Love my unifi gear.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Would you mind elaborating on what kind of setup you have? What Unifi devices etc..
My setup is really high end i just treated it like a gaming pc. Dream machine Pro Max connected to a POE Enterprise 48, that gives 2.5gb network to all the wired devices. Have one u6 pro and one u7 pro access points. Finally a 1u unvr which runs the 10 or so AI-Pro cameras.
I run two APs, and a Unifi server running on a thin client linux server.
I have the U7, and the U6 extender that goes in a wall outlet
I have a few of their small poe powered ethernet switches, they’re great since I have a poe switch as a backbone I can put it near a group of devices in a room, like consoles, raspberry PIs, etc, and just not have to worry about much setup or powering yet another tiny device.
Highly recommend unifi devices
Love this! Is that the Dream Machine Pro at the top? Seems two have space for 2 HDDs so im a bit unsure as the one I've been looking at only has 1 slot.
From the top:
-
Dream Machine Pro Max - This has two HDDs but I'm not using them. I have redundant internet sources, 1G Cable and 2G Fiber. The dream machine can fail over between them.
-
2U Patch Panel
-
POE-Enterprise 48 - This is connected via SFP+ 10G to the Dream Machine and is where every device in the network plugs in.
-
UNVR - This has 4x 14TB HDDs and is where the cameras record. That covers more than 2 months of constant recording at 4K on the cameras - which are all connected and powered by the switch. This connects via SFP+ to the switch.
-
Unifi Remote Power - This is like a redundant power source for the switches and stuff so if the power supply failed this would pick up.
-
Unifi Power Strip - everything is plugged in here, you can toggle the ports and stuff on and off which I don't do.
There's a bunch of other stuff in the rack multiple piholes and little intel nuc servers doing stuff. Redundant piholes is a nice addition to the network though once you get going.
A lot of negativity around Ubiquity in here, which is surprising to me, honestly. I had their USG for years and loved it, recently swapped it out for the Dream Machine and love it. Really don't understand the complaints about linking it to the cloud. I just didn't bother, everything works fine. Additionally, I managed to get a Debian container running on it and installed ntopng, it's been awesome for getting realtime visibility into my network traffic.
E. I should add I have 6 of their switches and 3 access points, one of which is at least 7 years old and still receiving updates.
Thats really neat! Unifi devices seem really good, but a little confusing for someone (like me) without a ton of knowledege on these devices. Not sure what to get. From what I have read I need:
- Dream Machine (UDM), as the UDR seems to be capped at 700mbps.
- I need 2 APs, but no idea which ones to get.
- In the future I will need one of their switches, but also not sure which one.
I have two of the U6 lite APs and they cover my whole house perfectly. They're POE but I just got a cheap POE unmanaged TP-Link switch for now.
I'm currently having a good experience with MikroTik. I think their products provide a good combination of features and pricing. There are a "CRS317-1G-16S+" and a "CSS326-24G-2S+RM" in my rack and I have my eyes on the "CSS610-8P-2S+IN" as a efficient little POE switch.
I haven't used Ubiquity, so I can't compare these two brands.
For APs I'm currently using TP Link Omada with a selfhosted Omada Controller and for Routing, DNS, Firewall and stuff I use OPNsense.
Mikrotik is great for their price/performance ratio, but if you're not a networking pro, some things might be hard
Thanks for the recommendation, but MikroTik seems tad too complicated for me.
I use Ubiquity at work, and decided on TP-Link Omada at home. I virtualized opnsense and the controller, but if you're just getting started I think this is the device you're looking for. Street price is $250.
https://www.tp-link.com/us/business-networking/omada-router-integrated-router/er7212pc/
You'll then need a modem and access points. I use an S33, and I'm happy with it. As for APs- they are $100 and up depending on features you need. The mesh and roaming work very well. I over-spec'd to the 670s, 610s would have worked. WiFi 7 APs are <$200 if you're into that.
Look into OpenWRT supported devices with mesh network. For example, get a couple of used Netgear R7800 for example, and you got yourself a neat setup. This guy has step by step tutorial https://www.youtube.com/watch?v=t4A0kfg2olo
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=t4A0kfg2olo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Ubiquiti is good. You just have to learn how it works. But that's like any software defined network. There are times when they will give you a little too much control expecting you know the consequences of your actions and you send the wrong config and lock yourself out. They do make mistakes in their firmware but nowhere near as much as inexperienced techs make a mistake and blame the equipment.
I recommend building your own router. It might sound complicated but it's not. Just grab any low-power x86 mini PC that has 2 network controllers, put an open-source router/firewall OS like OPNsense or pfSense on it and you're ready to go. (Check out this video for pfSense and this one for OPNsense) Protectli offers specialized devices that are designed to run OPNsense/pfSense. They also support coreboot, a free and open source BIOS implementation. You can also go with something Linux-based like OpenWrt, but I'm very happy with my BSD-based OPNsense firewall. I use a Star Labs Byte with OPNsense, a fanless mini PC that runs coreboot, designed by a UK-based, Linux-focused company called Star Labs. Before that, I used to use a Fujitsu thin client with OpenWrt, inspired by this video.
Thanks for this! I will investigate further. While it is tempting to "build your own setup" like you mention. I'm also very intreeged about the polish of unifi products, their integrations and modularity. Maybe I can find a nice balance between both worlds 😊
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Isn't 500€ a bit much for just the router?
It's not cheap, but this setup doesn't just serve as a router. It's also a dedicated hardware firewall solution, with the capacity to handle big and fast networks (I'm speaking hundrets of clients and technically it could even do 40+ Gbps over an SFP fiber-optic connection.) It also lets me monitor my network and filter connections. I use Telegraf, InfluxDB and Grafana to get a nice visual overview of my local network, as well as all the inbound and outbound connections. I can even see the location of the servers I connect to through MaxMind GeoIP in my Grafana dashboard. I also use Sensei (I think it's called Zenarmor now) for advanced filtering, and I use ClamAV with TLS interception to scan for malware. I could also run a DNS server through Unbound or Pi-Hole, but I prefer to do that on a separate device. OPNsense is a very powerful piece of software, and the StarLabs Byte is a suitable device to run it. For me it's very important to have a free BIOS firmware implementation like coreboot on a security-critical device like my firewall.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
AP | WiFi Access Point |
DNS | Domain Name Service/System |
PoE | Power over Ethernet |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
Unifi | Ubiquiti WiFi hardware brand |
[Thread #787 for this sub, first seen 5th Jun 2024, 22:15] [FAQ] [Full list] [Contact] [Source code]
Ideally for your router you want something that runs an open source firmware (OpenWRT, DD-WRT, OPNSense, FreshTomato). Its better because you get a completely unlocked everything you need system with security patches for the hardware's true lifetime. Every router company stops with the security updates after a few years and then at some point it becomes part of a bot net or one of this mass hack events. Its best not to play in that game and instead run some open source firmware from the outset.
The best way to start is to look at the website for openwrt.org and use their filtering to find a device that supports your needs (at least 5 LAN ethernet ports I guess and some wifi but AC sounds like it will do). The other option is a more typical 4 LAN port router which will give you a lot more options and then add a switch to that, doesn't sound like you care too much about it being managed or >1gbps so they are also dirt cheap.
Stay with TP-Link. Ubiquity done some strange things recently.
would you mind elaborating on this? What strange things?
I have had some Uqiquiti gear become end of life, then no longer supported in the Unifi app, which, well is a problem as that was my AP's for home. I don't like the forced obsolescence.
One of my colleagues loves the TP-Link Omada system, which provide similar functionality, and since Ubiquiti did me dirty with the changes, i am considering changing over. I believe the TP-Link gear is a bit cheaper too.
Either way, i would go for a prosumer/small office type setup, so that you can do all the fun things us selfhosted want, but not necessarily need :D
I've had the same question when I wanted to seperate my homelab network from my normal network that is also used by my girlfriend.
I tested a MikroTik router from a friend, but it was too deep for me. Ubiquity was too expensive since I was on a budget, so I got a TP-Link Omada Router and PoE Switch, which has a more user friendly UI than MikroTik. Maybe not as nice as Ubiquity but good enough for my needs and some more features than my ISP router.
Sorry I didn't read your post in depth. But if you need switches, especially with lots of ports or PoE, older Alcatel-Lucent switches are rock-solid and relatively cheap off ebay, cause lots of companies that used them are upgrading. Just make sure to find one that fits your requirements per port.
My budget-friendly solution has been to replace my ISP provided router with a 10 year old Netgear router that handles all the protocols my ISP does off eBay for £25.
I have a 4 storey townhouse so having this on the ground floor is useless when you're on the top floor.
So I have a power line system installed which I've hooked into the modem. I've got a wired router in the front room that has all the front room tech worked in.
On the top floor I have an even older Netgear router a friend gave me, with OpenWRT installed plugged into the power line and running as an access point.
In total this whole system has probably cost me £80 to fully install as I was given the older Netgear.
Works beautifully, cost very little, and I've got a Guest Mode ap that turns on when I turn guest mode in Home Assistant, a simple "Hey Google turn on Guest mode"
Should probably add that a power line transmits network signal over the power plugs. OP may not be aware this is possible.
I have been using ubiquiti for years, and I would strongly caution against using them. They are forcing some devices to sign on to ubiquity cloud and synchronize with their cloud services, and are forcing those sign ins to use MFA. I really miss the ubiquity from 2020, where it was all local. Next time I upgrade my gear, I will probably not buy an ubiquiti router/gateway.
Also the upgrade process from Usg to dream router was awful. Also they don't let you run unifi in docker with a dream router, you are forced to run it on-device.
I really miss the ubiquity from 2020, where it was all local.
I was definitely leery of Ubiquity for that reason since before 2020. Even though back then it could all be local, I feel like pushing people to the cloud was already well-established as being a thing.
My criteria for routers and wi-fi access points up to this point has basically been "can run OpenWRT and is relatively cheap," so I've settled in on TP-Link. I'm still running on an old Archer C7 from a decade(?) ago and would like to have something that fits in my rack for aesthetic purposes, though, so my next router might be a 1U DIY x86 machine running OPNsense instead.
It's getting harder to find routers that will run open source firmware. The best option is to run OPNsense or pfSense on a low power x86 machine and use separate APs for WiFi.
I would never use their firewalls/gateways, but their switches are pretty good for the price and their APs are decent (although tbh after 3 generations my next AP will likely be an enterprise Aruba).
That said, I still use Unifi in docker, everything is up to date, and nothing is requiring a sign-in to the cloud. Am I missing something? If it's just the firewalls, then I'm not surprised since I've never been remotely tempted to use them, but it sure isn't all of their devices.
What router do you have? If it's a dream router, how did you join it to your unifi running in docker on another host?
My firewall is a Fortigate 60F.
Ubiquiti website says that dream router must run unifi.
https://store.ui.com/us/en/collections/unifi-dream-router/products/udr
*Consists of UniFi Network plus two of Protect, Access, Talk, or Connect.
I believe you. I'm just saying their non-firewalls (i.e., switches and APs) don't have that limitation.
Oh yeah, exactly. USG and aps and stuff do not. The dream router does, so I would caution against it.
Also, they may force it in the future. Their past behavior does indicate that direction.
What would you recommend as a replacement with same level of novice-friendly UI/setup? I was looking to go down that route specifically because it seems like an easy way to get a solid network setup without being a network pro.
I can recommend Grandstream. They have a great UI, tons of features explained in plain English, and powerful Access Points for a fair price. Zero cloud features necessary. Also a US based company, if that matters to you.
But even cooler, the controller is built into the Access Point and is peer-to-peer if multiple APs are in use.
I switched a month ago from a full Unifi network and couldn't be happier. Do note that they need PoE injectors to power the APs, but unlike Ubiquiti's they don't ship with them.
Hmm, they're not easily available in the EU it seems.
Also a US based company, if that matters to you.
I would consider that a downside TBH, but it's hard to avoid unfortunately.
I have an all Ubiquiti setup and only use local accounts for everything. UDM Pro, 2 8 port switches and 2 APs, U6Mesh and another older AP. One of my accounts had me turn on MFA but every device still let's me use a local account with a password and ssh key. Do you know what devices are forcing that?