I found the following post that has a very comprehensive list of UniFi commands.
Some of the most common ones that are used
Reset a device
set-default
or
syswrapper.sh restore-default
Reboot a device
reboot
Connect device to a controller
After you run this command, adopt it in the controller and then run the command again.
set-inform http://ip-of-controller:8080/inform
Also note that the above command does not seem to work over https.
While the UniFi controller is nice and everything, it does make it hard to see if a device is already adopted. At least if you have a ton of sites. Fortunately, we can search the database directly to find out if a UniFi is already adopted and which site it is assigned to.
First we need to connect to MongoDB. And then we need to use the ace database.
mongo -port 27117
use ace
This command will list all the devices on the controller. Regardless of which site they are assigned to.
db.device.find({}, { site_id:"", ip : "", name :"", mac:""})
Example output
{ "_id" : ObjectId("563a4d94e4b054e5376fc600"), "mac" : { "_id" : ObjectId("563a4d94e4b054e5376fc600"), "mac" : "44:d9:e7:34:d1:08", "ip" : "192.168.1.200", "name" : "Main_WiFi", "site_id" : "39485e9abf0e9a047bcded96" }
{ "_id" : ObjectId("9873b39ed1f5d30a6738abe"), "mac" : "44:d9:e7:01:a3:d4", "ip" : "192.168.1.201", "name" : "Testing_Wifi", "site_id" : "39485e9abf0e9a047bcded96" }
Each UniFi will have a “site_id”. You can use that ID to figure out which site it is assigned to.
db.site.find()
Example output
{ "_id" : ObjectId("39485e9abf0e9a047bcded96"), "name" : "default", "desc" : "Testing Site", "attr_hidden_id" : "default", "attr_no_delete" : true, "anonymous_id" : "83ae20ba-2948-458e-fd0a-1320583ecb04" }
Using our “site_id” from above, we see that the Testing_Wifi device is assigned to the “Testing Site” on the controller.
Something else to look at would be to use the UniFi controller API.
Some of the UniFi UNVR’s have system files on a USB drive. There seem to be a number of the drives failing recently, rendering the UNVR inoperable. Fortunately it is easy to replace. The following steps should preserve the video recordings.
Note on Recovery
You could potentially mount the failed or failing USB drive on a Linux machine copy off a UniFi backup. Unfortunately, the UniFi Protect backup does not preserve the users. Just the video groups. You will probably have to resend invites to users.
It sounds like the UniFi Protect system will try to read the drives and if it can preserve the data or read the raid information it will try to use that. That is what it sounds like at least from the forums. More info on drive management.
You will need a hash of the password to put into the database. We don’t cover that in this post. You could copy the password from a different user account or use a different UniFi instance to change the password and then check the DB to find the hash.
ssh unifiadmin@unifiserver
Connect to Mongo by typing in the following.
mongo -port 27117
Then select the ace database by typing
use ace
The admins are in the admin collection/table. Use the following command to list all the users and their name, email, and password hash.
db.admin.find({ }, { name:"" , email : "", "x_shadow" : "" })
The following looks complex. Fortunately though you should be able to copy and paste. You should only need to change the
– ObjectId to your User Id
– Password Hash to your password hash
db.admin.update({"_id" : ObjectId("223abc5489de0a93be758493")}, {$set: { "x_shadow" : "$6$nwpi7.q2$OuD9/UZGZt5cD739Dt7j8Gb1uPtfU99p0DeDSurSNBZVizieUrFVFbRufiZMgOk2IaaDZN9BVmL9yUwQ2mC8f."}});
Note: The hash above is password. Not recommended for use.
You should receive a confirmation that it succeeded. Test the new password by logging into the UniFi Controller.
For more MongoDB commands, check out this post.
Manually adding the UniFi Protect self signed certificate can be helpful if you are accessing the controller over the local network. It has the benefit of letting your browser remember the password if wanted and not having to verify the certificate.
First we need to acquire the certificate.
In a Chrome based web browser, go to the IP address of the UniFi Protect NVR
Click in the URL bar where is says “Not secure” -> Certificate -> Details -> Copy to file
Follow the export Wizard. You can use the default settings.
You can now import the certificate by double clicking on the cert.
Note that it says to install the cert in the “Trusted Root Certification Authorities” store
Now we can move on to Configuring the hosts file.
We need to add an entry for unifi.local as the cert if for unifi.local hostname and not the controllers IP address.
We’ll essentially be following the same steps outlined in the following post.
C:\Windows\System32\drivers\etc\
192.168.1.20 unifi.local
You should now be set. Open a browser and got to https://unifi.local to access the UniFi Protect Controller.
In this post we are going to extract the contents of a UniFi .unf backup.
This is helpful if we need to do any sort of recovery, or need to look through the database to find system information.
This is easy to do. Log into the web interface go to Settings -> System -> Maintenance -> Backup and Restore
Scroll down to Available Backups and download.
You can also get the file via scp or sftp. Manual backups are located in
/usr/lib/unifi/data/backup
and auto backups are in
/usr/lib/unifi/data/backup/autobackup
We’ll be getting the following decrypt script from here. https://github.com/zhangyoufu/unifi-backup-decrypt More notes on it below.
We’ll need to make sure that openssl and zip are installed
sudo apt install openssl zip
Download the script with wget
wget https://raw.githubusercontent.com/zhangyoufu/unifi-backup-decrypt/master/decrypt.sh
Make it executable
sudo chmod u+x decrypt.sh
And now we can convert the UniFi .unf backup file to a .zip
sudo ./decrypt.sh autobackup_6.2.33.unf autobackup_6.2.33.zip
Now we can extract the zip archive. You can do this on Windows, macOS, or Linux through the GUI or you can extract with
sudo unzip autobackup_6.2.33.zip -d unifi
This will extract all the files and folders to a directory named unifi.
cd unifi
You should now see the db.gz file. This is a compressed archive of the database in BSON (Binary JSON) format. We can use the mongo-tools to convert this to a more human readable JSON format.
sudo apt install mongo-tools
Now we can extract the archive and pipe it through bsondump.
gunzip -c db.gz | bsondump
You can run it through grep to filter out what you need.
You can also dump the db to a json file with
bsondump --bsonFile=db --outFile=db.json
More notes on the decrypt script.
The decrypt script is really simple. It looks like it uses a key to decrypt the UniFi backup and then puts all the contents into a zip file. There is also an encryption script. Theoretically you can decrypt, make changes to the config and then reencrypt and restore to a server.
#!/bin/sh
# Authors:
# 2017-2019 Youfu Zhang
# 2019 Balint Reczey <balint.reczey@canonical.com>
set -e
usage() {
echo "Usage: $0 <input .unf file> <output .zip file>"
}
if [ -z "$2" -o ! -f "$1" ]; then
usage
exit 1
fi
INPUT_UNF=$1
OUTPUT_ZIP=$2
TMP_FILE=$(mktemp)
trap "rm -f ${TMP_FILE}" EXIT
openssl enc -d -in "${INPUT_UNF}" -out "${TMP_FILE}" -aes-128-cbc -K 626379616e676b6d6c756f686d617273 -iv 75626e74656e74657270726973656170 -nopad
yes | zip -FF "${TMP_FILE}" --out "${OUTPUT_ZIP}" > /dev/null 2>&1
Do note that the UniFi-Video software is no longer supported should be migrated to the UniFi Protect systems.
Running “systemctl status unifi-video” gives the following error.
(unifi-video) checking for system.properties and truststore files…
…fail!
It appears that the error is due to an unsupported version of Java. Installing an older version of Java resolves the issue.
You can check which versions of Java are available with
apt-cache show openjdk-8-jre
The versions that showed up for me were
8u282-b08-0ubuntu1 8u252-b09-1ubuntu1
Installing the last one fixed the issue for now.
sudo apt-get install openjdk-8-jre-headless=8u252-b09-1ubuntu1
https://old.reddit.com/r/Ubiquiti/comments/l30jm5/unifi_video_31013_not_compatible_with_openjdk_180/
For some reason I ran into an issue where I can not remove authorized SSH Keys in AirOS version 6.3. It redirects to a 404 page and then to the main page.
Thankfully, we can still remove the authorized keys from the command line. For more information on making changes over SSH, refer to the following post.
SSH into radio. Replace username and IP address with your radios user and IP.
ssh ubnt@192.168.1.20
Open up config file
vi /tmp/system.cfg
Search for the lines that contain
the sshd.auth.key and remove them
Save the file and write the configuration with
/usr/etc/rc.d/rc.softrestart save
Once the command completes, you should be good to go.
By default the U Installer redirects you to a page asking you to download the app. You can get to the actual U Installer web page by going to https://169.254.169.169
It has the same interface as a regular Airmax M equipment.
Recently upgraded a UniFi-Video VM by creating a new VM and restoring the backup from the previous one. There was a separate virtual disk used for storing all the videos. Although once I reattached it, I had to change the owner to the unifi-video user. lt was reporting that the owner/group was 127 and 134, looks like that was the user ID from the previous VM.
Example output from ls -hla command
drwxr-xr-x 3 127 134 4.0K Jan 16 2020 176de761-8399-3bed-8ceb-917cbe4d25bd drwxr-xr-x 2 127 134 4.0K Sep 10 12:28 21d506ef-dded-31f2-baf8-c109a7e653b9 drwxr-xr-x 4 127 134 4.0K Jan 1 2020 1a3afc4c-a030-39a1-b139-857444c8b71c
Ended up changing the owner to the unifi-video owner with the chown command. /path/to/videos is the mount point of the video drive.
chown -R unifi-video:unifi-video /path/to/videos