├── Dockerfile ├── README.md ├── config.json └── init /Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # UniFi Protect Dockerfile 3 | # Copyright (C) 2019 James T. Lee 4 | # 5 | 6 | FROM ubuntu:18.04 7 | 8 | # Install build tools 9 | RUN apt-get update \ 10 | && apt-get install -y wget 11 | 12 | # Install unifi-protect and its dependencies 13 | RUN wget --progress=dot:mega https://apt.ubnt.com/pool/beta/u/unifi-protect/unifi-protect.jessie~stretch~xenial~bionic_amd64.v1.12.5.deb -O unifi-protect.deb \ 14 | && apt install -y ./unifi-protect.deb \ 15 | && rm -f unifi-protect.deb 16 | 17 | # Cleanup 18 | RUN apt-get remove --purge --auto-remove -y wget \ 19 | && rm -rf /var/cache/apt/lists/* 20 | 21 | # Initialize based on /usr/share/unifi-protect/app/hooks/pre-start 22 | RUN pg_ctlcluster 10 main start \ 23 | && su postgres -c 'createuser unifi-protect -d' \ 24 | && pg_ctlcluster 10 main stop \ 25 | && ln -s /srv/unifi-protect/logs /var/log/unifi-protect \ 26 | && mkdir /srv/unifi-protect /srv/unifi-protect/backups /var/run/unifi-protect \ 27 | && chown unifi-protect:unifi-protect /srv/unifi-protect /srv/unifi-protect/backups /var/run/unifi-protect \ 28 | && ln -s /tmp /srv/unifi-protect/temp 29 | 30 | # Configure 31 | COPY config.json /etc/unifi-protect/config.json 32 | 33 | # Supply simple script to run postgres and unifi-protect 34 | COPY init /init 35 | CMD ["/init"] 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # UniFi Protect for Docker (x86_64) 2 | 3 | This build delivers a not-yet-documented installation of UniFi Protect for 4 | x86_64. Normally it is only available for the Cloud Key Gen2. 5 | 6 | This image is modeled after my 7 | [other](https://github.com/iamjamestl/docker-unifi) 8 | [images](https://github.com/iamjamestl/docker-unifi-video) which eliminate 9 | complicated port and user mapping by expecting to be attached directly to your 10 | network and using named volumes. 11 | 12 | **WARNING**: This is a wholly unsupported build and it may stop working at any 13 | time depending on where Ubiquiti takes things. Use at your own risk. 14 | 15 | ## Usage 16 | 17 | ### Host Configuration 18 | 19 | This image should work out-of-the-box on a Linux x86_64 Docker host. 20 | 21 | ### Network 22 | 23 | Create a Docker interface to your video network. Suppose your video network is 24 | on VLAN 100 with subnet 192.168.100.0/24 and accessible via the host interface 25 | eth0. Run the following: 26 | 27 | ``` 28 | docker network create \ 29 | --driver macvlan \ 30 | --subnet 192.168.100.0/24 \ 31 | --gateway 192.168.100.1 \ 32 | --opt parent=eth0.100 \ 33 | video 34 | ``` 35 | 36 | ### Storage 37 | 38 | To ensure your UniFi Protect configs and recordings persist across restarts, 39 | prepare a Docker volume to map into the container. Do not simply map a host 40 | directory into the container! Docker won't initialize it properly and UniFi 41 | Protect almost certainly won't have permission to write to it. 42 | 43 | ``` 44 | docker volume create unifi-protect 45 | docker volume create unifi-protect-postgresql 46 | ``` 47 | 48 | On a typical Docker installation, you will have access to this volume from the 49 | host at `/var/lib/docker/volumes/unifi-protect/_data`. 50 | 51 | Optionally, if you want to store the bulk video data on a larger device, create 52 | the volume like: 53 | 54 | ``` 55 | docker volume create -o type=none -o o=bind -o device=/path/to/some/empty/dir unifi-protect 56 | ``` 57 | 58 | ### Execution 59 | 60 | Finally, run the container as follows: 61 | 62 | ``` 63 | docker run \ 64 | --name unifi-protect \ 65 | --net video \ 66 | --ip 192.168.100.2 \ 67 | -v unifi-protect:/srv/unifi-protect \ 68 | -v unifi-protect-postgresql:/var/lib/postgresql \ 69 | --tmpfs /tmp \ 70 | iamjamestl/unifi-protect 71 | ``` 72 | 73 | After a minute or so for the service to start, visit 74 | `http://:7080/`. 75 | 76 | ### Tips 77 | 78 | The container must have outbound access to the internet. UniFi Protect employs 79 | STUN to poke a holes in your NAT. Firewalls like pfSense can break STUN by 80 | using different UDP ports on either side of the NAT. Create a static port rule 81 | for the UniFi Protect container to work around this. Instructions for pfSense 82 | can be found at 83 | https://docs.netgate.com/pfsense/en/latest/nat/static-port.html. 84 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "backupPaths": [ 3 | "/srv/unifi-protect/backups" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # UniFi Protect Docker Init 4 | # Copyright (C) 2019 James T. Lee 5 | # 6 | # Starts the unifi-protect service and its database 7 | # 8 | 9 | pg_ctlcluster 10 main start 10 | trap 'pkill node' TERM 11 | unifi-protect 12 | pg_ctlcluster 10 main stop 13 | --------------------------------------------------------------------------------