Menu
I decided to run a Unifi Controller on Linux Container, so as i have read and googled that it works only with MongoDB. Below is the compose-docker snippet which works perfectly, it runs both Unifi Controller as well MongoDB container... but only works when there is no any kind of authentication on MongoDB side....okay that's good, but from perspective of security that's not good....so i wanted to turn on Authentication on MongoDB database and make Unifi Controller to authenticate against it.
I run this snippet via portainer, as you can see my only environment in unifi-controller is this>>>> "DB_URI: mongodb://unifi:12345678@test_mongo/unifi STATDB_URI: mongodb://unifi:12345678@test_mongo/unifi_stat DB_NAME: unifi
After running this snippet unifi_controller is trying to use those accounts to login into mongo db, it can not and it's normal because i have not created those accounts yet in mongo db.....mongo db works normally without any authentication at this moment i have tested via Compass and i can login into DB
going to create those accounts which where indicated in unifi_controller environment while running docker-compose.... first i created a root account in "admin", after that i have created two accounts on for "unifi" database and second for "unifi_stat"....
####################################################################
db.createUser({
user: "root",
pwd: "12345678", // Replace with a strong passwordd
roles: [{ role: "root", db: "admin" }]
});
"
db.createUser({
user: "unifi",
pwd: "12345678", // Replace with a strong password
roles: [
{ role: "dbOwner", db: "unifi" },
{ role: "readWrite", db: "unifi" }
{ role: "userAdmin", db: "unifi" },
{ role: "listCollectionsRole", db: "unifi" }, #custom role ]
});
db.createUser({
user: "unifi",
pwd: "12345678", // Replace with a strong password
roles: [
{ role: "dbOwner", db: "unifi_stat" },
{ role: "readWrite", db: "unifi_stat" }
{ role: "userAdmin", db: "unifi" },
{ role: "listCollectionsRole", db: "unifi" }, #custom role
]
});
####################################################################
okay everything is good at this point unifi_controller managed to login with those credentials and create automatically "unifi" and "unifi stats" databases.....but i "authentication is still off at this moment"
into portainer went to "mongo" container and in command field added '--auth' and it looks now like this 'mongod' '--auth'......
restarted a mongo container, unifi controller can login and authenticate with success i can see in Mongo Logs.
**but problem is here **
Caused by: com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized): 'not authorized on unifi_stat to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: "unifi_stat", lsid: { id: UUID("ae95edea-70d5-4427-9780-3549e80deecb") } }' on server test_mongo:27017. The full response is {"ok": 0.0, "errmsg": "not authorized on unifi_stat to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: \"unifi_stat\", lsid: { id: UUID(\"ae95edea-70d5-4427-9780-3549e80deecb\") } }", "code": 13, "codeName": "Unauthorized"}
[conn105] Unauthorized: not authorized on unifi_stat to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: "unifi_stat", lsid: { id: UUID("0461caa4-467a-4234-bb71-07d41a1218ad") } }
============================================================================================
version: '2.3'
services:
mongo:
image: mongo:3.6
container_name: ${COMPOSE_PROJECT_NAME}_mongo
restart: always
volumes:
- db:/data/db
- dbcfg:/data/configdb
controller:
image: "jacobalberty/unifi:${TAG:-latest}"
container_name: ${COMPOSE_PROJECT_NAME}_controller
depends_on:
- mongo
init: true
restart: always
volumes:
- dir:/unifi
- data:/unifi/data
- log:/unifi/log
- cert:/unifi/cert
- init:/unifi/init.d
- run:/var/run/unifi
# Mount local folder for backups and autobackups
- ./backup:/unifi/data/backup
user: unifi
sysctls:
net.ipv4.ip_unprivileged_port_start: 0
environment:
DB_URI: mongodb://unifi:12345678@test_mongo/unifi?authSource=unifi
STATDB_URI: mongodb://unifi:12345678@test_mongo/unifi_stat?authSource=unifi_stat
DB_NAME: unifi
ports:
- "3478:3478/udp" # STUN
- "6789:6789/tcp" # Speed test
- "8080:8080/tcp" # Device/ controller comm.
- "8443:8443/tcp" # Controller GUI/API as seen in a web browser
- "8880:8880/tcp" # HTTP portal redirection
- "8843:8843/tcp" # HTTPS portal redirection
- "10001:10001/udp" # AP discovery
logs:
image: bash
container_name: ${COMPOSE_PROJECT_NAME}_logs
depends_on:
- controller
command: bash -c 'tail -F /unifi/log/*.log'
restart: always
volumes:
- log:/unifi/log
volumes:
db:
dbcfg:
data:
log:
cert:
init:
dir:
run:
i don't know what exactly i should try anymore
761
asked Jan 19 '26 08:01
Unifi expects to have two databases (unifi and unifi_stat), which are referenced in the connection string variables DB_URI and STATDB_URI. Only one database is used as the authentication database, referenced in DB_NAME.
You are creating the account unifi twice, which is not going to work since Unifi is expecting to use only one authentication database. Ensure that DB_NAME points to the active database, i.e. run use unifi before account creation. Then either create two separate accounts or a single account with permissions to both databases.
I'm working on a similar setup to yours. This is what I've used to configure the existing unifi user in the unifi database for connecting to both databases. The service started without errors and I can use the GUI, but that's the extent of my testing so far.
unifi_db = db.getSiblingDB('unifi'); // Switch to the 'unifi' database
unifi_db.updateUser("unifi", {
roles: [
{ role: "readWrite", db: "unifi" },
{ role: "dbAdmin", db: "unifi" },
{ role: "readWrite", db: "unifi_stat" },
{ role: "dbAdmin", db: "unifi_stat" },
// audit database has been added, thanks Matt Simerson
{ role: "readWrite", db: "unifi_audit" },
{ role: "dbAdmin", db: "unifi_audit" },
{ role: "clusterMonitor", db: "admin" }
]
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
