Install UniFi Controller on CentOS 8

25 November 2020

Ubiquiti only officially supports installing the UniFi SDN controller on Debian and Ubuntu. If you prefer CentOS, the process to install the UniFi SDN controller is below.

Step-by-step guide

Install the EPEL repo

yum install epel-release

Add a user account to run the controller

useradd -r ubnt

Install MongoDB version 3.4

Create the repo file

nano /etc/yum.repos.d/mongodb-org-3.4.repo

Paste the contents into the file

name=MongoDB Repository
#hard-coded release number since there is not one for CentOS 8

Save the file

Refresh the repo list

yum repolist

Install the package

yum install mongodb-org

Install Java 8

Change directory into the temp folder

cd /tmp

Download the package

Go to the Java Manual Downloads page and get the URL for Linux x64 RPM.

wget https://the-url-from-java-download-page

Find the name of the package that was downloaded. It should be something like jre-8u161-linux-x64.rpm

Install the RPM package

yum localinstall jre-8u161-linux-x64.rpm

Install the generic Linux version of the UniFi SDN controller

Find the latest version number from the UniFi download page

Download the ZIP file


Fill in [version] with the correct version number. ex. /unifi/6.0.36/

Unzip the contents

unzip -q -d /opt

Set the correct owner for the new files

chown -R ubnt:ubnt /opt/UniFi

Create the startup script

nano /etc/systemd/system/unifi.service

Paste the contents into the new startup script

# Systemd unit file for UniFi Controller #
Description=UniFi Controller
ExecStart=/usr/bin/java -Xmx1024M -jar /opt/UniFi/lib/ace.jar start
ExecStop=/usr/bin/java -jar /opt/UniFi/lib/ace.jar stop

Set the service to start on system boot

systemctl enable unifi

Start the service

systemctl start unifi

Open firewall ports

Open the web admin interface port

If your server is connected directly to the Internet, you should not open web admin ports for security reasons. Admin ports should be accessed through a secure channel, like a VPN.

firewall-cmd --permanent --add-port=8443/tcp

Open the two ports needed for device management

firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=3478/udp

Reload the firewall for settings to take effect

firewall-cmd --reload

Go to your controller's web address in a browser.

The address will be the FQDN or IP followed by the admin port, 8443.

It is safe to bypass certificate warnings since the controller does not have publicly trusted certificates installed.

That's it! Everything should be working!