Unifi Controller on Google Cloud Platform (GCP)

Introduction: Unifi Controller on Google Cloud Platform (GCP)

Ubiquity's Unifi Controller allows for web management of their Unifi products including wireless access points, routers, and switches. They have an excellent guide for setting up the controller on Amazon AWS using the free tier that gives a free VM for 12 months. Once the year is up, you must pay to continue using the VM.

Install a UniFi Cloud Controller on Amazon Web Services

Google Cloud Platform (GCP) also offers a free tier with a free micro VM forever with similar specs to the Amazon offer. The purpose of this guide is to document the steps to setup a Unifi Controller in GCP.

Note: Another user has written an excellent guide plus a script that sets up additional features such as Let Encrypt certificates, Fail2Ban limits, and general maintenance. Check it out to supplement this instructable:

Step 1: Register/Create Google Cloud Platform Account

  1. Navigate to: https://cloud.google.com/free/ and click the "Try Free" button to begin registering for an account
  2. Login with your account at: https://console.cloud.google.com
  3. Select the project you wish utilize for the Unifi Controller. If setting up a free account, you will have "My first project" selected.
    1. This can be renamed by going to Menu>IAM & admin>Settings and changing the Project name

Step 2: Creating the VM Instance

  1. From the Menu button in the upper left corner, select "Compute Engine" then "VM Instances"
  2. Wait for the Compute Engine to finish initializing if prompted.
  3. Under "VM Instances" on the left pane, click "Create" in the right pane.
    1. Enter a name for your VM. In this case "unifi-controller"
    2. Select a Zone or leave on default
    3. Change Machine Type to "micro" if using the Free offering
    4. Click "Change" on Boot disk. Select an Ubuntu image, such as "Ubuntu 17.04"
    5. Increase the disk type to Standard Persistent Disk and size 30 GB
      1. Note: 30 GB may be required for proper operation of the controller software.
    6. Leave Firewall options unchecked. These will be configured later.
    7. If configuring backups as described later in this guide, under Access Scopes, select "Set access for each API" and change Storage to "Read Write"
    8. Click "Management, disks, networking, SSH key" link, then click the Networking tab. Under "Network tags" enter: unifi-server
      1. This will be used when creating firewall rules
    9. Click "Create" to begin the process
  4. Give a few minutes for the VM creation to complete. A green checkbox will appear to the left of the name when completed.
  5. Click the Google Cloud Platform Menu>Networking>VPC Network>Firewall rules
    1. Click "Create firewall rule" at the top of the page. Several rules will be needed. They can be broken out into individual rules, or one rule to include all needed ports. List of ports
      1. Name: unifi-ports
      2. Target tags: unifi-server
      3. Source IP ranges:
      4. Specified protocols and ports: tcp:80; tcp:8880; tcp:8443; tcp:8843; tcp:8080; tcp:6789; udp:3478
      5. Create
  6. Click the Google Cloud Platform Menu>Networking>VPC Network>External IP Addresses
    1. Change the existing assignment from Ephemeral to Static to prevent the IP from changing over time.
    2. Note: If the instance is stopped, a charge of $0.01/hr per IP will be charged for static IPs

Step 3: Configuring Swap on the VM

If using the f1-micro instance, it is quite possible that the VM will run out of the 600 MB ram and stop functioning. To help with this, configure a swap file. If using a larger VM, this may not be necessary. This article walks you through the steps for Ubuntu:

Configuring Swap

The following commands can be copied and pasted into the SSH session to your VM to create the swap file and make it permanent

sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

To verify how much memory is being used, both RAM and swap, use the following command

free -h

Step 4: Installing Controller Software

  1. Click Menu>Compute Engine>VM Instances. On the line with the controller VM, click the SSH button. A new window will appear with and SSH session to the VM.
  2. Run the following commands to add the Ubiquity repository and add the GPG key. These can be copied and pasted into the SSH window:

    echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" | sudo tee -a /etc/apt/sources.list
    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
    1. Note: After an upgrade to a new release, the source may be disabled. Edit the sources.list file to remove the # from the beginning of the ubnt line
    2. sudo nano /etc/apt/sources.list
  3. Run the following commands to update the servers repository and begin the Unifi install:

    sudo apt-get update
    sudo apt-get install unifi
  4. If prompted, press Y to continue to download any required packages and install
  5. To speed up initial startup time on the VM, install haveged for faster entropy generation. With haveged, the first startup of Unifi when the VM boots will take 6-10 minutes. Without it may take 20-25 minutes.
    More information: https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

    sudo apt-get install haveged
  6. When finished, type exit to close the SSH session
  7. In the VM Instances window, take note of the External IP of the VM
  8. Open a Web browser to https://External-IP:8443/
    1. replace External-IP with the External IP of your VM
  9. If a webpage appears, the controller setup is complete.
    1. Note: Step 2 will not discover any devices as the controller is not on the same subnet as the devices. See the Ubiquity article on Layer 3 Adoption

Step 5: Configuring Backups

As part of the Google Free Tier, 5 GB of regional storage is included. By creating a storage bucket and configuring Unifi to copy backups to this bucket, the files are no longer only stored inside the compute engine, allowing for restores if the entire instance becomes unavailable.

Create a Google Cloud Storage Bucket

  1. In the GCP Console, click the Menu button in the upper left corner, select "Storage" under the Storage heading, then click Create Bucket
  2. Enter a name that is globally unique Create when finished Select a region.
    1. In the US, the free storage is available in the regions ending in 1 as noted here: https://cloud.google.com/storage/pricing
    2. Select Regional for the free tier
    3. Click Continue when finished
  3. In the GCP Console, click the Menu button in the upper left corner, select "Compute Engine", then click VM instances
  4. Stop the Unifi instance
  5. Click on the instance name, and select Edit Under "Access Scopes", select "Set Access for each API"
  6. Change "Storage" to Read Write
  7. Start the instance

Create a script to copy backups to the bucket daily

  1. Use the following commands to create the backup script, making sure to replace [name_of_storage_bucket] with the name you created above.

    echo '#!/bin/sh' | sudo tee /etc/cron.daily/unifi-backup-to-bucket
    echo sudo gsutil rsync -r -d /var/lib/unifi/backup gs://[name_of_storage_bucket] | sudo tee -a /etc/cron.daily/unifi-backup-to-bucket
  2. Set the file as executable

    sudo chmod +x /etc/cron.daily/unifi-backup-to-bucket
  3. Backup files should now be copied to the storage bucket daily. You can view the files by going to Storage>Browser and clicking the bucket.

Note: I had some trouble with copying text from Instructables and pasting into the console not fully working. The text would copy, but the commands would not execute correctly. Manually typing them in corrected the issue.



  • Fix It! Contest

    Fix It! Contest
  • Metalworking Contest

    Metalworking Contest
  • Tiny Home Contest

    Tiny Home Contest

4 Discussions

Hi there! Great article. I followed it almost to a T (just named things a little differently). However, I cant connect to the controller from a webpage. I get a "Connection refused" error. Also, according to https://www.yougetsignal.com/tools/open-ports/ port 8443 is closed (along with all my other "open" ports except 22). Any thoughts?

1 more answer

Are you using Ubuntu 18.04? If so, the version of MongoDB that comes with it is not supported with current Unifi versions. The Unifi forums have workarounds for downgrading Mongo.
If you are using an earlier version and port 8443 is not open, double check the firewall rules and also check the status of the unifi service with this command

service unifi status

You can also check the last several lines (30 in this case) of the Unifi server logs to see if it tells you if it can't start

sudo tail /var/log/unifi/server.log -n30


7 months ago

At least my instances every time I reboot them I get a new IP address.

1 reply

I wasn't experiencing that with a simple reboot of my instance and I even stopped the instance a few times and kept the same IP, but I did get a new one in the last 4 days. I think it is related to reboots for the Spectre/Meltdown patches.

I added section 6 to Step 2 which covers creating a Static IP for your instance so it won't change after that.