UNMS - Optional Installation Steps


This article describes additional features of the UNMS installation process. It includes instructions on how to change ports in order to have access through the GUI; how to set ports for communication with devices; how to work behind a proxy, and other initial configurations. See the table of contents below for a list.

  • See theInstallation Guide article for the UNMS installation prerequisites.
  • Unfortunately proper operation, smooth backups and upgrades of critical Docker containers cannot be ensured on Windows and macOS systems.
  • At this time we recommend that you install a virtualization program such as VirtualBox to run the latest version of Ubuntu 18.04.3 (Bionic Beaver) 64-bit and then follow the Linux instructions provided below.

Table of Contents

  1. Installing Prerequisites
  2. Managing the SSL Certificate for Access Via HTTPS
  3. Changing the HTTP and HTTPS Ports
  4. Changing the Device Inform Port
  5. Changing the Suspension Port
  6. Running UNMS Behind a Reverse Proxy
  7. Changing the UNMS Container's IP Address
  8. Changing NetFlow Listening Port
  9. Setting the Number of Workers
  10. Limit access to GUI/API
  11. Cloud
  12. UNMS Data
  13. Devices Latency and Outage Statistics
  14. Related Articles

Installing Prerequisites

Back to Top

Run the following commands on the Ubuntu or Debian system to ensure that all required tools are installed:

sudo apt-get update
sudo apt-get install curl sudo bash 

Managing the SSL Certificate for Access Via HTTPS

Back to Top

ATTENTION:If you want UNMS to use default LetsEncrypt certificate please do not use any of these attributes.

By default, UNMS uses Let's Encrypt to automatically create and manage an SSL certificate for its domain name. The certificate is saved under /home/unms/data/cert/live .

If you need to use your own certificate you can use the following installation script arguments to do it:
--ssl-cert-dir <DIRECTORY> : This is a path to a directory where the certificate is located.
--ssl-cert <FILENAME> : This is a filename of the certificate.
--ssl-cert-key <FILENAME> : This is a filename of the certificate key.
Some older certificates have a separate certification authority key. Use this optional attribute to set it:
--ssl-cert-ca <FILENAME> : This is a filename of a certification authority's key.
Make sure that UNMS has read-permission on the certificate directory and all files. Remember that you can have each file in a custom folder as long as those folders are subfolders of --ssl-cert-dir

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --http-port 8080 --https-port 8443 --ssl-cert-dir /etc/certificates --ssl-cert fullchain.pem --ssl-cert-key privkey.pem

Changing the HTTP and HTTPS Ports

Back to Top

ATTENTION:Please be aware that UNMS must be accessible from the internet via HTTP port 80 if you want to use automatic SSL certificate management via Let's Encrypt.

Use installation script arguments --http-port <NUMBER> and --https-port <NUMBER> to configure the UNMS server to listen on non-standard ports. Defaults are 80 (HTTP) and 443 (HTTPS).

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --http-port 8080 --https-port 8443

Changing the Device Inform Port

Back to Top

User Tip: TheInform port is the port that your devices use to connect to UNMS.

Please be aware that UNMS must be accessible from the internet via HTTP port 80 if you want to use automatic SSL certificate management via Let's Encrypt. Using a separate inform port is useful when you need to expose the port outside your private network, but don't want to expose the UNMS GUI. Use installation script argument --ws-port <NUMBER> to configure the UNMS WebSocket server to use a separate port for communication with your devices.

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --ws-port 8444

Changing the Suspension Port

Back to Top

The suspension page is by default set to port 81. That port can be changed with this optional tag:

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --suspend-port 8081

Running UNMS Behind a Reverse Proxy

Back to Top

Use installation script arguments --public-https-port <NUMBER> and --public-ws-port <NUMBER> if you plan to run UNMS behind a reverse proxy server. The setting --public-https-port is only necessary if the proxy listens for HTTPS on a different port than UNMS. The setting --public-ws-port is only necessary when you use --ws-port (as mentioned in the section above) to separate the inform port form the HTTPS port.

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --public-https-port 443 --http-port 8080 --https-port 8443

Please be aware that this puts the responsibility of managing an SSL certificate on the reverse proxy and disables the automatic certificate management via Let's Encrypt. The reverse proxy must still use HTTPS for communication with UNMS, optionally with a custom SSL certificate. HTTP-only communication between UNMS and the reverse proxy is not supported. The UNMS - Reverse Proxy article shows working reverse proxy configurations for Nginx and Apache.

Changing the UNMS Container's IP Address

Back to Top

User Tip:If you are using the private address range 172.x.x.x. in your network, you may prefer to change the default address of UNMS docker containers in order to avoid any possible collision.

Use the installation script argument --subnet <CIDR> to change the UNMS container's subnet if you experience IP address conflicts. It should be enough to specify /27 subnet, which is then split in half. One half is used by the Docker for internal and the second one for external connections. 

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --subnet

You may also wish to change the IP address of the docker0 bridge created by Docker. See the docker user guide for more information. Please note that this may affect containers other than UNMS running on your system.

Changing NetFlow Listening Port (0.13.0+)

Back to Top

In order to change the listening port for NetFlow use --netflow-port PORT custom installation attribute.

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --netflow-port 2205

Setting the Number of Workers (0.13.0+)

Back to Top

ATTENTION:Please do not set more workers than there are cores in your CPU. Make sure you have at least 0,5Gb memory for each worker as well.
NOTE:Since 1.2.1+ it is possible to manually set up to 50 workers. This option is only suggested for UNMS instances with several thousands of devices, CPU with more than 8 cores, and suffering from performance issues. Always make sure to follow the instructions from the ATTENTION box above.

Since release 0.13.0 UNMS supports multi-core processors. It is possible to set how many parallel processes should be used to communicate with devices with the install argument --workers COUNT. The value of COUNT can be either a number from 1 to 50 or auto. The auto tag means that UNMS will decide how many workers to use depending on the number of CPU cores and available memory. Please note that the auto value will not set up more than 8 cores. 

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --workers auto

Limit access to GUI/API (0.14.0+)

Back to Top

NOTE:This only limits the access to GUI/API. All devices can still connect to UNMS server from any IP address, and this whitelist doesn't affect that connection at all.

You can create a whitelist of IP addresses which are allowed to access UNMS GUI and API. When this tag is used UNMS GUI will be inaccessible from any address which is not defined in the whitelist.

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --ip-whitelist ",ff::ff/25"


Back to Top

NOTE:For a detailed tutorial on DigitalOcean see: UNMS - Cloud Installation Guide.

We recommend using the Ubuntu version 18.04.3 (Bionic Beaver)or Amazon AMI. Here are examples of suitable cloud services:

  • AWS, EC2 instance, t2.small (2 GB RAM), Ubuntu 16.04.1 LTS (Xenial Xerus)
  • DigitalOcean, basic droplet (2 GB RAM), Ubuntu 16.04.1 LTS (Xenial Xerus)


Back to Top

By default, the installation script ensures that the application settings and data (logs, site images, encryption key, etc.) are stored outside of the docker container (/home/unms/data ). This will enable you to back up that data, and more importantly, this will enable you to perform any future UNMS upgrades without any data loss.

Devices Latency and Outage Statistics

Back to Top

By default, all devices connected to UNMS will ping the UNMS host to check for latency if any devices are being reported as offline. This results in outage statistics being generated. Ping must be allowed to the UNMS Host for this feature to work properly.

Related Articles

Back to Top

UNMS - Installation Guide

Was this article helpful?
47 out of 80 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community