By default, the Ubiquiti Unifi controller runs on port 8443 for inbound HTTPS requests to the web interface. I instead wanted to change this to listen on the standard HTTPS port (443) and I wanted my own valid SSL to be used to access the web interface. The easiest way for me to do this was by using NGINX as a reverse proxy, I didn’t have to change any Unifi controller settings manually (and try to figure out which file(s) needed to be changed).
Nginx installation
Since I am using Debian to run the Unifi controller I installed NGINX with apt-get
apt-get update nginx-full
NGINX configuration
You will need to update the paths below to suite where your SSL certificate/key is located as well as change the server_name variable to be the correct domain for your installation. Since I am not using this server to host any other vhosts with NGINX I used the default config file.
Replace the content of /etc/nginx/sites-enabled/default with the following contents
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name unifi.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
server_name unifi.mydomain.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Referer "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://127.0.0.1:8443;
}
}Restart the NGINX service with systemctl restart nginx and then try browsing to your Unifi domain with HTTP. You should be redirected to the HTTPS site and everything should work.
Controller configuration
There only needs to be a couple of changes in the controller web UI:
- Settings -> Controller: Set “Controller Hostname/IP” to your domain.
- Settings -> Guest Control: Set “Redirect using hostname” to your domain. This is only needed if you use the captive portal for guest authentication. If you do use this, I recommend also making sure that the “Enable HTTPS Redirection” option is selected.