So I decided to give the unifi controller a shot on running on OpenBSD and most importantly the plan was to run it alongside all the other daemons on the system, so I don’t need to have a seperate VM / machine running just for the unifi controller. Spoiler: while I was able to get the unifi controller to run on my OpenBSD server I stopped the daemon right away after having all up and running. But why would I go through all the hassles just to not use it, you might ask. Well, if you are not interested about the intricacies of getting the controller up and running, just skip to the conclusion.

All commands are run as root unless otherwise specified.

Acknowledgements

The whole thing was greatly inspired by Renaud Allard’s piece

It is also possible to use the net/unifi port. But as I didn’t want to pull in the whole ports(7) tree just for one port I decided to go down my own route.

Getting all the bits and pieces

Not only do you need to Download the latest release of the UniFi Network Application (formerly known as Controller) but you also need to install MongoDB and you also need a Java Runtime not newer than 17 for the Controller to run. For the controller we create a new user (make sure to use a UID and GID > 1000 to avoid clashes with system and ports users).

At first we create a user for the UniFi Controller to use.

useradd -g =uid -m -d /var/unifi -L daemon -c 'Unifi daemon' -s /sbin/nologin _unifi

Now you need to install and setup all the dependencies for running the Controller. As you want authentication for basically everything in a mixed environment, you are also setting up MongoDB to use authentication. This also means that you need to setup MongoDB users and databases before running the Unifi controller. Java itself doesn’t need any special configuration.

You will start by installing the packages needed:

pkg_add mongodb-4.4.29 jdk-17.0.10.7.1v0 unzip
rcctl enable mongodb
rcctl start mongod
mongo --port 27017

and then …

Lately problems emerged with my self hosted Unifi network controller which I had been running on a Raspberry Pi. Mainly I suffered from a missing admin collection in the underlying MongoDB which rendered my controller unmaintainable as I was unable to login to the system. Further investigation showed also multiple warnings about ext4 problems so I decided to move away from the Raspberry and host the controller on a Linux guest running on OpenBSDs vmd(8).

My first attempt was Alpine Linux. I really enjoyed the brief moments with it and the installer seemed to be OpenBSD inspired which I liked. Sadly the current Alpine Linux does not have any MongoDB package available due a change in licensing on MongoDB’s side. So I decided to go with Debian as both MongoDB and Ubiquiti provide packages for Debian. Being a security conscious being I opted for Debian 10, their current stable distribution.

This is where the trouble began.

The nice things about running the latest stable are having current (i.e. in the Debian sense for that matter) software packages at your disposal. Little did I know that Debian also ditched MongoDB for the same reasons as Alpine (or the other way around?) but luckily I could get away by using MongoDB’s repository for the 3.6 release of the database (unifi’s package does not support a version >= 4.0.0). Unifi also has troubles with Java 11 and last but not least it also uses a poor choice of TLS parameters which culminated in a instance of the controller which I was unable to reach from my browser as there was no way to negotiate a secure connection. To make matters worse some commands taken from Ubiquiti’s documentation did harm the overall process (apt-mark). But to be fair, the instructions are for Debian 8 and 9.

So without further ado here are the steps to get the unifi network controller v6.2.26 running:

apt install -y gnupg2
echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 main" | \
    tee …