UniFi Network Application

Description / name	Input element
Your domain name

Overview

UniFi Network Application is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance.

Manual

Releases

Community

---

Warning

This role is a replacement for the previous Unifi Controller role. This is not an in-place replacement. In order to migrate, you must perform a full backup from the Unifi web interface, and restore from that backup when running the setup wizard in a fresh instance of the Unifi Network Application. You must rename/remove the previous appdata from /opt/unifi before deploying the Unifi Network Application role.

Deployment

sb install sandbox-unifi-network-application

Usage

Visit https://unifi.iYOUR_DOMAIN_NAMEi.

Basics

1. Visit the Unifi Network Application site at https://unifi.iYOUR_DOMAIN_NAMEi

2. For Unifi to adopt other devices, e.g. an Access Point, it is required to change the inform IP address. Because Unifi runs inside Docker by default it uses an IP address not accessible by other devices. To change this go to Settings > System Settings > Controller Configuration and set the Controller Hostname/IP to a hostname or IP address accessible by your devices. Additionally the checkbox "Override inform host with controller hostname/IP" has to be checked, so that devices can connect to the controller during adoption (devices use the inform-endpoint during adoption).

In order to manually adopt a device take these steps:

ssh ubnt@$AP-IP
set-inform http://$address:8080/inform

The default device password is ubnt. $address is the IP address of the host you are running this container on and $AP-IP is the Access Point IP address.

When using a Security Gateway (router) it could be that network connected devices are unable to obtain an ip address. This can be fixed by setting "DHCP Gateway IP", under Settings > Networks > network_name, to a correct (and accessible) ip address.

• Documentation: Unifi Net App Docs

Note

📢 The default setup only publish the 8080 tcp port, which is the bare minimum to allow communication between your network equipment and Unifi Network Application. Depending on your requirements, you may need additional ports according to the Documentation .

The recommended way to customize these parameters is to use the inventory.

Edit /srv/git/saltbox/inventories/host_vars/localhost.yml and add the following section:

### Open Specified Ports for the specified container ###
##### Unifi Ports for aditional services #####
unifi_network_application_docker_ports_custom:
  - "1900:1900/udp" #Required for Make controller discoverable on L2 network option
  - "8843:8843/tcp" #Unifi guest portal HTTPS redirect port
  - "8880:8880/tcp" #Unifi guest portal HTTP redirect port
  - "6789:6789/tcp" #For mobile throughput test
  - "5514:5514/udp" #Remote syslog port

Role Defaults

Use the Inventory to customize variables. (1)

1. Example override

   unifi_network_application_name: "custom_value"
   

   Avoid overriding variables ending in _default

   When overriding variables that end in _default (like unifi_network_application_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.

   Instead, use the corresponding _custom variable (like unifi_network_application_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.

BasicsSettingsWebDNSTraefikDockerDocker+Global Override Options

unifi_network_application_name

# Type: string
unifi_network_application_name: unifi

unifi_network_application_mongo_user

# Type: string
unifi_network_application_mongo_user: "unifi"

unifi_network_application_mongo_pass

# Type: string
unifi_network_application_mongo_pass: "password4321"

unifi_network_application_mongo_port

# Type: string
unifi_network_application_mongo_port: "27017"

unifi_network_application_mongo_dbname

# Type: string
unifi_network_application_mongo_dbname: "unifi"

unifi_network_application_role_web_subdomain

# Type: string
unifi_network_application_role_web_subdomain: "{{ unifi_network_application_name }}"

unifi_network_application_role_web_domain

# Type: string
unifi_network_application_role_web_domain: "{{ user.domain }}"

unifi_network_application_role_web_port

# Type: string
unifi_network_application_role_web_port: "8443"

unifi_network_application_role_web_scheme

# Type: string
unifi_network_application_role_web_scheme: "https"

unifi_network_application_role_web_serverstransport

# Type: string
unifi_network_application_role_web_serverstransport: "skipverify@file"

unifi_network_application_role_web_url

# Type: string
unifi_network_application_role_web_url: "{{ 'https://' + (unifi_network_application_role_web_subdomain + '.' + unifi_network_application_role_web_domain
                                         if (unifi_network_application_role_web_subdomain | length > 0)
                                         else unifi_network_application_role_web_domain) }}"

unifi_network_application_role_dns_record

# Type: string
unifi_network_application_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='unifi_network_application') }}"

unifi_network_application_role_dns_zone

# Type: string
unifi_network_application_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='unifi_network_application') }}"

unifi_network_application_role_dns_proxy

# Type: bool (true/false)
unifi_network_application_role_dns_proxy: "{{ dns_proxied }}"

unifi_network_application_role_traefik_sso_middleware

# Type: string
unifi_network_application_role_traefik_sso_middleware: ""

unifi_network_application_role_traefik_middleware_default

# Type: string
unifi_network_application_role_traefik_middleware_default: "{{ traefik_default_middleware }}"

unifi_network_application_role_traefik_middleware_custom

# Type: string
unifi_network_application_role_traefik_middleware_custom: ""

unifi_network_application_role_traefik_certresolver

# Type: string
unifi_network_application_role_traefik_certresolver: "{{ traefik_default_certresolver }}"

unifi_network_application_role_traefik_enabled

# Type: bool (true/false)
unifi_network_application_role_traefik_enabled: true

unifi_network_application_role_traefik_api_enabled

# Type: bool (true/false)
unifi_network_application_role_traefik_api_enabled: false

unifi_network_application_role_traefik_api_endpoint

# Type: string
unifi_network_application_role_traefik_api_endpoint: ""

Container

unifi_network_application_role_docker_container

# Type: string
unifi_network_application_role_docker_container: "{{ unifi_network_application_name }}"

Image

unifi_network_application_role_docker_image_pull

# Type: bool (true/false)
unifi_network_application_role_docker_image_pull: true

unifi_network_application_role_docker_image_tag

# Type: string
unifi_network_application_role_docker_image_tag: "latest"

unifi_network_application_role_docker_image_repo

# Type: string
unifi_network_application_role_docker_image_repo: "lscr.io/linuxserver/unifi-network-application"

unifi_network_application_role_docker_image

# Type: string
unifi_network_application_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='unifi_network_application') }}:{{ lookup('role_var', '_docker_image_tag', role='unifi_network_application') }}"

Ports

unifi_network_application_role_docker_ports_default

# Type: list
unifi_network_application_role_docker_ports_default:
  - "8080:8080/tcp"
  - "3478:3478/udp"
  - "10001:10001/udp"

unifi_network_application_role_docker_ports_custom

# Type: list
unifi_network_application_role_docker_ports_custom: []

Envs

unifi_network_application_role_docker_envs_default

# Type: dict
unifi_network_application_role_docker_envs_default:
  PUID: "{{ uid }}"
  PGID: "{{ gid }}"
  TZ: "{{ tz }}"
  MONGO_USER: "{{ unifi_network_application_mongo_user }}"
  MONGO_PASS: "{{ unifi_network_application_mongo_pass }}"
  MONGO_HOST: "{{ unifi_network_application_name }}-mongo"
  MONGO_PORT: "{{ unifi_network_application_mongo_port }}"
  MONGO_DBNAME: "{{ unifi_network_application_mongo_dbname }}"

unifi_network_application_role_docker_envs_custom

# Type: dict
unifi_network_application_role_docker_envs_custom: {}

Volumes

unifi_network_application_role_docker_volumes_default

# Type: list
unifi_network_application_role_docker_volumes_default:
  - "{{ unifi_network_application_role_paths_location }}:/config"

unifi_network_application_role_docker_volumes_custom

# Type: list
unifi_network_application_role_docker_volumes_custom: []

Hostname

unifi_network_application_role_docker_hostname

# Type: string
unifi_network_application_role_docker_hostname: "{{ unifi_network_application_name }}"

Networks

unifi_network_application_role_docker_networks_alias

# Type: string
unifi_network_application_role_docker_networks_alias: "{{ unifi_network_application_name }}"

unifi_network_application_role_docker_networks_default

# Type: list
unifi_network_application_role_docker_networks_default: []

unifi_network_application_role_docker_networks_custom

# Type: list
unifi_network_application_role_docker_networks_custom: []

Restart Policy

unifi_network_application_role_docker_restart_policy

# Type: string
unifi_network_application_role_docker_restart_policy: unless-stopped

State

unifi_network_application_role_docker_state

# Type: string
unifi_network_application_role_docker_state: started

Dependencies

unifi_network_application_role_depends_on

# Type: string
unifi_network_application_role_depends_on: "{{ unifi_network_application_name }}-mongo"

unifi_network_application_role_depends_on_delay

# Type: string (quoted number)
unifi_network_application_role_depends_on_delay: "0"

unifi_network_application_role_depends_on_healthchecks

# Type: string ("true"/"false")
unifi_network_application_role_depends_on_healthchecks: "false"

The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module

Resource Limits

unifi_network_application_role_docker_blkio_weight

# Type: int
unifi_network_application_role_docker_blkio_weight:

unifi_network_application_role_docker_cpu_period

# Type: int
unifi_network_application_role_docker_cpu_period:

unifi_network_application_role_docker_cpu_quota

# Type: int
unifi_network_application_role_docker_cpu_quota:

unifi_network_application_role_docker_cpu_shares

# Type: int
unifi_network_application_role_docker_cpu_shares:

unifi_network_application_role_docker_cpus

# Type: string
unifi_network_application_role_docker_cpus:

unifi_network_application_role_docker_cpuset_cpus

# Type: string
unifi_network_application_role_docker_cpuset_cpus:

unifi_network_application_role_docker_cpuset_mems

# Type: string
unifi_network_application_role_docker_cpuset_mems:

unifi_network_application_role_docker_kernel_memory

# Type: string
unifi_network_application_role_docker_kernel_memory:

unifi_network_application_role_docker_memory

# Type: string
unifi_network_application_role_docker_memory:

unifi_network_application_role_docker_memory_reservation

# Type: string
unifi_network_application_role_docker_memory_reservation:

unifi_network_application_role_docker_memory_swap

# Type: string
unifi_network_application_role_docker_memory_swap:

unifi_network_application_role_docker_memory_swappiness

# Type: int
unifi_network_application_role_docker_memory_swappiness:

unifi_network_application_role_docker_shm_size

# Type: string
unifi_network_application_role_docker_shm_size:

Security & Devices

unifi_network_application_role_docker_cap_drop

# Type: list
unifi_network_application_role_docker_cap_drop:

unifi_network_application_role_docker_cgroupns_mode

# Type: string
unifi_network_application_role_docker_cgroupns_mode:

unifi_network_application_role_docker_device_cgroup_rules

# Type: list
unifi_network_application_role_docker_device_cgroup_rules:

unifi_network_application_role_docker_device_read_bps

# Type: list
unifi_network_application_role_docker_device_read_bps:

unifi_network_application_role_docker_device_read_iops

# Type: list
unifi_network_application_role_docker_device_read_iops:

unifi_network_application_role_docker_device_requests

# Type: list
unifi_network_application_role_docker_device_requests:

unifi_network_application_role_docker_device_write_bps

# Type: list
unifi_network_application_role_docker_device_write_bps:

unifi_network_application_role_docker_device_write_iops

# Type: list
unifi_network_application_role_docker_device_write_iops:

unifi_network_application_role_docker_devices

# Type: list
unifi_network_application_role_docker_devices:

unifi_network_application_role_docker_devices_default

# Type: string
unifi_network_application_role_docker_devices_default:

unifi_network_application_role_docker_groups

# Type: list
unifi_network_application_role_docker_groups:

unifi_network_application_role_docker_privileged

# Type: bool (true/false)
unifi_network_application_role_docker_privileged:

unifi_network_application_role_docker_security_opts

# Type: list
unifi_network_application_role_docker_security_opts:

unifi_network_application_role_docker_user

# Type: string
unifi_network_application_role_docker_user:

unifi_network_application_role_docker_userns_mode

# Type: string
unifi_network_application_role_docker_userns_mode:

Networking

unifi_network_application_role_docker_dns_opts

# Type: list
unifi_network_application_role_docker_dns_opts:

unifi_network_application_role_docker_dns_search_domains

# Type: list
unifi_network_application_role_docker_dns_search_domains:

unifi_network_application_role_docker_dns_servers

# Type: list
unifi_network_application_role_docker_dns_servers:

unifi_network_application_role_docker_domainname

# Type: string
unifi_network_application_role_docker_domainname:

unifi_network_application_role_docker_exposed_ports

# Type: list
unifi_network_application_role_docker_exposed_ports:

unifi_network_application_role_docker_hosts

# Type: dict
unifi_network_application_role_docker_hosts:

unifi_network_application_role_docker_hosts_use_common

# Type: bool (true/false)
unifi_network_application_role_docker_hosts_use_common:

unifi_network_application_role_docker_ipc_mode

# Type: string
unifi_network_application_role_docker_ipc_mode:

unifi_network_application_role_docker_links

# Type: list
unifi_network_application_role_docker_links:

unifi_network_application_role_docker_network_mode

# Type: string
unifi_network_application_role_docker_network_mode:

unifi_network_application_role_docker_pid_mode

# Type: string
unifi_network_application_role_docker_pid_mode:

unifi_network_application_role_docker_uts

# Type: string
unifi_network_application_role_docker_uts:

Storage

unifi_network_application_role_docker_keep_volumes

# Type: bool (true/false)
unifi_network_application_role_docker_keep_volumes:

unifi_network_application_role_docker_mounts

# Type: list
unifi_network_application_role_docker_mounts:

unifi_network_application_role_docker_storage_opts

# Type: dict
unifi_network_application_role_docker_storage_opts:

unifi_network_application_role_docker_tmpfs

# Type: list
unifi_network_application_role_docker_tmpfs:

unifi_network_application_role_docker_volume_driver

# Type: string
unifi_network_application_role_docker_volume_driver:

unifi_network_application_role_docker_volumes_from

# Type: list
unifi_network_application_role_docker_volumes_from:

unifi_network_application_role_docker_volumes_global

# Type: bool (true/false)
unifi_network_application_role_docker_volumes_global:

unifi_network_application_role_docker_working_dir

# Type: string
unifi_network_application_role_docker_working_dir:

Monitoring & Lifecycle

unifi_network_application_role_docker_auto_remove

# Type: bool (true/false)
unifi_network_application_role_docker_auto_remove:

unifi_network_application_role_docker_cleanup

# Type: bool (true/false)
unifi_network_application_role_docker_cleanup:

unifi_network_application_role_docker_force_kill

# Type: string
unifi_network_application_role_docker_force_kill:

unifi_network_application_role_docker_healthcheck

# Type: dict
unifi_network_application_role_docker_healthcheck:

unifi_network_application_role_docker_healthy_wait_timeout

# Type: int
unifi_network_application_role_docker_healthy_wait_timeout:

unifi_network_application_role_docker_init

# Type: bool (true/false)
unifi_network_application_role_docker_init:

unifi_network_application_role_docker_kill_signal

# Type: string
unifi_network_application_role_docker_kill_signal:

unifi_network_application_role_docker_log_driver

# Type: string
unifi_network_application_role_docker_log_driver:

unifi_network_application_role_docker_log_options

# Type: dict
unifi_network_application_role_docker_log_options:

unifi_network_application_role_docker_oom_killer

# Type: bool (true/false)
unifi_network_application_role_docker_oom_killer:

unifi_network_application_role_docker_oom_score_adj

# Type: int
unifi_network_application_role_docker_oom_score_adj:

unifi_network_application_role_docker_output_logs

# Type: bool (true/false)
unifi_network_application_role_docker_output_logs:

unifi_network_application_role_docker_paused

# Type: bool (true/false)
unifi_network_application_role_docker_paused:

unifi_network_application_role_docker_recreate

# Type: bool (true/false)
unifi_network_application_role_docker_recreate:

unifi_network_application_role_docker_restart_retries

# Type: int
unifi_network_application_role_docker_restart_retries:

unifi_network_application_role_docker_stop_timeout

# Type: int
unifi_network_application_role_docker_stop_timeout:

Other Options

unifi_network_application_role_docker_capabilities

# Type: list
unifi_network_application_role_docker_capabilities:

unifi_network_application_role_docker_cgroup_parent

# Type: string
unifi_network_application_role_docker_cgroup_parent:

unifi_network_application_role_docker_commands

# Type: list
unifi_network_application_role_docker_commands:

unifi_network_application_role_docker_create_timeout

# Type: int
unifi_network_application_role_docker_create_timeout:

unifi_network_application_role_docker_entrypoint

# Type: string
unifi_network_application_role_docker_entrypoint:

unifi_network_application_role_docker_env_file

# Type: string
unifi_network_application_role_docker_env_file:

unifi_network_application_role_docker_labels

# Type: dict
unifi_network_application_role_docker_labels:

unifi_network_application_role_docker_labels_use_common

# Type: bool (true/false)
unifi_network_application_role_docker_labels_use_common:

unifi_network_application_role_docker_read_only

# Type: bool (true/false)
unifi_network_application_role_docker_read_only:

unifi_network_application_role_docker_runtime

# Type: string
unifi_network_application_role_docker_runtime:

unifi_network_application_role_docker_sysctls

# Type: list
unifi_network_application_role_docker_sysctls:

unifi_network_application_role_docker_ulimits

# Type: list
unifi_network_application_role_docker_ulimits:

unifi_network_application_role_autoheal_enabled

# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
unifi_network_application_role_autoheal_enabled: true

unifi_network_application_role_depends_on

# List of container dependencies that must be running before the container start
# Type: string
unifi_network_application_role_depends_on: ""

unifi_network_application_role_depends_on_delay

# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
unifi_network_application_role_depends_on_delay: "0"

unifi_network_application_role_depends_on_healthchecks

# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
unifi_network_application_role_depends_on_healthchecks:

unifi_network_application_role_diun_enabled

# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
unifi_network_application_role_diun_enabled: true

unifi_network_application_role_dns_enabled

# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
unifi_network_application_role_dns_enabled: true

unifi_network_application_role_docker_controller

# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
unifi_network_application_role_docker_controller: true

unifi_network_application_role_docker_image_repo

# Type: string
unifi_network_application_role_docker_image_repo:

unifi_network_application_role_docker_image_tag

# Type: string
unifi_network_application_role_docker_image_tag:

unifi_network_application_role_docker_volumes_download

# Type: bool (true/false)
unifi_network_application_role_docker_volumes_download:

unifi_network_application_role_themepark_addons

# Type: string
unifi_network_application_role_themepark_addons:

unifi_network_application_role_themepark_app

# Type: string
unifi_network_application_role_themepark_app:

unifi_network_application_role_themepark_theme

# Type: string
unifi_network_application_role_themepark_theme:

unifi_network_application_role_traefik_api_endpoint

# Type: dict/omit
unifi_network_application_role_traefik_api_endpoint:

unifi_network_application_role_traefik_api_middleware

# Type: string
unifi_network_application_role_traefik_api_middleware:

unifi_network_application_role_traefik_api_middleware_http

# Type: string
unifi_network_application_role_traefik_api_middleware_http:

unifi_network_application_role_traefik_autodetect_enabled

# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_autodetect_enabled: false

unifi_network_application_role_traefik_certresolver

# Type: string
unifi_network_application_role_traefik_certresolver:

unifi_network_application_role_traefik_crowdsec_enabled

# Enable CrowdSec middleware for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_crowdsec_enabled: false

unifi_network_application_role_traefik_error_pages_enabled

# Enable custom error pages middleware for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_error_pages_enabled: false

unifi_network_application_role_traefik_gzip_enabled

# Enable gzip compression middleware for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_gzip_enabled: false

unifi_network_application_role_traefik_middleware_http

# Type: string
unifi_network_application_role_traefik_middleware_http:

unifi_network_application_role_traefik_middleware_http_api_insecure

# Type: bool (true/false)
unifi_network_application_role_traefik_middleware_http_api_insecure:

unifi_network_application_role_traefik_middleware_http_insecure

# Type: bool (true/false)
unifi_network_application_role_traefik_middleware_http_insecure:

unifi_network_application_role_traefik_priority

# Type: string
unifi_network_application_role_traefik_priority:

unifi_network_application_role_traefik_robot_enabled

# Enable robots.txt middleware for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_robot_enabled: true

unifi_network_application_role_traefik_tailscale_enabled

# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_tailscale_enabled: false

unifi_network_application_role_traefik_wildcard_enabled

# Enable wildcard certificate for the container
# Type: bool (true/false)
unifi_network_application_role_traefik_wildcard_enabled: true

unifi_network_application_role_web_domain

# Type: string
unifi_network_application_role_web_domain:

unifi_network_application_role_web_fqdn_override

# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
unifi_network_application_role_web_fqdn_override:

Example Override

unifi_network_application_role_web_fqdn_override:
  - "{{ traefik_host }}"
  - "unifi_network_application2.{{ user.domain }}"
  - "unifi_network_application.otherdomain.tld"

Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries

unifi_network_application_role_web_host_override

# Override the Traefik web host configuration for the container
# Type: string
unifi_network_application_role_web_host_override:

Example Override

unifi_network_application_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'unifi_network_application2.' + user.domain }}`)"

Note: Use {{ traefik_host }} to include the default host configuration in your custom rule

unifi_network_application_role_web_http_port

# Type: string (quoted number)
unifi_network_application_role_web_http_port:

unifi_network_application_role_web_http_scheme

# Type: string ("http"/"https")
unifi_network_application_role_web_http_scheme:

unifi_network_application_role_web_http_serverstransport

# Type: dict/omit
unifi_network_application_role_web_http_serverstransport:

unifi_network_application_role_web_scheme

# URL scheme to use for web access to the container
# Type: string ("http"/"https")
unifi_network_application_role_web_scheme:

unifi_network_application_role_web_serverstransport

# Type: dict/omit
unifi_network_application_role_web_serverstransport:

unifi_network_application_role_web_subdomain

# Type: string
unifi_network_application_role_web_subdomain: