For the basic configuration & setup of the Unifi controller via docker-compose
, see Simple Unifi controller setup using docker-compose ! This post just covers the Traefik label part.
This setup is based on our previous post on the Unifi docker-compose setup. Furthermore, our traefik configuration is discussed in more detail in our post on Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges.
For this example, we’ll use a wildcart Let’s Encrypt certificate for the domain *.mydomain.com
via the Traefik certificate provider named cloudflare
, with the Unifi controller running on unifi.mydomain.com
Here’s the container label config:
labels: - "traefik.enable=true" - "traefik.http.routers.unifi.rule=Host(`unifi.mydomain.com`)" - "traefik.http.routers.unifi.entrypoints=websecure" - "traefik.http.routers.unifi.tls.certresolver=cloudflare" - "traefik.http.routers.unifi.tls.domains[0].main=mydomain.com" - "traefik.http.routers.unifi.tls.domains[0].sans=*.mydomain.com" - "traefik.http.services.unifi.loadbalancer.server.port=8443" - "traefik.http.services.unifi.loadbalancer.server.scheme=https"
Note particularly these lines which make Traefik access the Unifi controller via HTTPS:
- "traefik.http.services.unifi.loadbalancer.server.port=8443" - "traefik.http.services.unifi.loadbalancer.server.scheme=https"
Complete example
version: '2.3' services: mongo_unifi: image: mongo:3.6 network_mode: host restart: always volumes: - ./mongo_db:/data/db - ./mongo/dbcfg:/data/configdb command: mongod --port 29718 controller: image: "jacobalberty/unifi:latest" depends_on: - mongo_unifi init: true network_mode: host restart: always volumes: - ./unifi_dir:/unifi - ./unifi_data:/unifi/data - ./unifi_log:/unifi/log - ./unifi_cert:/unifi/cert - ./unifi_init:/unifi/init.d - ./unifi_run:/var/run/unifi - ./unifi_backup:/unifi/data/backup # sysctls: # net.ipv4.ip_unprivileged_port_start: 0 environment: - DB_URI=mongodb://localhost:29718/unifi - STATDB_URI=mongodb://localhost:29718/unifi_stat - DB_NAME=unifi - UNIFI_HTTP_PORT=8090 labels: - "traefik.enable=true" - "traefik.http.routers.unifi.rule=Host(`unifi.mydomain.com`)" - "traefik.http.routers.unifi.entrypoints=websecure" - "traefik.http.routers.unifi.tls.certresolver=cloudflare" - "traefik.http.routers.unifi.tls.domains[0].main=mydomain.com" - "traefik.http.routers.unifi.tls.domains[0].sans=*.mydomain.com" - "traefik.http.services.unifi.loadbalancer.server.port=8443" - "traefik.http.services.unifi.loadbalancer.server.scheme=https" # Ports commentet out since network mode is set to "host" # ports: # - "3478:3478/udp" # STUN # - "6789:6789/tcp" # Speed test # - "8080:8080/tcp" # Device/ controller comm. # - "8443:8443/tcp" # Controller GUI/API as seen in a web browser # - "8880:8880/tcp" # HTTP portal redirection # - "8843:8843/tcp" # HTTPS portal redirection # - "10001:10001/udp" # AP discovery logs: image: bash depends_on: - controller command: bash -c 'tail -F /unifi/log/*.log' restart: always volumes: - ./unifi_log:/unifi/log