Unifi-controller does not connect to the internet (I'm new to docker and unifi too)

Hi,
so I’m new to the world of docker and also new to the unifi networking, actually I’m new to all sys-stuff / selfhosting (I’m a php developer). But I’m trying to learn.

A week ago i succesfully deployed the unifi-controller docker, and everything was going ok. Today I decided to format my pc (centos 7) and install centos 8.

So after that i just installed docker and tried to deploy with the same docker file (and the config folder that i copied before formatting ).
the docker was sucessfully deployed and i can access from a pc in the same lan ( on port 8443 ) but I’ve seen in the log that the controller doesn’t have access to the web, so for example SSO is not working and i can’t use my ipad with the unifi app to control my unifi network.

I’ve tryed to log in the controller bash with this command:
docker exec -it unifi-controller /bin/bash

and i’ve tryed to wget google.com and it didn’t worked.

so, can someone help me?

Thanks to all

share your docker run command or docker compose.

however, the issue is probably centos, docker relies on iptables, and RHEL derivs use firewalld which causes some issues, iirc.

my compose file:

version: "2"
services:
    unifi-controller:
        image: linuxserver/unifi-controller
        container_name: unifi-controller
        environment:
          - PUID=983
          - PGID=976
          - MEM_LIMIT=1024M #optional
        volumes:
          - /mnt/sdb1/unifi:/config
        ports:
          - 3478:3478/udp
          - 10001:10001/udp
          - 8083:8083
          - 8081:8081
          - 8443:8443
          - 8843:8843
          - 8880:8880
          - 6789:6789
        restart: unless-stopped

I’ve tried to open the port with firewall-cmd (i think it wasn’t necessary):

 sudo firewall-cmd --zone=public --add-port=3478/udp --permanent
 sudo firewall-cmd --zone=public --add-port=10001/udp --permanent
 sudo firewall-cmd --zone=public --add-port=8081/tcp --permanent
 sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent
 sudo firewall-cmd --zone=public --add-port=8880/tcp --permanent
 sudo firewall-cmd --zone=public --add-port=6789/tcp --permanent

And i have disabled (not permanently) the SELinux

Edit:
My /etc/resolv.conf:

search lan local
nameserver 127.0.0.11
options ndots:0

I think it’s wrong, but if I edit this fil in the next reboot I will lose my modifications??

The resolv file in the host was correct with my gateway ip (192.168.1.254)

My host ifconig:

br-7779e4c8b7fe:
    flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 172.25.0.1  netmask 255.255.0.0  broadcast 172.25.255.255
    inet6 fe80::42:1dff:fece:6581  prefixlen 64  scopeid 0x20<link>
    ether 02:42:1d:ce:65:81  txqueuelen 0  (Ethernet)
    RX packets 466470  bytes 438809912 (418.4 MiB)
    RX errors 0  dropped 7  overruns 0  frame 0
    TX packets 110988  bytes 18830882 (17.9 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
    inet6 fe80::42:ccff:fe74:4a35  prefixlen 64  scopeid 0x20<link>
    ether 02:42:cc:74:4a:35  txqueuelen 0  (Ethernet)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 12  bytes 1056 (1.0 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.1.220  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 2001:b07:5d26:3c94:f38a:1a83:cbb4:6233  prefixlen 64  scopeid 0x0<global>
    inet6 fe80::cb74:495:bcc9:8a1  prefixlen 64  scopeid 0x20<link>
    ether 00:e0:4c:68:70:02  txqueuelen 1000  (Ethernet)
    RX packets 466470  bytes 438809912 (418.4 MiB)
    RX errors 0  dropped 7  overruns 0  frame 0
    TX packets 110989  bytes 18831508 (17.9 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Edit 2:
With the following code I resolved my problem

firewall-cmd --zone=public --add-masquerade --permanent

great work, i was going to say you’re missing the nat table rules and you knocked it out!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.