Ubiquiti UniFi Controller in a Docker container. Features include:
- As small as possible and as large as necessary.
FROMdebian:9-slim- Uses Træfik with Let's Encrypt to provide HTTPS for both the Controller interface and the builtin Captive Portal.
- Allows reuse of an existing Træfik configuration instead of a dedicated UniFi controller host.
-
7.1.68 (latest) → Release Notice 7.1.68
docker pull aptplatforms/unifi:7.1.68
-
6.5.55 → Release Notice 6.5.55
docker pull aptplatforms/unifi:6.5.55
If you have a firewall, unblock the following ports, according to your needs :
| Service | Container | Protocol | Port | Description |
|---|---|---|---|---|
| unifi.http.port | unifi | TCP | 8080 | UAP Inform port. Open to wherever your UniFi devices are installed. |
| STUN | unifi | TCP | 3478 | Session Traversal Utilities for NAT. Open to wherever your UniFi devices are installed. |
| HTTP | Træfik | TCP | 80 | Open to 0.0.0.0/0 for Let's Encrypt |
| HTTPS | Træfik | TCP | 443 | Open to 0.0.0.0/0 for Let's Encrypt |
A correct DNS setup is required. The Træfik configuration relies on forward DNS lookups (from the Host header) to correctly resolve each service. Since we're running all services on the same host, we need the same IP address for each.
You can use A records like this :
| Hostname | Class | Type | Priority | Value |
|---|---|---|---|---|
| unifi | IN | A | any | 1.2.3.4 |
| portal | IN | A | any | 1.2.3.4 |
| traefik | IN | A | any | 1.2.3.4 |
Or you can use CNAME records like this :
| Hostname | Class | Type | Priority | Value |
|---|---|---|---|---|
| unifi | IN | A | any | 1.2.3.4 |
| portal | IN | CNAME | any | unifi.example.com. |
| traefik | IN | CNAME | any | unifi.example.com. |
💡 The reverse proxy used in this setup is Træfik, but you can use the solution of your choice (Nginx, Apache, Haproxy, Caddy, H2O...etc).
# Create a new docker network for Traefik (IPv4 only)
docker network create public_network
# Create the required folders and files
mkdir -p traefik/acme unifi/backup \
&& curl https://raw.githubusercontent.com/APTPlatforms/docker-unifi/master/docker-compose.sample.yml -o docker-compose.yml \
&& curl https://raw.githubusercontent.com/APTPlatforms/docker-unifi/master/sample.env -o .env \
&& curl https://raw.githubusercontent.com/APTPlatforms/docker-unifi/master/traefik.sample.toml -o traefik/traefik.toml \
&& touch traefik/acme/acme.json \
&& chmod 00600 docker-compose.yml .env traefik/traefik.toml traefik/acme/acme.jsonEdit docker-compose.yml and .env and traefik.toml, adapt to your needs.
Start all services.
docker-compose up -dVisit https://traefik.example.com/ to see the Træfik dashboard.
- Visit https://unifi.example.com/ to login to your controller.
- After configuring standard controller settings, set:
Guest Control→Guest Portal→Enable Guest Portal = True.Guest Control→Redirection→Use Secure Portal = True.Guest Control→Redirection→Redirect using hostname = portal.example.com.