--- # Unifi controller has several components : # - The controller itself (which also include the inform, the guest_portal and the stun service) # - A small nginx proxy to expose all the various web service of unifi through a single port # - A mongodb server (optional, can use an external mongodb) # - A firmware downloader helper : this is because the Unifi Controller can't use an outbound web proxy # The name of the nomad job instance: unifi unifi: # This is for the web management console controller: # The driver to use (docker or podman) driver: docker # The image for the controller image: '[[ .docker.repo ]]unifi:8.0.26-3' vault: policies: - '[[ .instance ]][[ .consul.suffix ]]' # Resource allocation for the controller resources: cpu: 200 memory: 1024 wait_for: - service: '[[ .unifi.controller.mongo.service_name ]]' # Mongo instance to use mongo: # The address of the mongo service. Leave the default # unless you use an external mongo service address: mongodb://127.0.0.1:27017/unifi # For stats stats_address: mongodb://127.0.0.1:27017/unifi_stats # If username is set, the password must be available in vault at [[ .env.suffix ]]/kv/service/unifi in key mongo_pwd # user: unifi # Service name of the mongo service. This is used to wait for mongo to be # up before starting the controller service_name: unifi-mongo # Set to true if you want to use an external mongo service is_external: False # Additional environment vars to pass to the container env: {} # Public URL to reach the controller web interface public_url: https://unifi.example.org # Traefik settings traefik: # List of entrypoints where the management console will be exposed #entrypoints: # - https # Override the default base_middleware to remove the inflight-std@file middleware base_middlewares: - rate-limit-std@file - security-headers@file - compression@file - csp-relaxed@file # List of additional middlewares to load #middlewares: # - ip-trusted@file # Volumes volumes: data: type: csi source: unifi-data # The inform endpoint is used by the devices to contact the controller inform: # Public URL of the inform endpoint # Note : this MUST be http, not https public_url: http://unifi-inform.example.org:8080/inform # Traefik settings traefik: # List of entrypoints where the inform endpoint will be exposed. entrypoints: - unifi-inform # Override the base middlewares list to remove hsts@file as we're on http # Also remove security headers and csp as they have no meaning here base_middlewares: - rate-limit-std@file - inflight-std@file # List of additional middleware to load middlewares: [] # The guest portal guest_portal: # Public URL where the guest portal will be reachable public_url: https://unifi-portal.example.org:8843/ # Traefik settings traefik: # List of entrypoints on which the service will be exposed # Note: UniFi doesn't allow custommisation of the port, this entrypoint must be listening on port 8843 entrypoints: - unifi-portal # List of middlewares to load middlewares: [] # The STUN service stun: # Traefik settings traefik: # List of entrypoints the STUN service wil be exposed on # Note: This must be UDP entrypoints ! entrypoints: - unifi-stun # The nginx reverse proxy is used to expose all Unifi service over a single port # So we don't need to run one envoy proxy per port nginx: # The image to use image: nginxinc/nginx-unprivileged:alpine # Resource allocation resources: cpu: 10 memory: 15 # MongoDB service. # Note : this will be ignored if .unifi.controller.mongo.is_external is set to true mongo: # The image to use image: '[[ .docker.repo ]][[ .docker.base_images.mongo50.image ]]' # Resource allocation resources: cpu: 100 memory: 256 # Volumes volumes: mongo: type: csi source: unifi-mongo