UniFi Controller on Linux with CA certificates

The subject of SSL certificates with UniFi has spawned many threads within the UBNT Community.

 

_.-=%> UniFi Linux Setup with CA SSL Cert <%=-._

 

The distribution of Linux that I am using is Ubuntu 15.04 with ONLY SSH server selected during the installation.  I have also put a static IP address on the server, and only forwarded the appropriate ports through to the server as this will be a centralized UniFi server for about 20 locations.

 

I know you can add repositories and do apt-get, so read that I understand that before commenting to tell me that.

 

Log into your Ubuntu server and run:

 

wget https://www.ubnt.com/downloads/unifi/4.6.6/unifi_sysvinit_all.deb

 

once that completes:

 

sudo dpkg -i unifi_sysvinit_all.deb

 

It will try to install and throw some errors about dependancies.  Do this:

 

sudo apt-get -f install

 

This will install all the dependancies.  Then:

 

sudo dpkg -i unifi_sysvinit_all.deb

 

Once this is done you could browse to https://ip-or-fqdn-of-this-server:8443 and walk through the install

 

OR

 

You can get a CSR (I used ssls.com and got the $5/year SSL cert), get a cert issued, and install the cert:

 

From the command line:

 

cd /usr/lib/unifi

 

sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom “My Company Name” City State CC*

*(cc = 2 letter country code)

 

You will enter your password and then it will create your CSR in /var/lib/unifi

 

Do:  more unifi_certificate.csr.pem

 

Copy and paste the CSR into your SSL provider’s website to request the certificate.  Get your certificate issued (I would tell them I am using apache so they issue all the certs you will need)

 

Once you get your certificate and all the intermediate certs (if required) copy all the .crt files to /usr/lib/unifi and then (in my case):

 

sudo java -jar lib/ace.jar import_cert unifi_mydomain_org.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt

 

Put in your password again and you will see (after a few other lines):

 

Certificates successfuly imported. Please restart the UniFi Controller.

 

Run:  sudo service unifi restart

 

You can now load up the UniFi site and it should be using the CA issued cert instead of the self signed.

Ubiquiti EdgeSwitch 24 – First look.

So when you have facilities connected with Ubiquiti’s 900Mhz NLOS service, and your tough switch starts dying, and Ubiquiti just released their new EdgeSwitches, what do you do?  Well you find out how much the switches are, and let me tell you, Ubiquiti is flooring me again.  $395 for a full layer 3, 24 port, Gigabit, 250W PoE switch….. Only 1 distributor in the US currently has this product in stock and they were able to get it to me quickly.  When I first lifted the box the heft of the switch surprised me.  Physically it appears to be very well built:

 

EdgeSwitch24

 

The default IP address for the switch is 192.168.1.2, so if you aren’t going to do an isolated setup (not plugged into the rest of your network), make sure there aren’t any other devices on that IP address.  The default username and password are both ubnt.  That is just a first look!  Come back for more stories and articles on configuring this awesome switch.

WordPress & Out of control apache2 processes.

Do you use WordPress?  Do you love it as much as I do?  If you don’t…you should!  Even with the best software and servers sometimes not everything works perfectly.  I recently ran into an issue on a brand-spankin-new WordPress site where the entire server would come to a crawl and freeze up.  The only way to get the website back up was to hard power the server off.  TO THE COMMAND LINE!  If you are not familiar with top on Linux  you should become familiar.  Top is a fantastic tool that is included that allows you to watch the processes on your Linux system in real time.  To run top you just type…wait for it:  top

 

Then press enter.  You thought it would be more difficult than that?  When my server was on the verge of crashing this is what I saw in top:

top

That is just a clipping of the apache2 processes that I witnessed killing the server softly.  What you don’t see there is the other couple dozen apache2 processes chewing up the rest of my free resources.  See how long some of the processes had been running and how much memory they were taking up?  I had to dig a bit farther to find EXACTLY what was killing the sever, but using more of those cool Linux tools (did I mention they are free and included??) I am able to do this.

 

In this case I assumed that the same glitch or programming error was causing all the processes to go over the cliff, so I picked one at random and then ran a trace on it using this command line wizardry:

sudo strace -p 5041

Enter your password when prompted and a whole new world will open to you that will show you exactly what that process is doing on your system.  In this case, two plugins on the website were looping and not releasing the apache2 process even after the visitor had left our website.  I called one of the site administrators and asked for the two offending plugins to be disabled.  Once the plugins were disabled I killed ALL apache2 processes (using the kill -9 <pid> command) and restarted apache2 using:  service apache2 restart

 

I then started hammering the site with traffic.  Guess what?  No more zombie or out of control processes:

 

top2

 

What is next you ask?  Zip up the website, backup the SQL and ship it off to the developer to get the plugins fixed.  Once they have it fixed we will be able to re-enable the plugins and life should be normal again.  I hope if you are having problems with your site performance and run into a similar issue, that this was able to help you figure it out!

Google Searching, inurl.

Using advanced Google searching techniques, you can search for specific words or phrases in a URL.  Why would you use this?  Do you have a specific piece of web based software that you run or you are looking to run and want to (more…)

Crafting into the data mine.

You see data mining all over, but what is data mining?  Well, in the most basic form, data mining is connecting to a resource that houses data and pulling out data you want, or “mining” it from the source to create a new set of usable information.  Want to get started in data mining?  Go to Google and enter a search for something you are interested in. Want to get a little fancier?  Go to http://www.google.com/advanced_search and you can search by date, and even just by website.  I will be posting advanced Google searching tutorials soon. The tutorials will show you how to do advanced searches on the standard search form. 

Easy Install of Ubiquiti Networks airVision DVR Software – UPDATED 8/27/15

Check out my video tutorials at http://www.youtube.com/williehowe

 

 

…To upgrade your server to the latest version of airVision available, please scroll to the very end of this page…

 

I will assume for this easy install that you already have Ubuntu 12.04.3 x64 server already install on a virtual machine or on a physical machine.  It is very important that you realize this is a 64 bit application only.  If you try to install this package on a 32 bit system, you will get an error about an unsupported architecture type, and you get this because you can not run 64 bit only applications on a 32 bit operating system.  My server is a vanilla Ubuntu 12.04.3 install with only the SSH option installed during setup. (more…)

Toshiba IPT with Cisco DHCP

***UPDATE***

Option 43 works great with the Toshiba IPEdge system.  The good news for CIX owners with IP phones is that it works there too!  Attached is a sheet from Toshiba that tells you how to setup the option.  I don’t know why Toshiba protects this the way they do, as I would think it would show they want to integrate with multiple vendors.  This came from my Toshiba vendor:

Toshiba IPT Auto Config

 

I’m currently setting up a brand new network that will have a Toshiba IPEdge VoIP system and besides in the Cisco Wireless arena, I haven’t had a chance to use DHCP option 43 on anything until now.  Toshiba’s option 43 configuration is pretty much the same as others, but Toshiba has done a fantastic job of keeping any configuration examples off the Internet. (more…)

Road to the CCNP….

This year has some exciting things in store for me.  We are moving our offices and I am building out an entirely new core network., making some security updates where it makes sense and deploying a new VoIP system.  After that I will turn my attention to removing old web servers and buckling down on PCI 3.0, and obtaining my CCNP certification.   (more…)

Public WiFi Locations

Not easily being able to find public WiFi hotspots can get frustrating.  I have decided to keep and maintain a list of hotspots in Peoria County.  To view the current list go here:  Public WiFi Hotspots or to submit a new location to be verified, go here: Contact Me.