*** Official Ubiquiti Discussion Thread ***

[Sin_Chase]

This is covered in the blog post I linked to a few days ago. TLDR is if you bypass cache for the Plex/Emby etc hostname then there's nothing explicitly called out in their ToS that disallows it.

It's still not that clear cut and the wording of the ToS is not black and white (Which doesnt help). The author of that blog post has applied his own interpretation.

The other interpretation is that tunnel traffic is still handled by CF CDNs and the ToS restrictions on video and large file transfers applies equally to tunnels. To rely on poor definitions and the absence of CF specifically calling out this use case is not enoug to make a 100% determination.

Eitheway, plenty of people do it and worse case you get your account closed.

CF inspecting the traffic was enough for me to decide to stay on a self hosted VPN.

 

[jonneymendoza]

It's still not that clear cut and the wording of the ToS is not black and white (Which doesnt help). The author of that blog post has applied his own interpretation.

The other interpretation is that tunnel traffic is still handled by CF CDNs and the ToS restrictions on video and large file transfers applies equally to tunnels.

Does that also affect tailscale?

 

[Sin_Chase]

Does that also affect tailscale?

No.

Tailscale is a self hosted solution that has nothing to do with Cloudfare.

 

[jonneymendoza]

No.

Tailscale is a self hosted solution that has nothing to do with Cloudfare.

Nice. Another plus point for using it then

 

[Sin_Chase]

I should clarify, tailscale technically isnt fully self hosted. It does rely on tailscales cloud for configuration and authentication.

 

[picnic]

I believe there is project called Headscale that is an open source alternative to using the real Tailscale servers and thus could be fully self-hosted

 

[ChrisD.]

It's still not that clear cut and the wording of the ToS is not black and white (Which doesnt help). The author of that blog post has applied his own interpretation.

The other interpretation is that tunnel traffic is still handled by CF CDNs and the ToS restrictions on video and large file transfers applies equally to tunnels. To rely on poor definitions and the absence of CF specifically calling out this use case is not enoug to make a 100% determination.

Eitheway, plenty of people do it and worse case you get your account closed.

CF inspecting the traffic was enough for me to decide to stay on a self hosted VPN.

Valid points. There's a bunch of people who have been running it this way for some time. So either it's allowed, or it's not allowed and CF are turning a blind eye, or it's a a scale thing. Who knows, but it does work for me fine, and it works well for remote consumers.

I don't think it's any surprise CF will inspect traffic going through their network, but it's not like it's a full decrypt and re-encrypt with using their certs, so it'll be ML/DPI type stuff to identify it. Which is broadly what a lot of ISPs do anyway.

I like it this way vs VPNs, because if a friend/family member is accessing my Plex library as an example, I simply grant them access to my libraries, they pin it using their own Plex account and that's it. There's no other config, no other apps needed and I have zero ports open beyond having WG set up on my UniFi gateway.

 

[Caged]

I would think you'd be fine using Cloudflare for remote access to Plex for a normal amount of people you've given access to, who watch TV for a normal amount of time. If you have 60 people watching 8 hours a day then they might become suspicious, but 4-5 friends/relatives who might watch one film a week and a couple of TV episodes isn't going to be an issue. I would guess that anybody running into issues is sharing their library out in a Discord channel with hundreds of people in.

 

[doodah]

Take a step back and reconsider everything please - you shouldn't need multiple reverse proxies and a Tailscale VPN.

A single reverse proxy (e.g. your existing Caddy instance) should be able to handle multiple services, or your tailscale VPN - you shouldn't need both.

Ah I see. Might be worth explaining my set up/requirements:

1. Emby server with family accessing it - currently running a caddy reverse proxy
2. immich server (separate NAS machine) - tailscale but this is installed on my phone and immich is running on docker
3. I want to add SSL/HTTPS for browser accessed services on my NAS as well as accessing my Unifi console through a browser
4. All of this running through Unifi controller

Emby server particularly important especially with non-techy family members accessing it.

Been having a think and read. The issue with my Caddy instance (for Emby) is, it works and it was an effort to get working. I have a dozen or so friends/family using the server. I've also read CF tunnels might not be a good it for immich due to file size limits, not an issue for most of my content but I'll have videos backing up. However I've just started getting into docker containers and will likely have a number of self hosted apps where CF tunnels will be useful, as well as accessing the NAS itself.

Edit - also new features to explore in Unifi around security.

 

[Demon]

Just got my first G6 Bullet and been running it for a few days on a UCG-F..

Obviously with just 1 camera, it's working really well, to a point I snagged a 8TB NVME (WD SN850X) which for continuous recording with plenty of events each day (all events captured, AI, sound and motion) estimates 7 months of storage..

So adding another couple of G6 cameras I imagine I'll get more than the 3 weeks suggested by the capacity calculator.

 

[platypus]

Recently swapped out a 8-PoE-150W for a Flex 2.5G 8 poe.

I have two computers on ports 1 & 2 with identical port configuration, and I use Mouse without Borders to use both computers at once (dev and test machines) on a single monitor. Have used this setup for years without problem on the old switch.

Nothing has changed from the old switch. Both are configured on the same vlan with tagged traffic allowed. I keep getting problems resolving the ip address of my second machine. Going back to the old switch for testing purposes, there are no issues. Could I somehow have a switch with a bum port? The thought literally just occurred to me to try a different port on the (new) switch so I'll do that now, but any thoughts as to what could be wrong?

Anyone got any thoughts on this? Its getting so annoying I'm going to swap out the flex and go back to the 150W switch for now, but I want the 2.5gb speed of the flex!

 

[platypus]

Just got my first G6 Bullet and been running it for a few days on a UCG-F..

Obviously with just 1 camera, it's working really well, to a point I snagged a 8TB NVME (WD SN850X) which for continuous recording with plenty of events each day (all events captured, AI, sound and motion) estimates 7 months of storage..

So adding another couple of G6 cameras I imagine I'll get more than the 3 weeks suggested by the capacity calculator.

Whats the picture quality like? Have to say I've been disappointed with the AI Turret. Admittedly not had much time to tinker with the settings to see if I can get a better picture out of it but if I'd paid full price for it (managed to snag a deal) I think I'd be annoyed.

Desperately waiting for a g6 doorbell.

 

[Dangerous]

Just got my first G6 Bullet and been running it for a few days on a UCG-F..

Obviously with just 1 camera, it's working really well, to a point I snagged a 8TB NVME (WD SN850X) which for continuous recording with plenty of events each day (all events captured, AI, sound and motion) estimates 7 months of storage..

So adding another couple of G6 cameras I imagine I'll get more than the 3 weeks suggested by the capacity calculator.

3x AI turrets, 24*7 recording, 4k and I'm getting 17-19 days on 2TB. Might look at a 4TB drive, as it would be nice to have a month of recordings.

Whats the picture quality like? Have to say I've been disappointed with the AI Turret. Admittedly not had much time to tinker with the settings to see if I can get a better picture out of it but if I'd paid full price for it (managed to snag a deal) I think I'd be annoyed.

Desperately waiting for a g6 doorbell.

I'm happy with the recordings; the streaming quality will vary.

 

[SupraWez]

3x AI turrets, 24*7 recording, 4k and I'm getting 17-19 days on 2TB. Might look at a 4TB drive, as it would be nice to have a month of recordings.




I'm happy with the recordings; the streaming quality will vary.

What bitrate is that at, is it adjustable on the Unifi stuff, I am still on a mixture of brands using QNAP and looking to switch over to Protect, some of the cameras should work hopefully.

Do people prefer higher bitrate smaller res or go for higher res and lower bitrate, or max out with high res and bitrate?

 

[b0rn2sk8]

I just max it out. You can enable h265 recording mode which uses considerably less storage space.

That said, I wouldn’t suggest splashing out on an 8tb SSD for CCTV. If you need that kind of storage, you are better off going down the HDD route.

 

[SupraWez]

I just max it out. You can enable h265 recording mode which uses considerably less storage space.

That said, I wouldn’t suggest splashing out on an 8tb SSD for CCTV. If you need that kind of storage, you are better off going down the HDD route.

Yeah my newer units support h265 and makes a big difference, as for storage I agree, no need for SSD.

 

[Dangerous]

What bitrate is that at, is it adjustable on the Unifi stuff, I am still on a mixture of brands using QNAP and looking to switch over to Protect, some of the cameras should work hopefully.

Do people prefer higher bitrate smaller res or go for higher res and lower bitrate, or max out with high res and bitrate?

All Auto but I did set the Encoding to Enhanced.

Switch Encoding
Some browsers and devices may not support enhanced encoding, low latency video streaming and two way audio functionality.

 

[ChrisD.]

Also if you use something like Scrypted, I've had issues with it working when h265 is enabled.

 

[Demon]

Whats the picture quality like? Have to say I've been disappointed with the AI Turret. Admittedly not had much time to tinker with the settings to see if I can get a better picture out of it but if I'd paid full price for it (managed to snag a deal) I think I'd be annoyed.

Desperately waiting for a g6 doorbell.

Picture quality is OK, not really any better than my 6MP Hikvision cameras in daylight which are my benchmark, but they are very good at night with IR, so overall, I think they are worth the money.

All Auto but I did set the Encoding to Enhanced.

Switch Encoding
Some browsers and devices may not support enhanced encoding, low latency video streaming and two way audio functionality.

Same here, all auto but I've tried enhanced and advanced, both seem to work, there are minor foibles on playback sometimes but only if you skip forwards/backwards a frame at a time, sometimes it just freezes, but you can download the clip and it plays fine in external players.

I just max it out. You can enable h265 recording mode which uses considerably less storage space.

That said, I wouldn’t suggest splashing out on an 8tb SSD for CCTV. If you need that kind of storage, you are better off going down the HDD route.

That'll depend on your situation.

The 8TB SN850X was £380 from ebay (new, using a £20 off code), so with Tray was under £400.. making it on parity with 4TB drives on a per TB cost.

Obviously to go HDD means then investing in the UNVR which is going to be another device consuming power with power hungry HDDs in it..

The plan is, if the UCG-F struggles to the point I then decide to 'invest' in a UNVR, I'll use the 8TB in my gaming PC for some fast bulk storage for games, so it'll not get 'wasted'..

I'd say do the maths, see what works..

 

[mid_gen]

Really dumb you can't run Protect on the NAS.

I'd be replacing my DS214 in a heartbeat to migrate fully to Unifi, but it runs my Synology Surveillance station. Only two cameras, I'm sure the UNAS 2 is more than capable of handling it if my ancient synology can. Ah well.