*** Official Ubiquiti Discussion Thread ***

I wouldn't bother with anything Unfi related when it comes to WAN connectivity. Untangle, Sophos XG, pfsense etc.
 
Hey folks, I have an issue which I hope you knowledgable lot will be able to help me resolve. On first glance it doesn't appear to be Ubiquiti-related, but bare with me!

I have a USG as the basis of my network. I am then running Vaultwarden (ex Bitwarden RS) on a Pi to handle all my passwords, both at home and out and about. Vaultwarden is installed in a Docker container on the Pi. I then have Nginx Proxy Manager to access it from outside my network. Within Nginx, I've got my SSL certificate generated through LetsEncrypt.

The issue I have is that the SSL certificate has expired, and I can't renew it. When I was setting it all up, I remember I had issues with the initial generation of the SSL certificate, which I believe I resolved by trial and error adjustments to the Firewall Rules in the UniFi network settings. However, I can't remember which combination of settings worked, and can't replicate a situation in which I can successfully renew the certificate.

Can anyone suggest what I might need to do to resolve this?
 
The port 80 open to the world requirement is annoying, but the protocol supports DNS verification which is what I'd recommend every time, it's just that some clients haven't implemented it. I have pfSense configured to use an Azure service account to write the required TXT record into the DNS zone for verification whenever the LE cert needs renewing, and it works great.
 
jonneymendoza said:
Ahh i see but why not just get a LAN Router and then a WAP?
Click to expand...
I think the confusion comes when the TLAs come out. For me Ubiquiti (UniFi) is genuinely superb for their wireless access points (WAP or WLAN) and their switches are very good. Their cameras are good quality but massively overpriced. The only place the really fall down for me is on their routing where the UniFi Dream Machine is good, the UniFi Dream Router is excellent for the money but their ‘grown up’ routers - the USG and USG Pro are no longer being developed and the Dreams Machine Pro and Dream Machine Pro SE are just awful. Very expensive for what you get and almost 4 years after they first saw the light of day they have less security functionality than the USGs and they’re buggier than a Mamas and Papas showroom.
 
"Dream Machine Pro SE are just awful" - I disagree with this it's a fantastic all in one device especially for the price if you also use the waps and cameras as it has the built in POE for them. Have mine powering several cameras (G3 Flex) that are excellent value as is the g3 and g4 instants I have. It also powers two u6 access points. With latest firmware does load balancing and failover on my Virgin / BT as failover.
 
Dave85 said:
"Dream Machine Pro SE are just awful" - I disagree with this it's a fantastic all in one device especially for the price if you also use the waps and cameras as it has the built in POE for them. Have mine powering several cameras (G3 Flex) that are excellent value as is the g3 and g4 instants I have. It also powers two u6 access points. With latest firmware does load balancing and failover on my Virgin / BT as failover.
Click to expand...
You are, of course, entitled to your opinion. I would just point out that it’s £480, £500 delivered.

Let’s say I spend that on a £150 Topton N5105 2.5GbE box, £50 on 16Gb RAM and £50 on a 500Gb SSD. Then I’m going to spend £115 on a USW-8-Lite PoE and £185 on a Cloud Key Gen2. That’s £550 and it just obliterates the Dream Machine Pro SE on every level. Or spend a £660 on the QNAP Guardian and run the UniFi controller and pfSense or Untangle in VMs and you get 16 PoE ports including 4 60W PoE++ ports and 12 PoE+ ports and two SFP ports. It takes two SSDs or HDD and it can be expanded to 32 HDDs. It’s QVR-Pro software works with any ONVIF camera and it makes the Dream Machine Pro SE look like an expensive toy. And that’s before we get on to little things like VPN performance, SNORT performance, Wireguard etc.

And how on earth you can describe any UniFi camera as good value is truly mind boggling. You can have at least 3 decent Hikvision or Dahua camera ms for the price of a UniFi camera if the same resolution. Most of them aren’t even rated for outdoor use.

If you’ve only ever seen gruel then gruel with salt is probably pretty tasty. But better and cheaper IS just an adventurous mouthful away.
 
I had a similar setup previously with the Cloud Key Gen2 and it was generally crap and sluggish. It also has an inherent design fault of way too much heat and the battery fails within a year. Your also ignoring the fact I said all in one unit not two more separate parts that do the same thing. Your switch is also 4 POE ports not 8 like the SE. You also do not have SFP+ either in this setup. Your second setup while more expensive than the SE is a much better setup and all in one unit and I agree is much more capable. As someone who has a QNAP the software is also decent. No where near as user friendly as Unifi but more feature rich.

"And how on earth you can describe any UniFi camera as good value is truly mind boggling. You can have at least 3 decent Hikvision or Dahua camera ms for the price of a UniFi camera if the same resolution. Most of them aren’t even rated for outdoor use." Now as you know I got a few amazing cameras from you last year and they are far superior than most of the Unifi cameras at a lower price point. The apps that work with them are generally unpolished crap compared to the protect app. And as I said I find the G3 Flex an absolute great little camera at £67 quid and had many of them outdoors in all weather for years with no isues. The G3 instant as an indoor camera at £29 quid is also fantastic value as it all ties into the same app. I bought and sold on a G4 pro as it waa as you said terribly overpriced crap for the performance compared to the dahua.

like you said though we all have opinions and each individual needs things tailored but if your someone that wants a nice looking unit for the home and all in one security solution and router and wifi in one ecosystem with minimal config and a user friendly app for cctv its hard to beat IMO !
 
Dangerous Dave said:
Might not be the same issue but lets encrypt certificates will only renew if I open port 80 rather than 443 to my Synology box. Not ideal I open the port then close it once the cert is renewed.
Click to expand...
See this tallies with what I thought, and I'd created a port forward for port 80, so makes sense that this is what worked previously. However, even if I enable it now, the issue persists... So that's not the (entire) solution :(
 
Caged said:
The port 80 open to the world requirement is annoying, but the protocol supports DNS verification which is what I'd recommend every time, it's just that some clients haven't implemented it. I have pfSense configured to use an Azure service account to write the required TXT record into the DNS zone for verification whenever the LE cert needs renewing, and it works great.
Click to expand...
Sorry, I don't understand this. Can you dumb it down for me? Is this something which I might potentially be able to do with my setup?
 
WJA96 said:
I think the confusion comes when the TLAs come out. For me Ubiquiti (UniFi) is genuinely superb for their wireless access points (WAP or WLAN) and their switches are very good. Their cameras are good quality but massively overpriced. The only place the really fall down for me is on their routing where the UniFi Dream Machine is good, the UniFi Dream Router is excellent for the money but their ‘grown up’ routers - the USG and USG Pro are no longer being developed and the Dreams Machine Pro and Dream Machine Pro SE are just awful. Very expensive for what you get and almost 4 years after they first saw the light of day they have less security functionality than the USGs and they’re buggier than a Mamas and Papas showroom.
Click to expand...
Could i mix and match then? Use a unifi dream machine pro as the main brains and router. put a bunch of unifi AP's for wifi and then use a differen survailance camera setup that connects to my router etc?

My main goal is this :

ISP broadband fibre router(in dumb internet mode only) -> Microteck router to control all the port forwarding, LAN's, VLAN's etc, Microteck switches for 25gbit connection between my work station and server -> survailance camera's of some sort(Maybe POE etc but this is for a different thread? ) and away we go!!!
 
Last edited:
WJA96 said:
You are, of course, entitled to your opinion. I would just point out that it’s £480, £500 delivered.

Let’s say I spend that on a £150 Topton N5105 2.5GbE box, £50 on 16Gb RAM and £50 on a 500Gb SSD. Then I’m going to spend £115 on a USW-8-Lite PoE and £185 on a Cloud Key Gen2. That’s £550 and it just obliterates the Dream Machine Pro SE on every level. Or spend a £660 on the QNAP Guardian and run the UniFi controller and pfSense or Untangle in VMs and you get 16 PoE ports including 4 60W PoE++ ports and 12 PoE+ ports and two SFP ports. It takes two SSDs or HDD and it can be expanded to 32 HDDs. It’s QVR-Pro software works with any ONVIF camera and it makes the Dream Machine Pro SE look like an expensive toy. And that’s before we get on to little things like VPN performance, SNORT performance, Wireguard etc.

And how on earth you can describe any UniFi camera as good value is truly mind boggling. You can have at least 3 decent Hikvision or Dahua camera ms for the price of a UniFi camera if the same resolution. Most of them aren’t even rated for outdoor use.

If you’ve only ever seen gruel then gruel with salt is probably pretty tasty. But better and cheaper IS just an adventurous mouthful away.
Click to expand...
Yea i would want outdoor use camera's both front, rear and side

Also i want to be able to connect my thermostat to my router so i can access it remotely and control and schedule my heating etc when im away.

@WJA96 At some point i will draw up a network diagram and show u my intension and will create whole new thread regarding it.
U know of any good network architecture drawing app i can use on my ipad?
 
Last edited:
jonneymendoza said:
Yea i would want outdoor use camera's both front, rear and side

Also i want to be able to connect my thermostat to my router so i can access it remotely and control and schedule my heating etc when im away.

@WJA96 At some point i will draw up a network diagram and show u my intension and will create whole new thread regarding it.
U know of any good network architecture drawing app i can use on my ipad?
Click to expand...
jonneymendoza said:
Could i mix and match then? Use a unifi dream machine pro as the main brains and router. put a bunch of unifi AP's for wifi and then use a differen survailance camera setup that connects to my router etc?

My main goal is this :

ISP broadband fibre router(in dumb internet mode only) -> Microteck router to control all the port forwarding, LAN's, VLAN's etc, Microteck switches for 25gbit connection between my work station and server -> survailance camera's of some sort(Maybe POE etc but this is for a different thread? ) and away we go!!!
Click to expand...

We use Visio for diagrams with templates for the equipment and cable runs.

So not much use on an iPad. I’m sure there will be an iOS equivalent.

You can always mix and match - the question is how much are you prepared to balance loss of functionality for ease of use?

For surveillance cameras there is a massive thread in Life/Home and Garden
 
WJA96 said:
We use Visio for diagrams with templates for the equipment and cable runs.

So not much use on an iPad. I’m sure there will be an iOS equivalent.

You can always mix and match - the question is how much are you prepared to balance loss of functionality for ease of use?

For surveillance cameras there is a massive thread in Life/Home and Garden
Click to expand...
Mate, i have a SAMBA file share as my go to file sharing tech on my network and its all done via confgs and etc/fstab etc lol

Ease of use? I dont mind but i also dont wanna write a python or ruby script just to setup VLAN though lol
 
WJA96 said:
You are, of course, entitled to your opinion. I would just point out that it’s £480, £500 delivered.

Let’s say I spend that on a £150 Topton N5105 2.5GbE box, £50 on 16Gb RAM and £50 on a 500Gb SSD. Then I’m going to spend £115 on a USW-8-Lite PoE and £185 on a Cloud Key Gen2. That’s £550 and it just obliterates the Dream Machine Pro SE on every level. Or spend a £660 on the QNAP Guardian and run the UniFi controller and pfSense or Untangle in VMs and you get 16 PoE ports including 4 60W PoE++ ports and 12 PoE+ ports and two SFP ports. It takes two SSDs or HDD and it can be expanded to 32 HDDs. It’s QVR-Pro software works with any ONVIF camera and it makes the Dream Machine Pro SE look like an expensive toy. And that’s before we get on to little things like VPN performance, SNORT performance, Wireguard etc.

And how on earth you can describe any UniFi camera as good value is truly mind boggling. You can have at least 3 decent Hikvision or Dahua camera ms for the price of a UniFi camera if the same resolution. Most of them aren’t even rated for outdoor use.

If you’ve only ever seen gruel then gruel with salt is probably pretty tasty. But better and cheaper IS just an adventurous mouthful away.
Click to expand...
Where on earth can you get a qnap guardian for £600 and can one fall off your van?
 
You must log in or register to reply here.
Back
Top Bottom