In this blog I will show how to setup Unifi Network Controller as a container in Docker on a Synology Nas. To perform this setup you need to install Docker on your NAS. Not all Synology Diskstations support Docker check here which models support Docker.
Updated 28-12: Updated screenshot step 10, port 10001 was missing in the screenshot. Updated 19-08 added timezone configuration thanks for the tip Tony!
1. Login at your Synology Diskstation and start “Docker”. Select “Registry” and enter “unifi” in the searchbox and press “Search”. In the results rightclick “jacobalberty / unifi” and select “Download this image”
2. Select in the popup the Tag “latest” and press “select”
3. Select “Image” on the left and wait for the image to be downloaded. When the disk image on the right stops blinking and become blue the image has downloaded.
4. Select the “image” you just downloaded and press the “Launch” button.
5. Enter a name for the Container (eg Unifi), check the box resource limitation and press the button “Advanced Settings”.
6. On the “Advanced Settings” Tab select “Enable auto-restart” so the container will automatically start when the Synology Diskstation is started (for example after a reboot).
7. Select the “Volume” tab and press the button “Add Folder” to add a volume for the docker container to save data.
8. Create a folder “unifi” in the docker folder. This folder will be used to store the configuration of the Unifi Controller. AFter creating select the folder and press “Select”
9. In “Mount path” enter the value “/unifi” to mount the folder in the docker container with the name “unifi”
10. In the tab “Port Settings” copy the “Container Port” values to the “Local Port” values. (You can also select “Use the same network as Docker Host” in the “Network” tab, but this way port numbers which are in use can be changed)
11. Finally in the “Environment” tab change the values for “BIND_PRIV” (enable binding to ports less than 1024) and “RUNAS_UID0” (run as root user) to “false” and press “Apply”.
12. To set the TimeZone for the container you can add an additional variable “TZ” and give it the value of your timezone (list of database time zones).
13. On the “General Settings” page press “Next” to continue.
14. On the “Summary” page check the box “Run this container after the wizard is finished” and press “Apply”.
15. Select “Container” on the left it will take a few minutes to start. (On my DS918+ it takes about 2 minutes)
16. Now we need to open the ports on the firewall. In DSM go to “Control Panel” -> “Security” -> “Firewall”. Select your active firewall profile and press “Edit Rules”
17. In “Edit Profile” windows select “Create”. In the Create Firewall Rules window select “Custom and press the button “Custom”.
18. Add the following TCP ports: “8080,8443,8843,8880,6789” and press two times “OK” to close.
19. In “Edit Profile” windows select “Create”. In the Create Firewall Rules window select “Custom and press the button “Custom”.
20. Now add the UDP ports. Select “UDP” and enter the ports “3478,10001” and press 3 times “OK”
21. You should see the following popup “Firewall settings have been saved successfully” press “OK” to continue. The Unifi Controller should now be accessible if not you may want to reboot your Synology NAS.
22. Open a browser and enter “https://<SYNOLOGY_IP>:8443 to follow the steps to configure your Controller or restore a backup of an existing configuration.
For more info about the configuration go to the docker page https://hub.docker.com/r/jacobalberty/unifi
Thanks for this. Would you then use the ‘Force adoption IP’ in the controller and set this to the IP of your NAS?
I would recommend to configure this setting. Be carefull you are using the correct ip address.
I don’t know about you, but I had to add port UDP/10001 also in the port settings in docker or the server couldn’t discover any new Ubiquity device.
Thanks for your comment, you’re correct. It was missing in the screenshot, i’ve updated the screenshot.
It wasn’t just missing in the screenshot, it is actually missing in that container configuration right from Docker Hub. That seems like a container configuration bug, present even now as of the date of this post. It was critical for me to recognize and adopt devices on the network.
And thank you for a great tutorial!
When I set the environment variable RUNAS_UID0 to FALSE then I cannot contact the controller, If I switch it to TRUE the controller functions correctly. I switched of the synology firewall to rule out interference there.
Adding the variable USER with value unify doesn’t help either.
What could be the cause?
Did you configure in “Settings -> Controller” the following settings:
Override inform host with controller hostname/IP: Enable
Make controller discoverable on L2 network: Enable
This should fix the issue.
best regards, Aad
I have the same issue as Filip. I had to set RUNAS_UID0 to true, otherwise the connection to the controller just timed out. I have enabled both ‘Override inform host with controller hostname/IP’ and ‘Make controller discoverable on L2 network’ but this doesn’t help. Also, the L2 discovery option relies on UDP 1900 which is also used by Synology apps, so I’m not sure whether its a good idea to have it enabled.
I’ve been able to fix the problem. For some unknown reason the /unifi/log/server.log file and /unifi/data/backup folder have been created with root as an owner. I had to SSH into the NAS and run sudo chown -R 999:999 VOLUME/docker/unifi/ which changed the owner of all files under unifi folder to 999. After restarting the image it started working fine.
Hi, I am coming from an outside IP and I configure the docker and container, also added the port 10001. When I configure all this it shows my public IP (add the start-age on my desktop). Then on my firewall I Nat the port 8443 to my DS, however when I run the setup it does not find any devices. It might look on the outside IP/24 and not on the 192.168.2.0/24 which is the LAN. Any suggestions ?
Thankyou for putting this guide together, absolute breeze following your instructions.
Hi! I’d also like to add that for Timezones, docker containers does not pick up on the current time the Synology will run on. What I had to do is:
>Turn off the container
>Go into ‘Edit’
>Click on the ‘Environment’ Tab
>Click on ‘Add’
>In Variable, type in ‘TZ’
>In Value, type in your code for ‘Country/City’ for example ‘America/Denver’
That should mitigate the weird times and dates the logs pick up and make sure the firewall actually turn on during the correct times if you configured a JSON file.
Thanks for this great addition! I’ve updated the post with the TimeZone variable.
Best regards, Aad
Thanks a lot for this guide.
After a while the unifi controller becomes rather outdated, would it perhaps be possible to add explanationson how to update to the latest version?
In this blog I describe how to upgrade Upgrade Unifi Network Controller on Synology
Thanks for the excellent tutorial. I am, however, having an issue. I cannot see my AP. When I go through the settings after logging in, it does not see it. I played around with this AP several months ago (not really having a controller at the time) and I do see 2 SSIDs that I had created. I reset the AP (UAP-AC-M) and now the lights are just flashing on it, but I can’t discover it.
Thanks in advance – Dave
Thanks Dave, did you check if your dhcp is working correct? I’ve had a simular issue with some devices which couldn’t be discovered. The devices did not recieve a correct IP.
Hope this helps, good luck!
Thanks for this one.
Everything went great until actually running the controller.
I took a backup of everything from my install running on my laptop and put that backup in to this one running on Synology.
The controller wont find and adapt my Unifi products at all.
Is the only way to get it working to do a full new setup?
Or is it another way?
I have new Lite-6 APs. To get them to work, I had to SSH into the AP and set-inform http://nas1:8080/inform. Strangely the AP had picked up the bridge address of the container (172.17.0.2:8080/inform) and was failing to adopt.
I wonder if the unifi controller is telling the AP how to connect to it and it is using its own local container address and not the host address?
fyi – nas1 is my synology nas hosting the docker image of unifi.
In the Unifi Network controller there is a setting called “Override Inform Host” (Settings -> System -> Application Configuration). With this setting you can override the configured Host for Inform. Enabling this will provision all adopted UniFi Network devices to the configured Host for Inform. Using this setting you can change the inform host to the hostname/IP you would like to the correct address. Be careful to use the correct address before changing it.
Hi Aad, alles goed? I had the same issue as Mark. I changed it accordingly to what you indicated. I used my internal IP address of the NAS. I assume thats the IP I should use correct?
The symptom I mainly have is still not going away though: The iOS app everytime finds my U6 lite as an independent device but it also is seen by the Unifi Network Controller. When I try to “add new” then it appears to be getting setup but I get stuck everytime with the Adoption.
Still the independent device is still there also and has a different name and wifi name (deliberately done to see what is happening where)
Another strange thing is during the adoption process, after I’ve already created a new Wifi network in the app, it asks me “The access point must be connected to your local network in order for you to configure and manage it through the Unifi Network application”. This is strange as why would I need to connect the AP to a local NW (wifi) when the AP IS the local wifi network I want to create. I have connected the U6 lite through LAN into my local network.
What am I missing? (I’m a new private user to Ubiquiti, so still learning a lot)
Alvast bedankt! thanks.
Update: for some strange reason I now got it to work. Before I resetted and removed the AP from both the independent device as well as the one which was shown for adoption.
After the IP change I wanted to do the same and removed the independent devise first. After that I got a different screen and process in the adoption section where suddenly the adoption was succesfully finalized.
Not sure if this had to do with the IP change only, but it worked.
Thanks for the article and comments, really helpful to get me going!
I followed your guide. Everything works great !
Just one question on can I see my controller on unifi Portal ?
Thanks again !
Could you explain, which unifi portal do you mean?
It’s probably about this page https://network.unifi.ui.com/