I have nothing but good things to say about ubiquiti. I run their cameras door bell and network switches at my house and have had nearly 100% uptime for years. Their ui constantly improves and it’s very well integrated into home assistant.
Lotta haters out there but this is just advanced as I want to get in my home lab; and the racks are just so cool even with their gimmicky front touch panel, it’s just so sexy when all the displays in the rack sync up on their animations. Whoever designed these things really had an eye for design.
I still use their access points because it's hard to get anything else as good for the same kind of price, but they burned me killing the development on EdgeRouter.
So I've gone elsewhere for cameras, switching and routing.
This release is a nice point in their favour though but I can't see myself going back all in on Ubiquiti.
I've moved on from Ubiquiti access points as well. Their U6 simply does not handle VLANs properly, they never acknowledged the issue let alone fixed it. See https://community.ui.com/questions/U6-IW-how-to-trunk-all-5-...
Their security issues in the past. Their failure to make the EdgeRouter handle DHCP and DNS properly. Etc...
I've since moved to cheap switches that support all port vlan trunks and LACP bonding, then just plug Proxmox into them and run OpenWRT in a VM for routing all the vlans. The Proxmox+OpenWRT combo even supports hot-plug virtual interfaces as more VLANs are lit up, they just pop up nicely in the web UI.
For the APs, TP-Link is less expensive and better performance. WiFi 7 and 10gbit for less money. No need to run a management OS in a VM either.
> Their security issues in the past.
That's why I moved off as well. Maybe some day SDN (at least so far as the ubiquity experience goes) will become an OpenWRT priority.
is there a writeup on the openwrt/proxmox vm for routing you talk about? Examples of the cheap switches?
The thread you reference ends with the post saying "it is fixed in the 7.4.140 controller release", so im not sure how you can say it wasnt acknowledged or fixed.
Are you a ubiquiti employee who can see internal posts perhaps? There’s no such post on the public discussion. The only two instances of “fixed” on the page are people expressing hope it will someday be fixed.
If you follow the thread, there is a "continue here" link which jumps to another thread about the same problem, and the first post notes the fix:
https://community.ui.com/questions/U6-IW-how-to-trunk-all-5-...
I’m curious to know more about your setup! Which switches do you prefer? What hardware are you using for proxmox? And what does your network look like?
Cheers!
For the switches I'm considering replacing them all with 2.5gbit but don't see the need to yet. Currently I have a TL-SG1016DE as the core switch. The main proxmox servers are 3 used Dell 1U servers I bought from Ebay. Each has 256GB ECC ram, 2x 8 core CPUs, 4x Gbit intel nics. I flashed the PERC card to be a plain SCSI controller so ZFS in Proxmox has direct access to the disks. If I were to buy them today I'd look for R720's or newer. I got mine for about $800 USD each. They're overkill, but provide a lot of capacity. They're also unnecessary, you can ignore them and only consider the rest of this comment. They're the most expensive, hottest, and loudest devices on the network.
I have a separate tower that's a old 9th gen intel that provides the large ~50TB ZFS NFS server. It used to be an intel Atom, but that finally died after 10 years so I moved the drives to a gaming PC I had lying around. Over the years, nicest thing about ZFS and Proxmox is the drives are fully independent of the hardware and the software OS they're attached to. Now, I just pass the devices through Proxmox to a Debian VM and they come up just like they did before.
Regarding the rest of the network, let's move from the edge in toward the 3x 1U servers and NFS storage box. I have 1gig symmetric fiber from Ziply. The ONT has cat5 running to 1 of the 4 gig ports in an Intel Atom C2758. The other 3 ports are bridged together in Proxmox to act as a switch. It kind of looks like an EdgeRouter-4 if you squint at the ports. This C2758 only runs a single VM, OpenWRT. The nice thing is I can take snapshots before upgrades, and upgrade or replace the hardware easily.
The OpenWRT VM is the most critical thing in the whole network. I try to manage it simply, I have some shell scripts that copy the /etc/config files into place and restart services for a simple IaC setup.
The main services OpenWRT provides are:
1. WAN DHCP client, my ISP doesn't offer static IPs. 2. One minute cron job that makes sure the A record for home.example.com is correct. *.home.example.com is a CNAME to home.example.com, this simplifies configuration and TLS cert management. 3. HAProxy runs on OpenWRT listening on 0.0.0.0:80 and 0.0.0.0:443 Extremely valuable for SNI routing of TLS connections. I moved the LuCI web UI to alternate ports, which is simple to do via config. 4. dnsmasq provides dhcp and dns for the main and guest VLANs. 5. OpenWRT is configured as a WireGuard server. Each wireguard client device is allocated an dedicated IP in a separate 192.168.x/24 subnet. This has been great for source based IP access control which I'll cover below. Wireguard clients connect to home.example.com.
That's it for OpenWRT. The key lesson I learned is it's been incredibly valuable to run haproxy on OpenWRT. All L4 connections terminate to it, but crucially it does not handle TLS certificates. It only forwards TCP connections based on the SNI in the client hello. HAProxy is also configured to use the PROXY protocol to preserve source IP addresses, which has been great for access control.
Most TLS connections are forwarded to a single node Talos VM running on another Proxmox host. This VM runs Cilium, Istio, and the Gateway API. The istio envoy gateway is configured to accepts PROXY protocol connections, which means AuthorizationPolicy resources work as expected. By default, only connections coming from the local subnets, or the wireguard subnet are allowed. OpenWRT does hairpin NAT, so this works just fine, all sources connect to the WAN IP regardless if they're internal or external.
I don't do much with Kube yet, most of the traffic is forwarded on to another VM running Portainer. Most of my backend services are in Portainer. The Kube VM does handle Certificate and AuthorizationPolicy resources though, using cert-manager and Istio. This has been nice, I don't need to configure each service for TLS or access control in bespoke way, it's all in one place.
The only other thing to note is the Dell 1U servers have 3 of their 4 gig nics aggregated into LACP bonds. Similar to the Atom router, they're configured as a bridge in Proxmox and I use them for the Ceph data plane. 9 of the 16 ports in that TL-SG1016DE are just for Ceph and I'm able to get close to 600 MiB/sec reads (yes megabytes) which is pretty neat given 1gbit interfaces.
That's about it. Overall I'm trying to eliminate VLAN's, but it still makes sense to have them for Ceph and for a Guest wifi network.
Edit: Lastly I've maintained a home lab for 25 years and this is the best iteration yet. All of the trade-offs feel "right" to me.
> TP-Link is less expensive and better performance. WiFi 7 and 10gbit for less money.
Thanks, they really seem like good alternative.
Not sure, how active development is right now, but EdgeOS got forked from an open source devian based distro after that went commercial.
But EdgeOS was not the only fork, another one was VyOS (vyos.io). Pretty sure, that EdgeOS has done larger steps forward, especially, since it was bound to the hardware's developer.
Their software updates are also very flakey. The past few releases for the Console and occasionally the Network were pulled right after being published for having blocking bugs. Again and again they publish the update and then do QA on their users. If you have an IT department you probably have some sort of process in place to deal with this and deploy when you're satisfied. A home user will probably have auto-updates enabled and bite the bullet again and again.
A while ago one update automatically enabled PMF (set to required, I believe) on all Wi-Fi networks. That didn't go great for me when half of my IoT devices stopped connecting and I wasn't available to fix.
They just released v3.0.0 of the EdgeRouter software three days ago.
https://community.ui.com/releases/EdgeRouter-3-0-0/33ee3852-...
But yeah they haven't released any new hardware in quite a long time. But nice to see they are still doing development work on the software.
Thank you so much for this great news!
For cameras, everyone should be looking into https://openipc.org/
This looks cool but it's not on any camera brand I have ever heard of before. I have a bunch of hikvision stuff that is on its own vlan with no internet access because it's concerningly chatty with Chinese IPs. I would love to put openipc on them.
This. We used to do a lot of Ubiquiti, then the software quality went way down, their own security officer 'hacked' them and lots of other weird stuff. We were already using debian vm's instead of their horrible cloudkey devices (so slow..). We switched to Aruba Instant-On.
We still use some Ubiquiti. Sometimes i use this script on a Debian VM:
https://community.ui.com/questions/UniFi-Installation-Script...
The new generation Ubiquiti hardware with built-in management is really good, inexpensive, and interface is responsive. It's also just good looking. They've really gotten better across the board. I'm using the Cloud Gateway Max.
I moved the firmware if my EdgeRouter X SFP to OpenWRT, since it has been years from their last security update and recently the WebUI tripped and broke.
The router works still amazingly fine, only their software has some bugs.
My EdgeRouter X just mysteriously died once when I had to reboot it. No idea what happened to it but it just never was accessible through any means.
Hopefully the Unifi devices are better since I eventually replaced it with Cloud Gateway Ultra after dabbling with a second-hand MikroTik.
What do you use the for routing?
I tried a Mikrotik router recently but conoared to the Ubi devices, configuration feels so clunky and complicated.
RouterOS does feel a little clunky for sure, but you can configure _everything_. And once it's set up, it works beautifully and consistently.
Ubiquiti's routers to me just seem to be prosumer routers with an "enterprise" UI on top. Whereas Mikrotik genuinely offer an enterprise experience (also still great for home) with the boring, drab, absurdly functional UI to back it up.
Ubiquiti looks beautiful; but you can't do anything with it.
True, but kinda my point (as sibling said): I don't need everything. Some NAT, some DHCP, some Firewall. And Ubi is easily enough for everything.
Mikrotik is like Linux and Ubiquiti is like Mac
The GL.iNet Flint 2 came highly recommended (near cult following) from my own pretty extensive research for offboarding ubiquity. It comes with a OpenWRT fork pre-installed, but flashing mainline OpenWRT is officially supported. I've been happy so far.
The Flint 3 just launched, and the headline feature is WiFi 7: that should be less of an issue if you're going with separate APs.
I have a bit of a soft spot for Mikrotik, but I can't help feel like their hardware only exists to sell training.
For our house I tried a Mikrotik, a TP Link and a Ubiquiti AP. The only one that really works in our case is the Ubiquiti. Also for a home that's mostly Apple hardware, you kinda need a manage wifi solution, because Apples WIFI stack have issues switching between APs and needs a controller to kick you off (I don't know if that's still the case). Ubiquiti have one of the only routers that will force Apple hardware to switch APs. Mikrotiks CAPsMAN isn't even really a WIFI/AP controller, it's just provisioning.
For all it's flaws, I still really want to just run 100% Mikrotik gear.
RouterOS 7 with the wifiwave2 package supposedly improves on this by (finally) supporting 802.11r/k/v for roaming between APs.
I don't have any mikrotik hardware new enough to support it so I haven't tried it myself yet and documentation is (as usual) pretty lacking, but like you I want to believe.
Agreed, Mikrotik's configuration is sufficiently different from just about anything else that it takes some significant getting used to.
Admittedly it's still not as awkward/bad as Draytek.
Honestly my router for the last 10 years is an openbsd box + pf rules for routing, dhcpd and dnscrypt_proxy...
I have an ansible playbook that creates the image and I run it on a cheap fanless x86 box....
Any recommendations on cameras that can be fully local?
Personally, I've had good luck with Reolink cameras. I block them from the Internet at the router, just in case, but they do seem to respect your choice if you disable the cloud/mobile app feature.
The cameras will upload jpegs and mpegs to a local FTP server based on configurable triggers, which include 'AI' detection of animal/vehicle/human, all running on-camera.
I wrote a simple script to put all the daily uploaded jpegs on a HTML webpage (each linked to the video) for review. Home Assistant also has an integration that can do streaming and grabs the detection triggers as well.
Most people I know in a similar situation went with generic ip cameras paired with a synology nas for an inexpensive option.
I've been researching options for a new ground-up home network setup in a new house, and so far UniFi stuff is on top of my list. FTTH company will install their stuff up to an NT in the basement, and from there it'd be my setup - a UCG Ultra gateway, couple of PoE switches across the main house and outbuilding, and 2-3 Wifi 7 APs sprinkled around.
From all I've been looking at, looks like it's the most straightforward setup. Fully centrally managed via the gateway, leaves me plenty of options for PoE-powered security cameras and other expansions in the future, can be upgraded on a component basis when desired, and integrates nicely in HomeAssistant. And with all that, not even really more expensive than what seems like much more fiddly alternatives like the TPLink Omada system and others.
> Lotta haters out there but this is just advanced as I want to get in my home lab
IN all fairness, that hate is reasonable. Ubiquity has _some_ things done super well. As long as your needs are addressed by the config/options/UX/API that they expose, you'll have a pretty good experience. As soon as you need to do something that isn't easy, you're going to be fighting your core network infra the entire time and that's a miserable place to be.
Stick to unifi for switches and *basic* routing. Use their LED lighting / Cameras / Access Control and other side-projects at your discretion.
The thing about the UniFi platform is it iteratively improves. Years ago you couldn’t manage NAT rules or DNS from the GUI, though there were workarounds to modify iptables at the command line and preserve customization across upgrades.
Now days, static routes, SNAT/DNAT, and DNS are all in the management interface. So.. things improve, and every time I’m back using EdgeRouters, Extreme, or Juniper elements I miss the low friction of managing UniFi stacks.
Agreed that if you need VRFs for example, DC power, and are working through similar complexity requirements, Ubiquiti is the wrong stack. I’d say Ubiquiti is not heavy weight, but it seems to address 90% of SMB setups.
I've always said that Unifi handles well enough the 10% of networking configuration that 90% of users need. If you're in that other 10% of admins who need something more complex then it's not the right pick, but in a great many cases it's strongly planted in "good enough" territory.
This is 100a% wrong from my perspective. I host multiple sites using UniFi, old Router/SwitchOS as well as AirOS/UISP. I have many VLANs under management spanning these different variations of "old" and "new" implementations and none of them are "a miserable place to be". Maybe if one doesn't actually understand networking nomenclature or interop, sure. I happen to have a pretty deep networking background - but Ubiquiti products have actually made it easier in many cases to do some of the more advanced things in other routing platforms.
While I don't like many of the shady things Ubiquiti did with respect to OSS and for a while I did try to move away from them. However what I found was the prosumer market riddled with less polished alternatives. Microtik does offer some interesting hardware for edge cases that UniFi doesn't cover, but when it comes to a unified system Ubiquiti have done an amazing job.
The pricing has gotten a bit outrageous. For example: trying to find a reasonably priced high wattage PoE switch in UniFi's line is no longer an easy task. It's tradeoffs all the way down. I have an original (SwitchOS) 48 port GbE & 4 SFP+, full L3 with a >250W budget and replacing it will be rather pricey or I'll have to make concessions.
But overall... There's no better prosumer option - good, bad or otherwise. They haven't enshittified the product with subscriptions / software upgrades and my guess is they're making this move back to self hosted options to actually save themselves money. A win on both sides.
Like the other commenter said, VLANs are table stakes.
Try making a multi-homed IPv6 network with Ubiquiti gear. Easy (I might even say trivial) to do with an OpenBSD router and PF, but impossible with Ubiquiti because of how they broke the DHCPv6 client so that it can't accept leases from multiple interfaces and assign them to `radvd` for SLAAC.
You want to do anything other than the most basic task of advertising a single prefix from your ISP? Like advertise the same ULA on multiple VLANs for local services? Well, fuck you for wanting to do that. (Even EdgeOS could do that.)
All of your modern (anything from the last 10 years) phones, computers and tablets already know how to handle multiple IPv6 SLAAC addresses from different subnets and route packets appropriately. All you need is a not-braindamaged router.
The firewall in Unifi is a huge regression compared to EdgeOS, and completely brain damaged compared to PF.
Oh, and the MDNS reflector... why is it so bad?
Ok, I think I need to stop now.
Vlans are table stakes.
Unifi still doesn't have great IPv6 support in 2025 and that's insane for anything that's trying to position itself even remotely near professional grade gear.
It appears to have changed recently but at least around the beginning of covid, you still had to SSH into their gateway/router thing and manually edit a JSON file to configure even basic S/DNAT rules. When the whole selling point of the gear is SPOG MGMT web ui, it's fair to consider "SSH in and edit files" as fighting your gear.
The number of times that I have had accurate, timely, correct, competent support experiences is zero.
The number of times I've been gaslit, lied to, misled or otherwise asked to repeat the same basic diagnostics and troubleshooting that I had already done in the opening ticket message... Is high. Something I would expect from D-Link or any other cheap gear. Not at all acceptable at ubiquity prices.
Speaking of garbage quality support, dead links!
case in point: https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-...
That used to be my reference or how to access the config file I needed to edit for basic Nat. Now who knows where that information is. Maybe the way back machine?
I haven't looked inside any of the latest gen 7 access points but I remember not being impressed with there overpriced gen 6 access point using last generation chip from Qualcomm... Which is unacceptable at their prices.
I stand by my point: if you buy their older switching gear, you can get a really good deal. Don't use them for routing unless your needs are relatively straightforward
> There's no better prosumer option - good, bad or otherwise
Mikrotik maybe?
I run both ubiquiti and mikrotik stuff. The mikrotik definitely has... a learning curve, but you can do some stuff with it that's pretty difficult with ubiquiti.
> There's no better prosumer option - good, bad or otherwise
That’s why I just had to buy new Ubiquity gear two weeks ago after an update bricked an older ubiquity switch and router (purchased in 2019). Spent a ton of time on the console but both were stuck in some sort of boot loops and were not salvageable.
Ended up buying replacements from ubiquity, but I feel pretty dumb buying new stuff from the company that just screwed my weekend and wallet. I could also swear that I had auto updates off for firmware but maybe that part was on me.
There are a bunch of new offerings in the wireless access point but as soon as you need more than 8 or 12 switch ports, it's basically down to microtik and UniFi unless you have enterprise budgets.
Zyxel GS1900 are quite nice managed switches for reasonable money.
I think the Mikrotik learning curve is very fair for the level of complexity of what you're trying to do with it. It's like 1:1 time to configure:how weird the thing you're trying to do is.
Maybe if one doesn't actually understand networking nomenclature or interop, sure.
They're cheap and nasty, but they mostly worked.
Have to agree. I've tried multiple times to replace my. edison FiOS router with different Edgerouters and none of them have been able to compare to the Gigabit speeds I get with the Verizon router. I'm not even using wifi, just want a simple router with a firewall and port forwarding that can compare to my $12/mo one from Verizon. I troubleshooted each for a eeek tweaking hardware acceleration and other knobs, but they couldn't keep up. I think people don't compare and test and just assume it's just as good, but it isn't.
I have nothing but bad things to say about my shitty UDM from Ubiquiti.
It has issues with 2.4Ghz speeds, it randomly restarts because their software is buggy as hell. Their Apple style UI sucks ass and they have a mobile app that you can barely do anything in so you may as well just go to the web interface.
They have no features like proper QoS (smart queueing does NOT count) and even just little things, like not being able to search clients by IP, or ordering by current speed never working quite properly.
It's a fancy UI over crappy code that's been duct taped together. As soon as I move house I'm moving to Mikrotik again. For APs I may keep unifi, as they're very good at that one thing, but their routers/switches suck imo.
Same for me, buying my dream machine pro (and AP's) was one of my few tech purchases that I have zero regrets buying. It is still running strong after a few years and see no reason to change it anytime soon.
Have they been perfect? No, but this has allowed me to control my network how I actually want to control it.
This has lead me to now having multiple Ubiquiti components (with more planned), my most recent was switching away from Synology to the UNAS Pro and it has been great.
Really the only thing I ever bought from them that I really regretted was the tooless mini rack. Was really cool but I have non ubiquiti things that I need to mount and I doubt they are going to actually make a server I can run k8s anytime soon.
I just think £360 for an IP camera is too steep, half would be a no brainier over ring. Their new Lite switches replace stuff that was rack-mountable, not there's no ears are far as I can tell.
The gateways are awesome value.
I got into Ubiquiti due to their APs being effectively enterprise level features for consumer level prices. Their coverage and quality was a cut above the TP-Link gear I'd used previously (which was, in turn, better than the D-Link and Netgear stuff that I'd tried).
So I am confused by their Camera prices being so high.
I went with Reolink on cameras and NVRs and don't regret that decision. Probably spent a third of what it would have cost for Ubiquiti. There must be some benefit to the extra cost, but I don't think it's one I'll miss.
I have a couple sites with both types of cameras. And I really love all the customizability with my Frigate / Reolink site. But UniFi can command the premium on the camera hardware because of all the features they give you on the software side of their NVR. It's far better than what you get out of the box compared to something like Reolink in terms of detection and set-it-and-forget-it mentality.
I have a site that has 8 cameras and 2 of the 8 are original cameras that are >5 years old still getting firmware updates. Reolink does not do this and I have had much higher failure rate with them as well. Especially in outdoor cameras that have to handle snow/ice/extreme cold.
Especially when they die after 2 years. Bought 3 G4 Pros direct from Ubiquiti and two are dead. Apparently it's just the POE daughterboard but my RMA requests were rejected due to being out of warranty. My cheap Lorex cameras have been running for 8 years now.
They have a lot of camera models, including a lot of cheaper models, starting at €180 for the G6 turret/bullet if you want 4k or €80 for the G5 turret if you want 1080p.
Looking at the various options, £360 is on the upper end (until you get into the insane DSLR lens one)
Like others have said, the edgerouter issues have left a somewhat bad taste in the mouth, it felt like the product line was being ignored and abandoned for a long time.
And Ubiquiti seemed to get impacted more than other similar companies by supply chain problems that came following covid, but they do seem to have picked up again noticeably over the last 18-24 months, with lots of new product releases.
I love my ubiquity kit, but they annoy me with half finished stuff.
I upgraded my venerable USG with the new UXG as I have gig service now. The gear is great, even supports IPv6, and uses much less power. But… no internal DNS is enabled. So now, I ended up buying a thin client on eBay to roll my own DHCP/DNS. Not fun. It is baffling to me because there’s lots of complex new features in the Unifi stack, and they already had an interface to configure static names in dnsmasq.
I went the Eufy route for cameras as the batteries were a big draw for me.
What DNS features are you missing? Is this a weird UXG limitation?
I have a UCG-Ultra and was able to set up DNS just the way I wanted. My needs aren't extreme, but I was able to set up a wildcard entry (*.apps.domain -> 192.168.x.y) and fixed addresses and DNS names for various hosts.
The configuration is in a non-obvious place now and has moved around a bit over time. Currently it hides in Settings > Policy Engine > DNS. It shows entries that come from the per-host fixed IP/Local DNS configuration (you can't edit these here) and you can create new entries here (like my wildcard or some other random entry).
This was basically why I moved away from them.
I ended up with a bunch of mildly compatible products that were a totally pain to manage. It was _amazing_ when it worked well. It mostly does, but on occasional when things went wrong it was a totally pain pain to fix.
My Tp-link Deco system works just as well for my use case. It occasionally decides to use a terrible channel, but that’s fixed with a quick restart or a few clicks in the app.
Yep, now that TP-Link have fixed the weird Deco bug where you couldn't forward more than one (non contiguous) port to the same internal machine I'm very happy with them, the wifi coverage is ridiculously good.
Wait the UXG doesn't do DHCP/DNS? The UCGs all do those which is a weird design choice.
UXG definitely does DHCP and DNS.
MyUXG Max has DHCP, and for my attached devices if I specify a static IP I get the option to set a Local DNS record.
There's no central management of these records that I'm aware of though.
Absolutely love my Unifi setup, recently upgraded my USG to the UXG as the old was EOL and not performant enough for gigabit routing with SPI.
Ubiquiti is honestly excellent when it works. When something goes wrong, though, their support really falls flat, as I experienced just this weekend when my Dream Wall died early on a Sunday morning. I'm still working with a makeshift network waiting for a replacement.
I set up my home network with their USG (the small square one they don't even make any more) and a couple wireless access points all the way back in 2018 and all of it has been rock solid ever since. In 7 years I've never actually needed to "reboot my router" to fix any kind of weird network problems like is common with whatever consumer junk they sell at Best Buy. It all just sits there, working quietly, and I don't even think about any of it for months at a time.
all the replies not getting this is satire :) well played.
Oh I highly doubt it's satire. Some Ubiquiti folks are just like that, even in real life.
># src: Mirano Verhoef ># Go into root >su - > ># Install all required dependencies apt update ; apt upgrade ; apt install podman -y ; cd ~ ; mkdir 4.2.23 ; cd 4.2.23 ; wget https://fw-download.ubnt.com/data/unifi-os-server/8b93-linux... ; chmod +x 8b93-linux-x64-4.2.23-158fa00b-6b2c-4cd8-94ea-e92bc4a81369.23-x64 ; ./8b93-linux-x64-4.2.23-158fa00b-6b2c-4cd8-94ea-e92bc4a81369.23-x64 install
This is some of the jankiest install installations I've seen in a long time. Not even using && to stop on an error, just plowing ahead for more errors to stack up.
My issue with this comment is my issue with the original article -- what's the actual source for this information?
As far as I can tell, this article has no actual link back to any Unifi press release, git repo, or other project page about this, the closest the author does is link the downloads from Ubiquiti's site (as in, literally, links to the files, and nothing else).
This is janky, yes, and I'm not gonna shill for Ubiquiti, but for lack of a legitimate source, I don't think this is a fair representation of the actual install steps.
The actual source is this: https://community.ui.com/releases/UniFi-OS-Server-4-2-23/21d... but only accessible if you opt-in to the Unifi Early Access program. We are talking beta software / first release here, so any criticism needs to be looked at through that lens.
Also there is the official announcement now: https://blog.ui.com/article/introducing-unifi-os-server
My criticism was mainly of the original article for failing to link to a primary source beyond hotlinking some dmgs.
I appreciate you linking these, though, as well as the extra context.
Their code must be perfect and thus no need to worry about pesky errors.
I think this is like adding overflow detection to a math equation in a textbook.
Things like this get the information out there in human-readable form to be understandable, and error checking would be for the reader.
Or said another way, more like gist.github.com vs github.com/some÷project.git
The fix is a simple as replacing semicolons with double ampersands.
After many (many!) years I finally got around to my childhood dreams of building a home network rack, centered around the Unifi stack. I've got the new 10 gig switch, the dream machine SE, a bunch of cameras, and I've been very impressed with their stuff. The experience "just works" and feels like they take inspiration from Apple. The whole camera setup can be "closed" by shutting off outside access, this self-hosting option takes it all a step further for those who care deeply about privacy!
There's one big gotcha with Unifi cameras, where you have to cloud-connect your Unifi system if you want "AI" detections[1] (anything other than simple motion detection). I'm hoping they fix it some day[2], but for now I just have motion detection on my Unifi hardware. If this is a problem for you, make sure you understand the tradeoffs here before you commit to a Unifi system.
[1] https://old.reddit.com/r/Ubiquiti/comments/1cifnut/unifi_pro...
[2] https://old.reddit.com/r/Ubiquiti/comments/1dbyvan/home_assi...
Still dont understand why this is such a big issue, and I have been reading threads about it for a year now.
Just turn on cloud access, accept the t&cs and then turn it off again. If you are really scared then you can isolate that device in a vlan or DMZ temporarily.
I run many commercial and residential networks, and this is definitely a non issue for me.
I stopped buying Ubiquiti when I reset my UDM Pro and took it to another house without internet access, and it refused to "activate" without an Internet Connection or a phone app connection. Seems they are more interested in selling a lifestyle rather than actual production network equipment.
I stopped buying them when I saw users posting on reddit that they were logging in to their systems and seeing other peoples camera feeds and networks.
https://www.bleepingcomputer.com/news/security/ubiquiti-user...
Im not excusing Ubiquiti here, I agree thats pretty annoying.
However a UDM pro is a router (as well as other things). The expectation is that it is connected to WAN.
Unifi switches and access points etc do not have the same online requirement.
You can't actually configure the wan connection fully without internet connectivity (at least last i checked).
This meant for instance if your WAN required VLAN like New Zealand you couldn't actually set it up without another router. Their fix is to add 1 more option to the WAN configuration options rather than the full suite of WAN configuration options you get once it's talked home.
The partial fix does make it clear that the philosophy of "you must talk to the mothership" is a guiding one that ubiquiti sticks to.
What are you using instead?
OPNsense.
If I ditched my modest ubiquiti gear I’d probably try out https://www.alta.inc/ Because https://chrisbuechler.com/
I swapped my edgerouter lite (ERLite-3) to an Alta Labs Route10 recently after moving to an ISP that uses PPPoE. Unfortunately the Cavium silicon inside the ERL cannot do hardware offloading for ipv6+vlan+pppoe concurrently, so I had to find a new router. The Route10 is a nice piece of kit, but the software is still very immature, and absolutely requires a controller to manage. I really wish that I could run VyOS on it, but for now it does the job and will probably be absolutely fine for 99% of people.
This looks super interesting, thank you
I’m also curious what other prosumer network hardware companies have good products?
I use TP link Omada gear and its a been very good replacement to unifi. I use it both personally & manage a side gig venue’s network. I have lots of vlans & even run dante & ndi with no issues. Replaced a Unifi system it was so buggy. DHCP reserve IPs failed, spotty issues with artists phones & the mixer board to mix their in-ears etc. I’ve setup IPSec tunnel to AWS VPC even pretty easy.
Using a pi4 for last 4 years on poe running their management docker container. So solid! I’d recommend the pi over buying their hardware device mamager, its way slower.
I like Mikrotik routers, and their other products look good too. They are often discussed on HN if you want to search for a range of opinions. I do find that their software can be confusing, but that may also be to do with the number of options.
Having seen a few slippery slope situations like this over the years with IoT and other services, I'm simply not willing to make any concessions in that direction. I use a UDM Pro and turning on cloud access requires associating that hardware with a Unify cloud account. That's already undesirable if you want to safeguard privacy.
Fair enough, the Unifi brand is a consumer/prosumer brand after all.
I guess if you have strict privacy requirements then you would be looking more at enterprise gear anyway.
Why does strict privacy requirements imply enterprise gear?
Because the elites have decided that privacy is only applicable to businesses.
Ah yes. The “elites”. The invisible yet omnipresent, subtle yet ubiquitous, global cabal that no matter how fragmented and divided society gets, always speaks with one voice[0] and acts in seamless unison.
[0] It’s an endless source of fascination to me that it always seems to be non-elites that have the inside scoop on what the elites are thinking and deciding. I’d love to know where they get that insight if not from their own hyper-pattern-matching imagination.
This is absurd. When people refer to "the elites" as I did, they often mean a large group of people. They do NOT speak with one voice[0], nor do they act in seamless unison. It is a bit noteworthy then that governments worldwide seem intent on destroying the privacy of communications on the internet.
[0] People who are used to getting fucked by people higher up in the economic food chain are pretty used to seeing, with their own eyes, the actions "the elites" take. See, we get to live in the world they create. Whereas they get to live in a much, much nicer world, without rules or restrictions. To call the average person's lived experience "hyper-pattern-matching imagination" is just plainly being shitty.
No. I don’t believe most people can see “with their own eyes” anything of the sort. They definitely feel the pain. But the ability of most people to correctly ascribe their pain to a semi-reasonable, possibly-likely source is utter rubbish. Most folks do the exact opposite. They are SO incapable of seeing with clear eyes that they will happily let their abusers scapegoat utterly irrelevant groups and distract with pointless crusades. Most people let their pain get hijacked just so they can easily point the finger at anyone and feel justified that yes, someone did indeed do them over. And as a result, they will consistently vote against their own interests and join in on the gang bashing of minority groups, all the while being screwed over even more.
Perhaps next time it would be more useful to point out exactly who you’re referring to in a given discussion rather than lazily refer to “the elites”.
I’ll also add that in my view, most of what seems like the concerted actions of a global conspiracy is merely the result of very simple human heuristics. Mostly functions of greed (for money, power, or both). Just like the amazing structure in fractals arises from very simple math, so too the workings of our politics and economies through simple human heuristics played out at scale.
This is an absurd comment.
Do you really think there is some magical network gear out there which provides easy full security, but is only available to buy for a specific group of people?
Because it generally has much stricter firewalls, more granular policies, better/more comprehensive logging, no device phone home, and no requirements to sign up for online accounts. All of which make it all much more secure by default due to standard enterprise company requirements, and easier to customise to the users specific secure needs.
Enterprises often have to pass audits and have regulatory compliance requirements. So no surveillance capitalism for them. Where enterprise tech vendors get you is licensing cost.
Enterprises often have to pass audits and have regulatory compliance requirements.
So do many smaller organisations. The market for prosumer/SOHO/SME tech is in a sorry state lately with many being pushed towards what is essentially consumer level junk with a slightly different finish on the case and a different badge.
There is an irony here in the UK that we're finally seeing widespread availability of FTTP broadband with gigabit+ speeds and the latest WiFi standards but trying to find decent routers, switches, and access points that support 10G internal networking and the full rates of the available broadband and WiFi standards is a nightmare. It's like the only conceivable options are extremely expensive "enterprise" products and consumer junk that you control with a mobile app (until it becomes unsupported at some indeterminate future date presumably) that phones home to the manufacturer's servers (until they get shut off at some indeterminate future date presumably) and only works with an account on the manufacturer's system (until it deliberately or accidentally gets disabled for any reason presumably) and possibly a subscription payment (that can increase arbitrarily in future years presumably). It seems like literally no manufacturer that has previously provided reputable mid-level equipment still trying to compete in this segment of the market any more and that is both sad and potentially dangerous.
They pay enough to not become the product
Because enterprises pay a lot of money for strict privacy, whereas consumers pay less if anything.
In my experience generally consumers pay zero for privacy but expect it anyway.
In addition to the other comments, enterprise infra (almost) never has internet access.
Will it still get automatic updates in case of security issues?
https://store.ui.com/us/en/products/ai-key
Even this only reviews "Smart Detections" and I have smart detections turned off on my Unifi cameras, because it enables cloud AI. Having the ability to have an AI key to process detections locally would be great.
Also, having to buy extra hardware kinda stinks. Would love to be able to have a self hosted Unifi OS server that can do AI key abilities if the hardware supports it.
If only the system would cope with power outages I would agree. My viewports refuse to reconnect to the cameras and need multiple forgets/adoptions to come back to life. The (wired) cameras themselves take hours before they show up again, except for the (WiFi) doorbell. During this period I can see the all online via the managed ubiquiti switches.
I've been using unfi protect/capture (I self hosted capture for a long time) for years and have never had a forgotten adoption any they almost never go down. I do have everything on UPS now but I never saw the issue before that either.
That said I've only used the wired bullet cams so maybe other models are not so nice.
Really the only downside I've seen is about 5ish years ago, all the bullet cams I bought would die after about .75 -> 3 years. All died with the same issue and I had 100% failure rate with any bought during that time frame. Ubiquiti replaced the ones that died during the warranty period but most died just after that expired.
The ones bought before or after that have been great so the issue was solved but I have a nice stack of dead ones that would work great as fake cameras, especially as their IR leds still light up.
Surely the expected solution for that is a UPS on the POE switch?
A UPS is not a solution for all power outages, just ones short enough to last the UPS uptime. The brains of the system is supposed to be the Cloud Key anyway which has its own built in “UPS” and seems to shut down gracefully if you kill power.
The cameras and viewports should not be writing data at all after an initial configuration if designed properly and killing power should present no problems to any system with a read-only filesystem. As someone who designs systems like these it absolutely baffles me.
Version 1 Cloud Keys would brick upon power loss.
Just one of the many side effects of building on top of mongodb. :)
Ummm..... So the solution to cameras taking several hours to take back to life is to.... just to make sure the will never go offline?
The UPS remark is such an non sequitur. Sure, it's prudent to have one but this doesn't make the bug go away.
I agree, not sure why you are being downvoted.
It's not a solution, its kicking the can down the road. What happens with the UPS battery dies and the power comes back on? The cameras are still down for an unacceptable amount of time because of poor software.
The cameras should reassociate almost immediately after regaining a connection. It shouldn't take hours for them to try and connect again. I won't fault the camera for going down when the power dies, I will fault it for not coming back immediately after the power comes back though!
Yea Ubiquiti is brutal after a power outage. I got a battery back up for my rack just to avoid post power outage down time.
My general impression is that it “Just Works” if you don’t do anything remotely interesting with it.
Want to create a VLAN with no Internet connectivity? Better test that it actually has no Internet connectivity because the setting doesn’t actually work.
Want to use the firewall? Better test all the rules — it’s amazingly buggy.
Want to change a WiFi setting without WiFi going down for a minute or two? Good luck — UniFi doesn’t seem to care about making it work.
Want to find information (MAC, switch port, DHCP reservation, etc) about a device that uses the same MAC address on multiple VLANs? Good luck — it looks like UniFi utterly flubbed either their database schema or whatever interface their front end uses to talk to their backend about it, and it’s very, very broken.
Want to find basically any setting based on online docs? Too bad — they keep moving the settings and not updating the docs.
Just to reiterate for those that missed it:
If you change the schedule of a WiFi network your entire network (wired and everything) goes down for two minutes.
Just a simple admin policy change… full network outage.
Clown. College.
Constantly tweaking settings is not a use-case they have optimized for. Most of their customers are small IT shops that support small/medium sized businesses. They set up a network for a few doctors offices, law firms, etc. by clicking a few buttons in the controller's GUI once, and then remotely keep an eye on the networks with the controller software's remote management features.
If you set the thing to automatically optimize WiFi (the default!) it goes completely down for several minutes every day.
I would not want to have to carefully optimize settings to get that third nine of uptime for a small business.
Eh, in my experience, if you disable the uplink monitor features aggressively enough (which is in a different place in different firmwares and currently seems to also require disabling all wireless uplink/“mesh” capability), then sometime more of the network will stay up. Maybe even the gateway will keep working too if you don’t touch any gateway settings. Of course, if the gateway does decide to reboot, you’re down for many minutes.
It’s real classy.
The thing that made me move off of it was issues connecting to devices on mesh'd APs if the ARP entry for that device timed out on the main AP.
Literally couldn't connect to my mobile phone, and after a lot of troubleshooting (which Unifi does pretty much nothing to help you with) I found that when the phone had roamed to the mesh'd AP, ARPs for it wouldn't get answered. If I forced it back to a wired AP or manually added it to the table... all worked fine. Went unfixed for years, heck, I still don't know if it is...
And all the "alerts" about malicious traffic that a bunch of prosumers seem to love? It's not very actionable for figuring out if it's really a problem nor digging deeper...
Oh, and when they had a firmware update that changed the SSID maximum length from 32 (the spec) to 31. My SSID is 32 characters and after that I could no longer edit the network without a UI error. That sucked.
I'm now on OPNsense and Ruckus APs and while it's not as integrated, I couldn't be happier.
If you can spring for Ruckus (I just buy used off ebay), it's worth it. The controller is integrated into the AP - for me that was worth it over unifi alone.
This. They make excellent access points and their lite beam/air fibre products are great.
But UniFi has serious limitations when it comes to anything beyond the basics. An off the self Asus all in one home router actually has more features and capabilities.
> An off the self Asus all in one home router actually has more features and capabilities.
This is just not true at all. I agree unifi can be buggy at times, and their super clean interface means they need to hide stuff all over the place, but I havent found any network configuration I couldnt do on Unifi yet.
Care to elaborate on exactly which functions standard asus routers have over Ubiquiti gear?
VLAN with an id of 0 isn't possible on the new interface last I checked. Which, granted is a weird thing to do, but...
That's not a valid vlan ID for most vendors (Reserved) and can also be a security vulnerability, as it can allow traffic to elevate its Class of Service and hop vlans via this method.
There are off-the-shelf all-in-one Asus home routers that do VLANs?
Many Asus home routers advertise compatibility with and/or run OpenWRT internally, so yes to a certain reading.
Here's a random example I found:
https://www.asus.com/networking-iot-servers/modem-routers/al... | https://web.archive.org/web/20250704161852/https://www.asus....
Installing a custom firmware on a router does not count as 'off-the-shelf' imo.
I’m not speaking hypothetically, as I have used VLANs on native stock Asus firmware.
yes, thos is quite rare thong. Could you describe the reason behind it?
Idk about you but I’m rocking a site to site link to my parents house, I have vlans for each segment in my home network (iot, priv etc) with full ipv6 routing and custom filtered dns over https with full network name resolution for all dhcp clients by their hostname on my local subnet domain…
I have complete control over my kids network access, can block specific types of traffic by app type or time based rules. I have high visibility into my WiFi setup and everything is on prem and self hosted and integrated with home assistant…
I took a hybrid approach -- Unifi for everything except the firewall, and a Firewalla for that. I'm overall quite happy with it, although you won't get a single pane of glass for management.
This. I don't use their gateways/ security devices anymore. I run ONSense at every edge which allows me to so some really nice things with respect to remote access for non-home sites.
Most people don't want to do anything 'interesting'. If you stray too far from the beaten path, I'd argue that you no longer need or something that "Just Works". You need something very configurable, which, by definition, will let you shoot yourself in the foot.
My current setup is Mikrotik for wired and Ubiquity APs for wifi. Their wifi devices have great specs and are difficult to beat. Mikrotik has decent wifi devices but not only they have a footgun minefield - not exactly their fault since Wifi is difficult to get right, so the more settings you expose, the worse it gets. Mikrotik also logs behind in features (they are still at wifi 6). It's an odd combination of philosophies but seems to work, all the vlan logic is offloaded to Mikrotik. And so are firewalls, etc. Then the voodoo Wifi stuff gets handled by Ubiquiti.
> Want to change a WiFi setting without WiFi going down for a minute or two? Good luck — UniFi doesn’t seem to care about making it work.
I am with you on that. It's things like that that prevent adoption by larger businesses and contribute to the perception that they aren't a serious contender. I previously had an Aruba InstantOn setup(which is focused on SMB), and got really accustomed to being able to tweak (most) settings without any interruptions at all. I could even do things like change channel widths (in one direction) without losing connectivity. What was really surprising on Unifi is that I lost connection when I changed settings for a _different_ SSID, for like a minute. That isn't really acceptable.
They still do a lot of things right though, and it shouldn't be too difficult to get their act together. The devices are pretty decent and at a surprisingly low price point.
But unifi is trying to position at the prosumer segment.
And we have things like indeed no WiFi (all networks down) if you dare to change WiFi settings, or mdns having a hard limit of five networks because the underlying Perl script is 10 or 15 years old.
This was absolutely my experience. I ended up tearing it all out and selling it on eBay.
I run OPNsense now with a Ruckus standalone AP, and it has been bulletproof.
Funny, I did the same... Never looked back at Unifi. That was a constant fight with problems.
OPNsense, a cheap fanless Brocade switch, and two Ruckus enterprise-grade APs from eBay and boom. Stuff Just Works, and when I want to do anything fancy (I did a /lot/ of weird network setup to troubleshoot users' WFH scenarios during COVID times) I just could.
I did this in 2023 and my experience has been the same. Had 0 problems other than Sonos being, well, Sonos.
Recently set up CCTV at my parents’ with a Cloud Gateway Max, set up a site to site VPN in 3 clicks and now I can support remotely and their Sony smart TV can see my Jellyfin server.
IIRC some Sonos issues are related to STP. AFAIK it's, like you said, Sonos being Sonos. Lol.
Yeah, that was exactly it. Unifi have a special page in their docs for dealing with Sonos.
https://help.ui.com/hc/en-us/articles/18930473041047-Best-Pr...
I ended up connecting everything with a wired connection and disabling WiFi. Thankfully I have cat6 to every room so it wasn't an inconvenience.
It's worked perfectly since.
How could a Sonos device possibly interact with spanning tree? Are there Sonos devices that act as bridges?
Most of their devices act as bridges; some of the newer ones don't. Some have multiple ethernet ports, and anything that has both an ethernet port and is part of their "sonosnet" mutant-wifi will bridge between sonosnet and their ethernet port(s) with spanning tree using classic (pre-RSTP) link costs.
If you're not careful you can end up with the "best" path between two switches going over the sonos-to-sonos wifi.
That’s nutty!
I am more interested in your childhood than your network at this point.
> I finally got around to my childhood dreams of building a home network rack
My childhood dream was to build crazy buildings, before that it was a space explorer. Not sure a home network rack ever made the list!
That's because Robert Pera, CEO/founder used to work for Apple for a few years when he was very young.
Has he said that?
I did a lot of jobs when I was very young. I wouldn't want someone to draw conclusions about me today based on my failed stint at Burger King, for example.
I really love my Dream Machine. Super reliable. What I don't like that much is their UI. It is super weirdly done. It is not natural to use, at least if like me, you use it once every 6 months or more.
I like the way they do VLANs. It's easy enough that it can be managed by people that don't understand all the low level terminology.
> feels like they take inspiration from Apple
the founders are ex-Apple
I really wish PC with some good m.2 wifi cards in it were more of an option for wireless. PC based routers are awesome, there's great software. It's just the wifi situation keeping us tethered to very special boxes.
Even openwrt has severe limits. It's up to you to flap on all manners of optimizations and tweaks to what is basically a hostapd.cond file. Hostapd.conf is the gatekeeper of one of the most important connective channels on the planet, and we collectively know so so so little of it.
At least the m.2 & m-pcie cards have finally started getting somewhat better availability. It's still 90% Compex reference designs, but they're somewhat purchaseable, after years of this stuff being super hard to get ahold of. Seems usually to be ~$200, for a card that'll do wifi-7 2x2 5+5GHz (ex: Compex WLTE7002E55, using Qualcomm's QCN6274).
Get some access points. Something like the TP-Link EAP610[1] (I have not used one of these, yet).
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=11...
Given the context, Unifi access points work rather well for that. Wired router.
I use OPNsense with a Ruckus standalone AP. It has been bulletproof.
That market is pretty small I think, and it's split with the people that jump right to used enterprise aps for their radios (I'm using 3 rukus 850s for instance)
There was a lot of drama around Ubiquity a few years back. Happy to see the company is still alive and the indicator that they're coming back around to self hosting. All the hardware I bought a decade ago is still running fine (without any of the cloud software) and it looks like their newer stuff would be worth the upgrade (10gb everywhere, easily, at last).
As far as I can see, they still flirt with vendor lock in. None of their cameras supported ONVIF when I researched this previously. Nice hardware, lame software choices, IMO.
They support ONVIF now in their backend.
The "UniFi Protect" NVR server can ingest a feed from a 3rd party ONVIF camera, but I don't believe Ubiquiti's own cameras can expose themselves over ONVIF. Their camera's still seemed locked to their NVR software. (Though they do have a very basic managment interface hosted on themselves, and you can ssh into them)
Ubiquiti NVR does not support ONVIF on-camera detected motion events.
truth, didn't mean to imply otherwise.
> They support ONVIF now in their backend.
Got a link? I'm curious about which profile(s) and does this mean that it's still proprietary between the NVR and camera but from the NVR I can get an onvif profile compatible feed?
You can bring ONVIF compatible camera into NVR, but you won't get any detections unless you use AI Key...
> There was a lot of drama around Ubiquity a few years back
I've noticed a lot less Ubiquiti hate comments on HN since that one employee got arrested.
I may be misunderstanding this, but as I recall originally the only way to run unifi was to have self hosted it through an app on a Windows machine on your network, then it went to the cloud, then cloud only, and now it seems to be coming back to self hosted? Good if so. (UniFi is their app/system to configure your ubiquiti network devices and to gather stats from them, it really did change the networking industry for such a low cost product at the time)
The self-hosted app never went away; I've been running it for the last 8 years or so, first on a MacBook Pro, then a Raspberry Pi, and now a repurposed HP T620 thin client.
They promote their cloud controller pretty strongly, followed by the Cloud Key, which is their own preinstalled self hosting setup, but the self-hosted UniFi Network server has stuck around. (It changed names a couple of times; it was the "UniFi Controller", then "UniFi Network Application", and now "UniFi Network Server".)
Lately they luckly built the console into their router products - UniFi Express, UniFi Cloud Gateways and Dream Machines all have the console builtin and act as controllers.
And my experience with the cloud key was freaking awful.
Terrible little underpowered device that frequently wouldn't come back up after losing power.
I switched to Aruba because of the cloud key and haven't looked back.
I had the same problems with the Gen 1. The Gen 2 added a battery and shutdown on powerless, and never had a single problem with it.
This is what is confusing about this announcement, is anything actually newly available or is this a rename of the existing thing I've been doing in a container for years?
This is the first time UniFi OS can be self hosted, before you were able to use UniFi Network Application (Server), however this never included features like Teleport, Identity, Cybersecure subscription and many other features that require UniFi OS.
You've always been able to fully self host their core network controller, and not just on Windows. Linux has always been the preferred platform to host it on. However, the other more specialized apps in their ecosystem like their NVR software, etc was not self hostable independent of their controller hardware.
Right now it looks like UniFi OS server doesn't do anything the prior self hosted stack does already. Presumably though they are planning to roll out some of the other parts that currently aren't in the fully self hosted stack.
> then it went to the cloud, then cloud only, and now it seems to be coming back to self hosted
It never went cloud-only. You could always self-host.
They've had different versions of cloud hosted offerings over the years. A few companies have also offered their own cloud hosted instances.
There was the little cloud key thing that they had for a while and then there's a version 2 of that.
There's also been a container version for quite a while too.
Gen 1 cloud key: https://dl.ubnt.com/qsg/UC-CK/UC-CK_EN.html
Gen 2 cloud key https://store.ui.com/us/en/products/uck-g2
Container from linuxserver.io https://github.com/linuxserver/docker-unifi-network-applicat...
The UDM pro has the controller built in. Others have mentioned the Cloud Key, of which there are two versions. The controller software runs on Linux, macOS and Windows. I used to run it in docker on Linux. For years. Quite easy to manage.
I run it on FreeBSD arm64 very successfully also.
UniFi OS Server is similar to the old self hosted solution (the controller) except it can run more of the applications. I used to self host some years ago and only the Network was available. Now the OS supports InnerSpace and Identity too.
It has always been self hosted as an option. I can’t speak to any Windows versions, but I’ve always run on Debian.
Last time I used it (some 8 months ago) there was Windows app and mobile app.
In order to configure, check what was going on I needed to run app on my Windows computer. I was looking into using docker or something like that, but I switched to another vendor.
Recently switched from a UDM Pro Max to a Firewalla Gold Pro and couldn't be happier about the move. Software that works > software that has everything but requires magic to get checkboxes to adhere to a save state-this is a common issue with UniFi Network options. They need far better QA before I recommend anyone use them as an OS.
1 of numerous examples: https://community.ui.com/questions/Device-Static-IP-Not-Savi...
A minor UI bug versus not patching multiple security vulnerabilities?
https://help.firewalla.com/hc/en-us/community/posts/44144642...
Might be better, but it’s 4x the cost. Firewalla Gold SE at $509, vs UniFi Cloud Gateway Ultra at $129. In my experience, the software does work fine. Works way better out of the box than most routers I’ve used.
Yeah I use an OpenWRT router that cost ~$125 and should have just about all of the capability of the $500 Firewalla
Yeah when I got 10 Gbit internet at home, all the options for a router looked really expensive so I bought a Lenovo ThinkCentre Tiny for $80 + $20 for the riser+NIC, and installed OpenWRT on it. Runs like a charm, power draw is a the same as the ISP's monthly rental router.
I'm absolutely loving my ThinkCentre M920q, riser + Intel i350 NIC + ProxMox. I had not forayed into the wifi router world for over 10 years, and am amazed how much power, and how little power consumption, you can get for ~$150.
What issues did you encounter when using Unifi?
From what I’ve seen, Unifi seems like the closest to an "Apple-like" experience - especially given how much more robust their capabilities are compared to most other providers.
The idea that Ubiquiti pushes out buggy software as production-ready and that we're all their beta testers is a pretty common meme on their subreddit.
> … pushes out buggy software as production-ready and that we're all their beta testers is a pretty common …
this is such a pet peeve of mine lately. companies are doing this all over the map now, from cars (especially self-driving), games, network equipment, entire software suites… and on and on.
i absolutely did not opt in to be a beta tester as a random human on public ways. i did not opt in to be a beta tester for your search engine results. i did not opt in to be a beta tester for the games i spend $90+ on. i did not opt in to beta test your company’s network equipment which we paid full price for.
build and closed test your products with interested parties who explicitly opt-in and quit forcing and charging us to be experiments in your company’s r&d.
I hear this talked about in the past but is it still true today?
I've at least never experienced it (and I stick to the Stable/Release channel).
I have 4 AP, 9 cameras, NVR and Dream Machine - I guess I got lucky over the 2.5 years I've had Unifi.
In my experience they got a lot better in the last 2-3 years with reliability and polish. I never really had any problems prior to that myself, but I know they definitely did used to have a much more deserved reputation for buggy releases.
I bought a UDM about two years ago, and it was a real mess for about 6 months. It was hanging every few weeks which required a hard reboot- which was shocking, because this was my first attempt at upgrading my network to more expensive and capable stuff, and for the previous 20 years, had never had an issue with my network equipment hanging or rebooting. They were going to RMA my UDM, but then they had me install a special release as a last try, and it worked, and everything has worked well since then.
That said though, do I really need these features? The biggest draw was having a proper AP to put on my ceiling instead of my old google wifi pucks. The upgrade from wifi 5 to 6e was not noticeable in any way. I spent 3x the money and really have nothing tangible to show for it aside from a cool UI to log into, which was never necessary prior because everything Just Worked.
Also- this may be my fault for not reading the fine print, but the IDS stuff on the UDM only works at 600mbps, and I have a gigabit connection. People in Unifi forums will tell me I am the idiot for assuming that, but it has gigabit ports, its 2023... I just ass/u/me/d that everything would work without issue at line speed and wouldn't have to read the spec sheet like a lawyer.
Anyway, its fine in the end. I would never buy anything cutting edge from them again, I want anything to bake for at least 6 months after release, which is usually how long it takes for their "shipping" stuff to become actually available anyway. I will stop whining now :)
The v8 firmware for the U7 Pro APs has been a mess.
Having used Unifi for 10+ years, they really have improved their firmware/software by quite a lot.
You can easily turn off automatic updates. I check the forum before I update. Haven’t had any issues for 10+ years.
You're correct, but the running gag is that every version released as production is a beta.
It's been awhile since I used Unifi, but regardless of the label they put on their binaries, things felt like beta. That doesn't mean I had issues per se, or things I couldn't work around. But it may be missing things, almost certainly missing promised features, rough around the edges, etc.
Yeah, I'm not super happy with their release process. That's why I look at the forums before I update. And I don't update very often, probably 1-2 a year.
A neighbor has a bunch of Unifi devices and he just has his on autoupdate and never has issues. I definitely am scared to give them that much control.
Same, never had an issue. And I also skip the latest couple of minor versions most of the time unless there’s a security bugfix. Gives the updates time to bake.
I haven't found that to be the case on Stable channel.
(I do notice people on forums love to use Early Access update channel where... YMMV).
I couldn't get my Elgato Key Light Air (or whatever its called) to work on my Unifi network - something was amiss with the WLAN settings that others reported was specific to unifi.
I didn't like how they stopped supporting on-prem Unifi Video server, and only allow you to use it with a hardware appliance now.
They moved beyond "just build good product" and into unwanted cloud services and closed ecosystem.
If this is a re-opening of some of their self-hosting, then great. They're back to par, I guess?
> Elgato Key Light Air (or whatever its called) to work on my Unifi network
I also have struggled with this, and spent many hours bashing my head against a specific setting in PFSense that requires a plugin to enable.
Then, I thought to try updating the firmware on my Unifi WiFi AP, and have had (almost) no problems ever since. It has taught me to think twice about spending $100+ on a piece of niche electronics that can only be controlled if it is compatible with your WiFi...
That was definitely the case. It's not always the case anymore.
$889 for a SOHO router? Who is this aimed at?
1 bug from 5 years ago?
What does “OS” in the name stands for? My first thought was “Operating System”, but that doesn’t make sense when what they are providing is a server via a docker container. No one says they installed the Elastic OS…
Ubiquiti themselves call it “software package”:
> Self‑hosted software package that delivers UniFi Network [1]
My second thought was “Open Source”, but the absence of comments complaining about the license make me believe it isn’t this.
Any guesses?
They've borrowed the name from the CloudKey/Dream Machine to make it clear that this will have parity, instead of what we had previously where you could only run some of the apps in isolation that would normally be bundled in the full system image for the CloudKey.
My guess actually is "Operating System", because this piece of software is required* for operating all your UniFi devices (central management).
* Required if not each should be a standalone, some devices won't work without UniFi OS AFAIK.
If I were a hospital, financial brokerage, etc, I would use Cisco.
But since we're a small business < 50 employees, with 4 sites (office, call center, colocation, cloud) Ubiquiti makes it unbelievably easy to administer, even though I know I'm leaving plenty of performance on the table in terms of switching performance, latency, QoS, and throughput.
Surprised at S2S VPN performance at these price points as well! More than adequate!
I've been self-hosting a Unifi controller (now called 'Unifi Network') for years in a Docker container, and before that I'd run it on a Windows machine whenever I needed to make changes to the configuration - I assume this pivot to call the self-hosted version 'UniFi OS' implies a future where more than just the Network application can be self-hosted.
I used to run in on raspberry pi, it worked flawlessly. Its like a hardware container ;-)
What do you like to use the UniFi controller container for?
I've tried hosting the same container before but it never seemed to properly "marry" to my UniFi AP, or it would forget the AP the next day, etc. For now I just use the iOS app which is sufficient to update the AP firmware occasionally, but I wish I could get all the insights of the controller.
I had that problem before. You can fix that by SSH'ing into your AP and setting the inform IP to point to your controller. Just make sure the IP address of the host that's running the controller container is static.
https://www.unihosted.com/blog/how-to-set-inform-in-unifi-a-...
How is this different than the docker container I am running now? I must be missing a detail or two.
You're probably running what's currently called, I think, UniFi Network Server (at one point it was UniFi Controller?).
That lets you configure networking devices but it isn't the "full" Ubiquiti ecosystem (Identity, Site Manager/SD-WAN/Teleport).
Basically before you could run one "app" (the network management one) locally, but Unifi ship a grid of cloud "apps" that you see when you log into unifi.ui.com .
Now they're shipping the thing that hosts the grid itself (enabling multi-site stuff like SD-WAN and the firmware update server), some more of the apps (Identity) and presumably they'll roll out more apps in the future.
1. This is an official Docker image/container from Ubiquiti themselves - no more relying on LinuxServer.io/jacobalberty, etc...
2. With the "UniFI OS" branding, the door is open to the possibility of being able to run Talk, Protect, Access, etc... on your own hardware in the future.
I toast jacobalberty once or twice a year when I login to my Synology / Docker / UniFi Controller app and gaze upon the pretty graphs and throughput visualizer.
Love it. Thank you kind sir for your work!
As others have said, UniFi had some tough years but that early stuff just works and my uptime is in years.
I'm not seeing an official docker image...
It’s there - just built into the binary. ;)
but yeah that was upsetting - I was hoping they’d push them to a registry and make them… more available.
I love the idea of centrally managing network infrastructure that can be ‘self-contained’ in a local service (whether a device, VM, or container).
TP-Link offers a similar solution via their ‘Omada’-enabled devices. Unfortunately, mixing different brands can feel counterproductive, so there’s significant vendor lock-in.
Does anyone know of a similar solution for OpenWrt devices?
> Next, we need to log in with our Ubiquiti account.
Right. They don't learn.
> You can also proceed without an Ubiquiti account
Can you? Or you have to make one and only then maybe possibly to some extent run the thing without one?
You really don't need a Ubiquiti account. They of course make it the default, but you can check a "local user only" box and then just create a local user with a username and password. I really appreciate this about them. You don't need internet to set it up.
Good. Did they fix their APs too or those can't be initialized without an account still?
You can setup and initialize an AP with a controller, and that controller doesn't require a cloud account or internet access.
Sorry to be paranoid, but is this current info from your personal experience?
Because that's how it was years ago, and then they tried to make the cloud account compulsory, and the last time I asked around it was sort of not compulsory but you still needed to create one for the initial setup and only then put your AP somehow in standalone mode.
> is this current info from your personal experience?
I am not GP but I can provide my perspective. I currently use 5 of their switches and 2 of their APs in my house. You do not need a UI account to use the network server locally to manage the devices. I run my server on a debian 12 box.
I locally return nxdomain for several domains they try to lookup. I setup a firewall rule to log any packets from their macs trying to send anything outbound. Apart from my test packets they haven't done so. If you don't nxdomain the domains they lookup then you will see that traffic.
I have not tried the new Unifi OS Server this post is about.
So they did see the light indeed, thanks.
They may get some money from me then and I'll finally have wifi 6(E?).
I self host the controller/network (slightly outdated, 9.1 vs 9.3) with no cloud. Adopted a new U7 pro a few weeks ago, still no cloud.
So everything still works as it used to.
Original announcement from UniFI: https://blog.ui.com/article/introducing-unifi-os-server
(As non-curmudgeonly as possible, this is a genuine question I promise!)
I see a bunch of projects and companies these days calling their product an ‘OS’. I'm not too much of a stick-in-the-mud to not see parallels between traditional OSes and things like Kubernetes (which actually doesn't brand itself as an OS, confusingly enough), but I'm genuinely very confused as to what it's supposed to signify in the branding of projects like these — e.g. this seems to just be a server that runs on Windows or Linux and provides a control panel for your UniFi devices and account. Could someone explain to me what the ‘OS’ is supposed to mean here? (Even if it's something very vague like ‘a sense of being a complete solution’!)
It combines several major software packages into one release and OS.
Think of it more like a vendor distro
So it's used to mean a joint release of several different software packages?
Thank you!
This is great and I hope they release all the other apps that right now can only be added on a Dream Router/Dream machine, etc.
What I would like to see:
1. IPv6. I tried for several days to patch various warts in the Unifi Network Server (the unofficial docker container), to make it run on IPv6 only. Everytime I managed yet another horrible hack in some library they are using, I discovered 4 other bugs that prevent IPv6 only operation. There's always stuff that expects an IPv4 address in Unifi.
2. Managing my own hardware gateway from Unifi UI. I get it that Unifi doesn't make money from supporting this, but it would be very cool. Their gateway is not super complicated, and there are materials explaining how to "adopt" some random device, in the end you still need a cert from the company to make it work.
I have always viewed Ubiquiti and UniFi as serving only the business and enterprise market, not consumer grade individuals like me. I have gotten frustrated with the Netgear and TP-Link grade of WiFi equipment available to the consumer customer and have now ventured into UniFi. My main challenge was just getting a single SSID to work around a large home. Mesh WiFi held a promise until I found out that they really aren’t that good unless you are using backhaul wiring. Companies have been using single SSIDs for decades and that’s where the solution was.
I used to do a wireless mesh with U6 (wifi 6) and I 100% agree with you. But with WiFi 7, everything changes. WiFi 7 wireless mesh is actually faster than hardwiring (mainly because my second AP is connected to a 1G flex mini). A WiFi 7 mesh can actually exceed 1G (using Wifiman, I get about 1.5G). Meshing with a WiFi 7 AP works great for me too since all my devices are only WiFi 6 compatible (for now). Highly recommend replacing your APs with a U7-<whatever you want>
But my wired network is already 2.5G and some devices are 10G compatible.
Interesting. That’s sounds really promising. Please tell me more. Are there any YouTube videos or resources you can point to?
Not much to it! Buy any Wifi 7 Pro stuff. Don't get the lite, its just not worth it. Especially confusing with Lite because Wifi 7 still works on Wifi 6 stuff but they call it Wifi 7?
Hardwire the one closest to your gateway, remotely adopt the others, and youre good to go. Also, double check your frequencies. 1, 6, 11 for 2.4 Ghz. No DFS for 5 Ghz. Scan the environment and try your best. Wifi 7/ 6 Ghz must be same frequency though which is another plus since no ones really has it yet.
> I have always viewed Ubiquiti and UniFi as serving only the business and enterprise market...
I've gotten a lot of mileage out of Ubiquiti gear in SMB space, but enterprise it is not. Ruckus, Aruba, and to a lesser extent Cisco (Meraki) own that space. I wouldn't trust Ubiquiti gear to handle the densities that Ruckus gear can, for example.
For your home frustrations some cheap Ubiquiti gear and spending the money to cable all your APs will do what you need.
I set up a small Ubiquiti setup with Pi-hole, then moved into a home serviced by AT&T Fiber, which comes with an all in one fiber modem and WiFi hub. I started using it before I could unpack, then did a little research on how I could disable WiFi, DHCP, and/or DNS in order to use my own equipment. The WiFi isn't great in all parts of the house so I planned on setting up APs at strategic points. But of course laziness, fear of stuff breaking and my family getting mad at me, and WiFi entrenchment has stopped me from using any of the equipment I bought. I would one day love to switch back over, but I just don't see it happening soon.
I use ATT Fiber and using the pass-through mode has worked pretty well for me. The main problem is their box is still a piece of shit that they introduce bugs/regressions into sometimes. But that'll affect their own service as well, regardless of whether you use your own device w/ passthrough. So you might as well hook your stuff up.
Same. Pass through mode FTW. Was very glad this was an option and works.
ATT fiber pass through -> UniFi Security Gateway -> UniFi 8 port Witch w/ PoE -> UniFi AC Pro WAP
Awesome combo with uptime in years.
There was a guy on dslreports selling certificates for $10 each, and you could just load it up into one of the cheap sfp modules off of aliexpress. Plug it straight into the router of your choice. No reason to use their junk. I've done the same with a different provider.
This is interesting--do you have a link to the sale or instructions as to how that was working?
https://pon.wiki/ has a few bypasses for AT&T and other fiber ISPs. Unfortunately a lot of the info isn't on the website, but in their Discord server instead.
You'd have to poke around in the forums. I'm not sure what the best keywords to search with would be. The gist of it is only AT&T ONTs can connect, because it's using certificate fuckery, but there was a guy buying those up for $1 or $5 or something on ebay, jtag-ing the certs off of those, and selling them for $10 each. There were instructions for how to program the sfp module to use those, and when I got mine those modules were only about $50 each (no idea what they're now with the tariff nonsense). You'd need a router that can accept those, I've got a Mikrotik. I think Ubiquiti has a prosumer router with one too that's not too crazy.
At the time (3 years ago-ish), no one had figured out a way to do it with AT&T 5gig service. But for that you'd need something with SFP+ slots, and those are seriously pricey.
This is full circle. You used to be able to host the unifi stack on anything that would run Java. Glad to see them returning to their roots!
It would be cool if they brought back the self-hosted security camera solution UniFi Protect.
Im pretty sure it never went away?
I think he means self-hosted on your own hardware, rather than requiring their Unifi Protect appliances. You used to be able to with their old Unifi Video .
Unofficially (and therefore not supported), you can just take their binaries and run it on your own hardware. But since they only support their own hardware and it's arm64 hardware, you only get arm64 binaries: https://github.com/dciancu/unifi-protect-unvr-docker-arm64
With them adding generic onvif camera support, I might try it again because the other options aren't amazing either.
You could always self-host UniFi Network. https://help.ui.com/hc/en-us/articles/360012282453-Self-Host...
This launches with UniFi Network and UniFi InnerSpace, which is a deployment visualization tool. I assume they'll add more of the applications to UniFi OS in the future
It turned out to be surprisingly annoying to do this on Debian due to the MongoDB requirement. I forget the exact difficulties but I ended up having to punt and run the container from linuxserver.io.
What hardware were you using to host it?
Ahhh that's it, I think. It was on ODROID H3+, these run on pentium silver N6005 which don't support AVX, which means that "newer" MongoDB won't work without jumping through hoops to compile from source. I just ssh'd into the vm where I run it and it seems like I DID eventually get it working - with mongodb 4.4.x but it's not supported anymore :(
This reminds me of the types of applications that are installed on the Ubquiti Dream Machine Pro.
Ubiquiti has a pretty smooth setup that works well together, the recent years of reliability issues, updates, and data security issues however has been enough to stop buying Ubiquiti and protect it with other gear such as NetGate firewalls.
The Dream Machine Pro had lost some critical advanced configurability from the ui and command line compared to it's predecessor, leaving a lot of users in no man's land. Some of it has been resolved from what I can tell. I own one and had to supplement it with another device in front of it temporarily. Once things are in production, we usually don't look for reasons to touch it.
If your internet is 1 gig or less, I'll still vouch for the trusty littel EdgeRouter X, there's a great guide on setting up a nice little home network on it to learn which direction your next steps will be like.
Hopefully this proves itself in a year and it's an easy decision.
This looks to be an executable that deploys podman containers for you, that is bizarre, and makes me question why it's called Unifi 'OS'?
Yes, a virtual appliance or system image a la Home Assistant OS would seem like a better fit...
That would make it impossible to deploy it next to other services on an existing machine... why would you want less flexibility?
When did it become impossible to run a VM next to other services on an existing machine? As they said, Home Assistant OS works great with that setup and it's rock solid in my experience.
Running a full resource hungry VM when a container is enough is downright silly.
And the HassOS you mention had to go through a lot of work from HASS team to allow for full container runtime so it gets the functionality UniFi's approach has out of the box.
I don't think running a VM (at least) for a core piece of network infrastructure is silly at all, in fact I think it would be silly not to. That is something that should never - ever - break because it would be a very bad day if it did.
The only way to approach certain stability is by removing variables and making the environment as predictable as you possibly can. Containers partially address this issue by shipping a predictable user-space environment, but that still leaves the kernel.
Other examples would include OpenMediaVault, TrueNAS, Mikrotik CHR, VyOS which are all distributed as VM appliances (or host system installs) even though technically, I'm sure all of them could be distributed as containers (and I think VyOS can be used this way, but I don't believe it's meant for production usage).
And personally I want a much thicker security boundary that VMs provide when it comes to critical services like network controllers. Of course that would require a slightly different setup to begin with, i.e. having UniFi in one VM, and having random containers in another VM which is how I prefer to run things at home (in general, I don't use UniFi products).
Or just a docker-compose file, since it's already in container format.
The OS being proprietary was the ONLY reason I doubted to commit to the platform, but this is amazing. If this actually works, I'm comfortable to 100% commit into their stuff.
Does it support UniFi Deep Packet Inspection (DPI)? https://www.unihosted.com/blog/understanding-unifi-deep-pack...
So UniFi stack is the better alternative to Ring (https://news.ycombinator.com/item?id=44620002)?
Is UniFi the sweetspot for prosumer networking if one wants switches, APs, cameras, etc. without a CCNP?
I've been a unifi user for quite a few years, enthusiastically at first and with somewhat more trepidation as of late. They seemed to have some kind of hardware talent exodus a couple years ago, and also when they stopped having self-hostable unifi video and network. I ended up capitulating and just bought a cloud-key but wasn't thrilled.
But yes, they still seem to be the best for small business / homelab type people who want something more than "the AT&T guy put a box behind the couch in 1998 and i don't know where it went after that" but also doesn't want to have to do opnsense or a bunch of that stuff.
And they've managed to regain my enthusiasm a bit by adding plain-ole wireguard (not even teleport, though i do like teleport for my phone) to their managed VPN options, and now by bringing back self-hosting.
My main gripe about lack of self-hosting is, I have a bunch of terabytes just sitting around i could put my video footage of my front lawn on, and it's free real estate. but since i can't (couldn't) self-host video on it, I would've had to pay like hundreds of bucks (or is it thousands?) to get the rackmount video server from them. But now that this is back, hopefully I can switch back to self hosting if my cloudkey ever dies. So that's nice.
So I’m confused, this is just the network management appliance right, you can’t use this to make a switch or firewall?
Seems like a strange sink of capex because the pocket sized network appliance is cheep.
Cameras, networking, door controls, etc.
Yes it has the whole UniFi Network piece, which is various unifi routers, switches, wireless access points, wireless mesh units, etc.
Whoa this is pretty cool. I’m pretty into homelab stuff but self hosting your own gateway/firewall/router can get pretty tiring. I tried OPNSense and it worked great for a while. I tried self hosting unifiOS (I actually don’t get what’s different from the docker one from back then compared to this one) but it gets annoying. Was easier just to buy a cloud ultra for $130.
This is awesome because of how un-Apple-like it is. With Apple, they leverage the ecosystem and force you to buy everything to make a cohesive experience. Want to have cellular on your Mac? We expect you to buy an iPhone and a laptop and tether.
If you want to have unifi WAPS without the UCG - this enables that. It's awesome that they do that, even though right now, it's the cohesiveness of the Unifi ecosystem that is a big driver in their success.
> If you want to have unifi WAPS without the UCG - this enables that.
You could always do this. UniFi Network always had a self-install option.
Even better - you don't even have to run Network - UniFi APs have standalone mode - https://help.ui.com/hc/en-us/articles/12594679474071-Standal...
Any hardware recommendation to run unifi on? Curious what people recommend for that kind of staff
A small NUC or similar SFF PC with 4GB+ RAM and an SSD works perfectly - I run mine on a Raspberry Pi 4 (8GB) with minimal resource usage.
thank you kind stranger!
Raspberry is godsent
Just bought a dream 7 and so far it’s the best router I’ve owned. The software portal is a cut above
I will always moan about Ubiquiti's odd software distribution choices. Just publish an OCI image, for goodness sake. "Installer" executables on Linux.. shudders
Love Ubiquiti devices. Easy to manage in environments who don't have strict requirements.
I have a full Ubiquiti stack at home (router, switches, cameras and APs) and they are great products. The UI keeps getting better and that’s a plus!
I'm curious how is this different from the controller software.
It's the level above; it's the thing that hosts the "grid of apps" you see on unifi.ui.com or on a Dream Machine, for example. The Network / Controller app is just one "app" in the "grid of apps." (I get the feeling that the current Controller app was also forked at some point and this might clean that up too, but I haven't looked into the software to see if that's the case yet).
To start, it seems to allow for the multi-site coordinated tools like MD-WAN to work with self-hosted OS installation, and they added Innerspace and Identity (which I suppose is necessary since I think that's how the login works) as "launch" apps. Presumably they'll roll more out in the future - ideally you could fully self-host stuff like Protect.
What is the advantage of using this over existing OSS solutions?
are there OSS solutions for controlling/configuring unify hardware?
There are not.
If they add 'Protect' to this, it would make it much easier to start building a unifi network piecemeal.
I already have a debian-running storage server, that would be a good fit for running this, and it would enable me to start adding their cameras without going all-in in and grabbing a new router and access points at the same time.
Pepperidge Farm remembers that Unifi Protect used to be self-hostable up to version 3.11. I wish it still was so I could have it on my NAS.
What is the use case for this? Their cloud gateways are very affordable. Aside from the academic aspects of it I don’t see why I would want to run a home brew version of their cloud gateway.
The only Ubiquiti gear I use are their APs, and have cheaper solutions for routing/switching, so being able to run the controller for the APs as a container on an existing machine is a nice.