├── README.md └── install.sh /README.md: -------------------------------------------------------------------------------- 1 | # unifi-autoinstall 2 | Script that automates upgrading and securing of a Ubuntu host then deploys the Ubiquiti UniFi Controller. 3 | 4 | To learn more, visit [https://miketabor.com](https://miketabor.com/install-ubiquiti-unifi-controller-cloud/ "How to install Ubiquiti UniFi controller on the cloud - MikeTabor.com") and follow [@tabor_mike](https://twitter.com/tabor_mike) on Twitter. 5 | 6 | ## What it does 7 | 8 | * Updates all packages on the system. 9 | * Configures UncomplicatedFirewall (UFW) to allow only SSH and Ubiquiti UniFi ports, then enables UFW. 10 | * Adds the UBT repo then installs latest version 5 of UniFi Controller. 11 | * Installs Fail2ban then adds definition and fail regex to monitor for failed UniFi logins. 12 | 13 | ### How to use 14 | Simply run the following command from terminal: 15 | ``` 16 | wget https://raw.githubusercontent.com/miketabor/unifi-autoinstall/master/install.sh 17 | less install.sh 18 | sudo bash install.sh 19 | ``` 20 | Log into UniFi by going to: **https://SERVER_IP:8443** 21 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #===================================================================================== 4 | # Author: Michael Tabor 5 | # Website: https://miketabor.com 6 | # Description: Script to automate the updating and securing of a Ubuntu server and 7 | # installing the Ubiquiti UniFi controller software. 8 | # 9 | #===================================================================================== 10 | 11 | 12 | # Update apt-get source list and upgrade all packages. 13 | sudo apt-get update && sudo apt-get upgrade -y 14 | 15 | # Install UFW Firewall 16 | sudo apt-get install ufw 17 | 18 | # Allow SSH and UniFi ports on UFW firewall. 19 | sudo ufw allow 22/tcp 20 | sudo ufw allow 8080/tcp 21 | sudo ufw allow 8443/tcp 22 | sudo ufw allow 8843/tcp 23 | sudo ufw allow 8880/tcp 24 | sudo ufw allow 3478/udp 25 | 26 | # Enable UFW firewall. 27 | sudo ufw --force enable 28 | 29 | # Install Java 8 30 | echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | sudo tee /etc/apt/sources.list.d/webupd8team-java.list 31 | echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list.d/webupd8team-java.list 32 | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 33 | sudo apt-get update 34 | echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | debconf-set-selections || abort 35 | apt-get install oracle-java8-installer -y; apt-get install oracle-java8-set-default -y 36 | 37 | # Add Ubiquiti UniFi repo to system source list. 38 | echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list 39 | 40 | # Add Ubiquiti GPG Keys 41 | sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ubnt.com/unifi/unifi-repo.gpg 42 | 43 | # Update source list to include the UniFi repo then install Ubiquiti UniFi. 44 | sudo apt-get update && sudo apt-get install unifi -y 45 | 46 | # Install Fail2Ban 47 | sudo apt-get install fail2ban -y 48 | 49 | # Copy config Fail2ban config files to preserve overwriting changes during Fail2ban upgrades. 50 | sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local 51 | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 52 | 53 | # Create ubiquiti Fail2ban definition and set fail regex. 54 | sudo echo -e '# Fail2Ban filter for Ubiquiti UniFi\n#\n#\n\n[Definition]\nfailregex =^.*Failed .* login .* *\s*$ 55 | ' | sudo tee -a /etc/fail2ban/filter.d/ubiquiti.conf 56 | 57 | # Add ubiquiti JAIL to Fail2ban setting log path and blocking IPs after 3 failed logins within 15 minutes for 1 hour. 58 | sudo echo -e '\n[ubiquiti]\nenabled = true\nfilter = ubiquiti\nlogpath = /usr/lib/unifi/logs/server.log\nmaxretry = 3\nbantime = 3600\nfindtime = 900\nport = 8443\nbanaction = iptables[name=ubiquiti, port=8443, protocol=tcp]' | sudo tee -a /etc/fail2ban/jail.local 59 | 60 | # Restart Fail2ban to apply changes above. 61 | sudo service fail2ban restart 62 | 63 | # https://community.ubnt.com/t5/UniFi-Wireless/IMPORTANT-Debian-Ubuntu-users-MUST-READ-Updated-06-21/m-p/1968252#M233999 64 | # echo "JSVC_EXTRA_OPTS=\"\$JSVC_EXTRA_OPTS -Xss1280k\"" | sudo tee -a /etc/default/unifi 65 | 66 | echo -e '\n\n\n Ubiquiti UniFi Controller Install Complete...!' 67 | echo ' Access controller by going to https://:8443' 68 | --------------------------------------------------------------------------------