I also reset the controller to factory defaults to see if that helped.
If I am understanding this correctly unifi.mydomain.com will resolve to my external IP, being forwarded to 192.168.30.8 when using the inform URL. This however does not seem to be happening or the controller is unable to reply. ufw is currently not installed on my controller.
My DMZ (192.168.30.0)network is configured to only go out to the internet (from where the inform url is reachable.
I tried to set the inform IP of an AP that was still adopted by the old controller and it connected to my inform url, telling me that it could reach if from the AP.
Adoption request sent to 'http://unifi.mydomain.com:8080/inform'. Use UniFi Network to complete the adopt process.
ap-upstairs-BZ.6.6.55# info
Model: U6-Lite
Version: 6.6.55.15189
MAC Address: 24:5a:4c:1c:29:dc
IP Address: 192.168.10.161
Hostname: ap-upstairs
Uptime: 754 seconds
NTP: Synchronized
Status: Connected (http://unifi.mydomain.com:8080/inform)
ap-upstairs-BZ.6.6.55# ping unifi.mydomain.com
PING wifi.internetlinked.com (my.ex.ip.addr): 56 data bytes
64 bytes from my.ex.ip.addr: seq=0 ttl=64 time=0.969 ms
64 bytes from my.ex.ip.addr0: seq=1 ttl=64 time=0.899 ms
64 bytes from my.ex.ip.addr: seq=2 ttl=64 time=0.936 ms
I then reset this AP and tried to set the inform url again to this URL but it timed-out again.
I am not sure what this is telling me.
Thinking that I might need more than 8080 for adoption.
I allow 8080 & 8443. I forgot why, so a quick google search reminded me that 8443 is for HTTPS.
Hopefully you have that WAN forward rule locked down to your remote IP. I would not trust unifi to the big bad internet.
Also, rather than have multiple block rules, you could just have one specific allow rule specifying the WAN interface. Better for change and additions down the line.
