Unifi with LetsEncrypt

Uncategorized Add comments

One problem I ran into with Unifi: I didn’t want to go through the difficulty/effort/burden of getting a TLS cert.

We all know that LetsEncrypt is a trivial way to get certificates, if you can line things up correctly. For the nginx-proxy-letsencrypt, it’s a case of setting environment variables. We don’t always have the option to do that.

So I cheated.

I’m using the “How about that Nginx?” and “And the Crypto Certificates” from https://tech.chickenandporn.com/2019/03/01/one-shot-turnup-of-https-jenkins-on-docker/ and really setting up what that needs to function.

I created a bonehead-simple proxy so I could assign the environment variables. With my unifi server running an https interface at 196.168.0.4:8443, my docker-compose.xml for this little part looks like the following:

proxyunifi:
  container_name: "proxyunifi"
  entrypoint:
    - socat
    - tcp-listen:8443,fork,reuseaddr
    - tcp:192.168.0.4:8443
  environment:
    - LETSENCRYPT_EMAIL=chickenandporn@gmail.com
    - LETSENCRYPT_HOST=unifi.example.com
    - VIRTUAL_HOST=unifi.example.com
  image: "alpine/socat:latest"
  networks:
    - proxy
  ports:
    - "8443"
  restart: always

    The only real complexity here is that I’m forwarding connections to tcp/8443, so I’m forwarding to the https port. If you have problems with that, try tcp-listen:8080,fork,reuseaddr for the entry point item but this is what works for me. A VIRTUAL_PROTO=https can ensure that it works as well.

I would have forwarded the connection to a name instead of an ip address, but my home network has been moved from a dnsmasq where I trivially have names for DHCP ip addresses leased out

Leave a Reply

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in