I have the unifi container working but I noticed an interesting issue. Everything works just fine as long as 8443 is passed through to the host using docker ports, but when I disable that port it fails to load with a Bad Gateway response from traefik. Traefik is looking at the container over a docker network so it shouldn’t need the port to exist on the host at all. I’m thinking that the unifi container is doing something funny here but I’m not sure. Any thoughts or things I could try to make it work without the extra port would be greatly appreciated.
unifi docker-compose.yml this is an ansible template file
---
services:
unifi-network-application:
image: lscr.io/linuxserver/unifi-network-application:8.4.62
container_name: unifi-network-application
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- MONGO_USER={{ unifi_controller.db_username }}
- MONGO_PASS={{ unifi_controller.db_password }}
- MONGO_HOST=unifi-db
- MONGO_PORT=27017
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
- MEM_LIMIT=1024 #optional
- MEM_STARTUP=1024 #optional
- MONGO_TLS= #optional
volumes:
- unifi_data:/config
ports:
# - 8443:8443 # WebUI ##### This works when this is commented but not when it isn't.
- 3478:3478/udp # STUN
- 10001:10001/udp # AP Discovery
- 8080:8080 # Device communication
- 1900:1900/udp # discoverable on L2 network
# - 8843:8843 # guest portal HTTPS redirect
# - 8880:8880 # guest portal HTTP redirect
# - 6789:6789 # mobile throughput test
- 5514:5514/udp # syslog port
restart: unless-stopped
networks:
- internal
- traefik
unifi-db:
image: docker.io/mongo:7
container_name: unifi-db
environment:
- MONGO_INITDB_ROOT_USERNAME={{ unifi_controller.db_username }}
- MONGO_INITDB_ROOT_PASSWORD={{ unifi_controller.db_password }}
- MONGO_USER={{ unifi_controller.db_username }}
- MONGO_PASS={{ unifi_controller.db_password }}
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
volumes:
- db_data:/data/db
- ./init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
restart: unless-stopped
networks:
- internal
networks:
internal:
traefik:
external: true
volumes:
unifi_data:
driver_opts:
type: "nfs"
o: "addr={{ nfs_server_address }},nolock,soft,rw"
device: ":{{ unifi_controller.nfs_mount_path }}"
db_data:
driver_opts:
type: "nfs"
o: "addr={{ nfs_server_address }},nolock,soft,rw"
device: ":{{ unifi_controller.nfs_db_path }}"
Traefik docker-compose.yml the api key is redacted.
---
services:
traefik:
image: docker.io/traefik:v3.1
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
CLOUDFLARE_DNS_API_TOKEN: ''
volumes:
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
- type: bind
source: ./traefik.yml
target: /etc/traefik/traefik.yml
- type: bind
source: ./configs
target: /etc/traefik/configs
- type: bind
source: ./acme.json
target: /etc/traefik/acme.json
networks:
- traefik
networks:
traefik:
external: true
The traefik dynamic config file for the unifi container service.
---
http:
serversTransports:
ignorecert:
insecureSkipVerify: true
routers:
unifi_controller:
rule: Host(`{{ unifi_controller.url }}`)
tls:
certResolver: letsEncrypt
service: unifi_controller
entryPoints:
- websecure
services:
unifi_controller:
loadBalancer:
serverstransport: ignorecert
servers:
- url: https://unifi-controller:8443