UniFi, Let's Encrypt, pfsense and Ubuntu Server 20.04

UniFi Controller, Let’s Encrypt and pfsense Ubuntu Server 20.04:

I’m looking to secure my self hosted UniFi Controller running on a Ubuntu Server 20.04.
I believe I need ports 80 and 443 opened in pfsense for this to happen.

Help! I’m a newbie so I’ll be needing some direction and/or very clear instructions and/or videos to make this happen from you guys or gal.:wink:

I’ve been up all night and day and haven’t been able to get it done.

I have a domain name from godaddy already and that’s all I’ve been able to setup right.

There’s loads of videos on youtube on setting up Pfsense, I’d start there and get your switch configured shouldn’t be difficult.

I’ve watched many of the YouTube vids and they’re either old and don’t apply anymore with the new Ubuntu server 20.04, pfsense and UniFi, so their setup come up short with me. I frustrated and tired been trying for two days. This stuff doesn’t come natural with me, but give me a Mercedes or BMW engine to rebuild I’m your man.:wink:

Though I have a domain name with godaddy it’s not resolving to my server address, I thought I had that at least configured right but no.

I have a video on using HA Proxy for the LE certificate https://youtu.be/gVOEdt-BHDY
but last I checked there were some issue with Ubuntu 20 and UniFi because of some MongoDB version issues. I use Debian for my UniFi servers.

I have not tested it, but I did find this:

1 Like

Ok I got the server up and running with this script Tom thanks once again,but I’m having a problem I think with pfsense NAT and firewall rules I believe because my domain name isn’t resolving, I’ve made sure the A record is point to WAN, I;m suspecting it’s the opening of ports 80 and 443, I’ve never port forwarded before in pfsense. Don’t laugh.:wink:

and the firewall rules here.

UPDATE: I finally got Let’s Encrypt to work. It was pfsense NAT and Firewall rules that were misconfigured, once they where corrected, the script Tom referenced worked flawlessly,

BUT, now I have a new problem… pfblockerng has block my domain name and there’s no where that I can see to unblock it. I can still access my UniFi Controller using the 192.168.x.x but not by my domain name.

UPDATE: Just watched some of Toms vids on port forwarding and came across this test, now I’m confused again about my port forwarding but does this have anything to do with pfbloccker blocking my domain name for UniFi Controller?

and this one,

If port 80 and 443 are not responding on the local server then it is not configured properly and has nothing to do with pfblocker.

I’m Will Smith and Tom is the iRobot inventor, I’m not asking the right questions to get the answers. Lol.
My UniFi Controller domain is configured right now right? So why is pfblockerng blocking my UniFi Controller domain? And where should I look in pfblockerng to unblock my domain?

Are my firewall rules correct?

This one I can not answer but I would offer a suggestion if you have not tried it. Turn off pfblocker and see if everything worked. If you have stated this was tried I apologize.

Have you googled whitelist pfblocker? I would assume this is what needs to be set.

I’ve already tried all the whitelist stuff and just deactivated pfblockerng and still no connection.

Am I suppose to have any LAN rules set? and if so, what should those rule look like?

Score one for netgate-forums, I finally got the answers and clear instructions to correct my issue. The fix was setting up Spilt-DNS.