Last year I wrote about how to self-host a UniFi controller to manage some of your Ubiquiti gear without having to shell out for their UniFi Dream Machine and devices alike.
What I did not elaborate on what how to configure the controller’s web UI to use port 443, instead of port 8443.
The controller likely uses port 8443 because for Linux, because ports below 1024 can only be opened by root or those with special privileges to do so.
I’ve seen a couple posts from sysadmins saying that they modified /var/lib/unifi/system.properties
with little luck. I experienced the same. I found that if I changed unifi.http.port
and unifi.https.port
to 80 and 443 (respectively), the UniFi web server would not start.
Unfortunately, there doesn’t appear to be any native options to configure UniFi to use 443 (at least at the time of writing this), instead you must use iptables
, if you have it installed.
By using iptables
, you can update the PREROUTING
table to redirect packets from 0.0.0.0:443
to 127.0.0.1:8443
.
Execute the following commands, to redirect packets from 443 to 8443.
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
sudo iptables-save
The above commands adds a new entry to the PREROUTING
table, and then saves configuration to persist through restarts.
You can verify that the rule has been added by executing the following command.
sudo iptables -t nat -L -nv
You should see under Chain PREROUTING
an additional rule to REDIRECT
TCP traffic to port 8443.
Once this is completed both TCP/443 and TCP/8443 will be open and can be used to access the UniFi controller.
To credit my source, many thanks to otto58 on the UI Forums for his response.
If you want to read my post on how to install and configure a new Ubiquiti UniFi Controller on your own hardware, that post can be found below.