Run a UniFi Network Controller in Docker: A Complete Guide

Are you looking for a reliable and secure way to run your UniFi Network Controller? This guide covers how to set up a Docker container using the 11notes/docker-unifi image, providing a stable and manageable solution for your network management needs. Let's dive in!

Why Use Docker for Your UniFi Controller?

Docker offers several advantages for running your UniFi Controller:

Isolation: Docker containers isolate the UniFi Controller from the host system, preventing conflicts and enhancing security.
Consistency: Ensures the UniFi Controller runs the same way across different environments, from development to production.
Simplified Deployment: Streamlines the deployment process with easy-to-manage containers.
Resource Efficiency: Docker optimizes resource utilization, allowing you to run more services on the same hardware.

Key Features of the 11notes/docker-unifi Image

This Docker image provides a robust UniFi Controller setup with several benefits:

Integrated MongoDB: Includes MongoDB, eliminating the need for a separate database container. This simplifies the deployment process.
Ubuntu Base: Built on a stable Ubuntu base, offering a secure and reliable environment.
Automatic Telemetry Disablement: Automatically disables anonymous telemetry collected by Ubiquiti, enhancing your privacy.

Getting Started: Running the UniFi Controller in Docker

Follow these simple steps to get your UniFi Controller up and running:

Pull the Image:
```
docker pull 11notes/unifi:[tag]
```
Replace [tag] with the desired version (e.g., 8.1.127).
Create a Volume:
```
mkdir -p /path/to/your/unifi/var
```
This directory will store all your UniFi configuration data and site information.
Run the Container:
```
docker run --name unifi \
 -v /path/to/your/unifi/var:/unifi/var \
 -d 11notes/unifi:[tag]
```
Remember to replace /path/to/your/unifi/var with your actual path and [tag] with the image version.

Configuring Your UniFi Controller Container

Optimize your setup with these configuration options:

Volumes:
- /unifi/var: Stores all configuration data and sites. Ensure this volume is persistent for data retention.
Default Settings:

Parameter	Value	Description
`user`	docker	User docker
`uid`	1000	User ID 1000
`gid`	1000	Group ID 1000
`home`	/unifi	Home directory of user docker

Environment Variables:

Parameter	Value	Default
`TZ`	Time Zone
`DEBUG`	Show debug information

Best Practices for a Secure UniFi Controller Setup

Follow these tips to enhance the security and performance of your UniFi Controller:

Rootless Container Runtime: Use Podman or rootless Docker for enhanced security.

Allow Non-Root Ports: Enable non-root ports below 1024 with:

echo "net.ipv4.ip_unprivileged_port_start=53" > /etc/sysctl.d/ports.conf
sysctl -p /etc/sysctl.d/ports.conf

Reverse Proxy: Use Traefik or Nginx to terminate TLS with a valid certificate.
Let’s Encrypt Certificates: Secure your SSL endpoints with Let's Encrypt.
Disable Telemetry: Although the image disables anonymous telemetry, also disable it in the global settings.

Preventing Telemetry: Ensuring Your Privacy

This image helps protect your privacy by automatically disabling anonymous telemetry. Verify this by:

SSH into an access point:
Check the configuration: grep analytics /tmp/system.cfg The output should read disabled.

Additionally, block the FQDN trace.svc.ui.com in your DNS blocker for comprehensive protection.

Stay Updated and Backup Regularly

Backups: Always create backups before updating to a new version. This safeguards against potential data loss.
Changelog: Review the changelog for breaking changes before updating.

Conclusion: A Solid Foundation for Your UniFi Network

By using the 11notes/docker-unifi image, you're setting up a solid, secure, and manageable UniFi Controller environment. Enjoy the benefits of centralized network management with the flexibility and security of Docker!