Unifi Controller on AWS Lightsail (including Letsencrypt) Setup (Guide)

This guide will show how to set up an AWS Lightsail instance running Ubuntu 18.04, install the UniFi Controller software, and setup a Let’s Encrypt Security Certificate.

It is assumed (and therefore doesn’t cover) the following items:

  • You have created an Amazon Lightsail account
  • You have an SSH client installed on your local device (e.g. PuTTY)
  • You have a Domain name, and understand how to point the DNS at a static IP

Setting up Lightsail instance

  1. Log into the Amazon Lightsail webpage and select Create Instance

    Select Create Instance

  2. On the following page select the below options:
    • Linux/Unix
    • OS Only
    • Ubuntu 18.04 LTS
    • Create New under the SSH key pair manager section
      • Give the keypair a name, select Generate and download

    Select Linux/Unix, OS Only, Ubuntu 18.04 LTS, and create Key Pair

    • Select the $5 USD per month plan
      • Note: This is important, the software won’t install/run on less than 1GB RAM
    • Give your Lightsail instance a unique name in the text field under Identify your instance
    • Select Create Instance

    Select $5pm plan, name the instance, select Create Instance

  3. On the following page you will se your instance say Pending, meaning it is being created. Once the instance says Running, select it.

    Select instance once status is Running

    • Select Networking followed by Create Static IP
    • The following page should show the instance you have just created under Attach to instance
    • Give your Static IP a unique name under the Identify your static IP section
    • Select Create

  4. Go back to Networking and you should see ports 22 and 80 already created. Create the following Firewall ports (leave application type as Custom):
    • TCP: 443 6789 8080 8443 8843 8880 8883 27117
    • UDP: 443 1900 3478 5656-5699 10001

    • Select instance once status is Running

Install UniFi Controller

  1. Log onto the Lightsail instance via your SSH application (at this point you should have pointed your Domain Name DNS to your Lightsail static IP)
    • The IP to connect to will be the lightsail instances public IP, on Port 22
      • For example: ubuntu@111.111.111.11
      • When using PuTTY you will need to use the SSH key set in Step 1. Open PuttyGen and load the .pem key. Select save private key and place the .ppk file in a memorable location.
      • Open PuTTY and select Connections, followed by SSH, then Auth. Browse for the .ppk file and then go back to your session. You should now be able to connect to your instance.
    • Set your Timezone: sudo timedatectl set-timezone Australia/Melbourne

  2. We will be using this script found on UniFi forums to install the UniFi Controller. Make sure to check the post for the latest version, and then Perform the following commands:
    • Login as root: sudo -i
    • Download the Script: wget https://github.com/sprockteam/easy-ubnt/raw/master/unifi-installer.sh -O unifi-installer.sh
    • Run the Script: sudo bash unifi-installer.sh
      • You can safely follow all recommended options.
      • Ensure you install onto the Public IP and restart when prompted
      • When asked if you want to (re)setup Let’s Encrypt, Enter Y rather than the reccomended N

Install Let’s Encrypt Security Certificate

  1. You should now be up to the stage where you’ve been prompted if you want to install Let’s Encrypt. Enter Y to begin the process.

  2. Follow the below instructions to install the Security Certificate (Note: your Domain should be pointing at the Lightsail Public IP)
    • When prompted if you want to use your internal IP as the domain name, enter N
    • Enter your domain name that will be used to login to the UniFi Controller (e.g. unifi.matttechtips.com)
    • You may be warned that your domain does not resolve, you can proceed anyway
    • Enter your email address, and perform a dry run by entering Y

  3. Finish the script by Enter Y to confirm you want to use UFW
    • Enter N when asked if you want to reset current UFW rules
    • Enter Y to check inbound ports, if any fail, confirm in Lightsail they are allowed and check again
    • Enter Y to allow access to SSH from any host and to allow access to UniFi from any host
GIF of install process

Complete!

Install should now be completed! Your SSH client should show you the Web address to access UniFi Controller