Category: Linux

SSL for Ubiquiti UniFi Controller Software – Linux

Posted on | by Bobby

Overview

These are the steps install or update the SSL certificate on Ubiquiti UniFi Controller software.

Detailed Steps

  1. Login to linux host via SSH, then sudo su – root.
  2. Copy SSL certificate, key file, and CA Bundle onto host.
  3. Verify the existing keystore – keytool -list -keystore /var/lib/unifi/keystore, password is aircontrolenterprise.
  4. Backup the original keystore – cp /var/lib/unifi/keystore /home/keystore.orig.
  5. Start the generation of the new keystore – openssl pkcs12 -export -in /tmp/STAR_rm-pc_com.crt -inkey /tmp/STAR_rm-pc_com_key.txt -out /tmp/tmpkeystore -passout pass:aircontrolenterprise -name unifi
  6. Complete the generation of the new keystore – keytool -importkeystore -srckeystore /tmp/tmpkeystore -srcstorepass aircontrolenterprise -destkeystore /tmp/newkeystore -deststorepass aircontrolenterprise -alias unifi -trustcacerts
  7. Copy the new keystore into place – cp /tmp/newkeystore /var/lib/unifi/keystore
  8. Restart the controller software – systemctl restart unifi
  9. Verify the SSL Certificate is coming up and correct using a web browser and go to: https://yourctrl.name:8443.

Raspbian – Turn off Screen Timeout & Enable RDP to GUI

Posted on | by Bobby

So you have a Raspberry Pi that you are wanting to run the GUI on and not have the display go to sleep (maybe running some displays for a NOC?), well, here’s my setup:

  1. Login as your user that will auto-login to the GUI desktop, and start a Terminal session.
  2. From the Terminal, perform the following to remove the default VNC server: 
    sudo apt remove vnc4server tightvncserver
sudo apt autoremove
  3. Then, install Vino and xRDP: 
    sudo apt install vino xrdp
  4. Now, perform the following as your user: 
    vi ~/.config/autostart/vino.desktop
[Desktop Entry]
Encoding=UTF-8
Type=Application
Name=VINO
Comment=
Exec=/usr/lib/vino/vino-server
StartupNotify=false
Terminal=false
Hidden=false

vi ~/.xinitrc
xset s off
xset -dpms
xset s noblank
  5. Lastly, as your user, execute the following commands: 
    gsettings set org.gnome.Vino require-encryption false  <== Turns off encryption
gsettings set org.gnome.Vino prompt-enabled false  <== Turns off prompting for an account
gsettings set org.gnome.Vino authentication-methods "['vnc']"  <== Sets the default authentication method for Vino to VNC
gsettings set org.gnome.Vino vnc-password "$(echo -n 'APWnot<8' | base64)"  <== Sets a password to authenticate the session with.  NOTE - password needs to be 8 characters or less.
  6. Now, perform the following to configure xRDP: 
    sudo vi /etc/xrdp/xrdp.ini
[xrdp1]
name=Active Local Login
lib=libvnc.so
username=
password=ask
ip=127.0.0.1
port=5900

sudo systemctl enable xrdp
sudo systemctl restart xrdp
  7. Now, perform the following to configure lightDM: 
    sudo vi /etc/lightdm/lightdm.conf
xserver-command=X -s 0 -dpms
  8. Now reboot the pi, and test your connectivity.  You should now connect to the active, logged in session that is on the screen.

Raspian Notes – Stabilize CPU Performance and Turn Off Radios

Posted on | by Bobby

Add/set the following in /boot/config.txt:

# Stops CPU Ramping
force_turbo=1

# Helps to avoid SD card corruption from force_turbo
boot_delay=1

# Disable Bluetooth & WiFi
dtoverlay=pi3-disable-bt
dtoverlay=pi3-disable-wifi

Add/Set the following in the /boot/cmdline.txt:

# Turn off dynamic clock ticks
nohz=off
# Changes the I/O scheduler to noop, which is better for SD cards and flash storage devices.
elevator=noop

Change CPU Performance:

apt install cpufrequtils
vi /etc/default/cpufrequtils:
GOVERNOR="performance"

Reboot & verify the governor setting.