PASSWORD@$UNIFI_DB_ADDRESS:$UNIFI_DB_PORT/$UNIFI_DB_NAME +statdb.mongo.uri=mongodb://$UNIFI_DB_USER:$UNIFI_DB_PASSWORD@$UNIFI_DB_ADDRESS:$UNIFI_DB_PORT/$UNIFI_DB_STAT_NAME +unifi.db.name=$UNIFI_DB_NAME + +## HTTPS options +# unifi.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA +# unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello +# unifi.https.hsts=false +# unifi.https.hsts.max_age=31536000 +# unifi.https.hsts.preload=false +# unifi.https.hsts.subdomain=false +# +# Ports reserved for device redirector. There is no need to open +# firewall for these ports on controller, however do NOT set +# controller to use these ports. +# +# portal.redirector.port=8881 +# portal.redirector.port.wired=8882 +# +# Port used for throughput measurement. +# unifi.throughput.port=6789 +#