unifi-docker
unifi-docker copied to clipboard
Certs import flawed, no import of new certs during runtime
Hey guys! After setting up the system and playing around a bit (everything seems fine, incl. SSL certificate by Let's Encrypt) I went to test the emergency case. Deleted everything (docker-compose down -v --rmi all --remove-orphans
) and restored as if I migrated to a new host.
The containers came back up and I was able to restore an autobackup. So far perfect. Sadly the previously provided certificate is not used anymore. I am back at the snakeoil certificate.
In the logs I can find:
controller_1 | [2019-06-09 18:05:56,743] <docker-entrypoint> Cert has not changed, not updating controller.
Assumption/Question: After checking the sourcecode of the import_cert script I realize that I could have deleted the md5 file to solve the "bug" on my system.
Please be aware that I changed the default docker-compose.yml
to mount the certs folder locally, see below.
To summarize: This seems to be a functional bug. The cert file shouldn't only be checked against the md5 but also against the internal cert. Is there any reason to doing the md5 check instead of always importing the cert? What if the md5 file existed from another source?
All the best!
Host operating system
Ubuntu
What tag are you using
latest (UniFi 5.10.24)
Complete docker-compose.yml
Note: Pay attention to the local mount of cert
, might be related.
version: '2.2'
services:
mongo:
image: mongo:3.4
networks:
- unifi
restart: always
volumes:
- db:/data/db
controller:
image: "jacobalberty/unifi:${TAG:-latest}"
depends_on:
- mongo
init: true
networks:
- unifi
restart: always
volumes:
- data:/unifi/data
- log:/unifi/log
#- cert:/unifi/cert
- ./cert/:/unifi/cert/
- init:/unifi/init.d
- ./backup/:/unifi/data/backup/
environment:
DB_URI: mongodb://mongo/unifi
STATDB_URI: mongodb://mongo/unifi_stat
DB_NAME: unifi
TZ: "Europe/Berlin"
RUNAS_UID0: "false"
ports:
- "3478:3478/udp" # STUN
- "6789:6789/tcp" # Speed test
- "8080:8080/tcp" # Device/ controller comm.
- "443:8443/tcp" # Controller GUI/API as seen in a web browser
- "8880:8880/tcp" # HTTP portal redirection
- "8843:8843/tcp" # HTTPS portal redirection
- "10001:10001/udp" # AP discovery
logs:
image: bash
depends_on:
- controller
command: bash -c 'tail -f /unifi/log/*.log'
restart: always
volumes:
- log:/unifi/log
volumes:
db:
data:
log:
#cert:
init:
networks:
unifi: