I have finally decided to experiment and learn about the cloud. Putting my UniFi Controller into the cloud was a great project for me to get hands on experience with moving servers and infrastructure off-prem into the cloud.
There are a variety of cloud offerings out there, including one's from Amazon, Microsoft, Google, Digital Ocean. I choose Amazon's AWS because there is good documentation on installing the UniFi controller using their free tier.
Amazon offers a free tier which allows users to learn and experiement with AWS offerings for
approximately 1 year on an EC2 t2.micro instance which is sufficient to run the controller.
Ubiquity has a well written article that is straight forward to following on their website.
https://help.ubnt.com/hc/en-us/articles/209376117-UniFi-Install-a-UniFi-Cloud-Controller-on-Amazon-Web-Services
But wait there is more.
For those that own their own domains, you can configure DNS to point towards your new AWS instance. For the subdomain or path you specify add an A record DNS entry to point to the public facing IP of your ec2 instance.
But wait there is even more.
When going to the new ec2 instance, I was initially presented with a certificate warning since the self-signed certificate was not already trusted nor a root certificate in my browsers store. For AWS hosted websites and instances, they offer AWS Certificate Manager, where they will issue TLS certificates for free with AWS services.
*Note due to the need for load balancers to distribute across multiple IP's, it is not possible to associate an Elastic IP with a Elastic Load Balancer
Since, I was annoyed at my browser always warning me about my "unsecure" connection, I decided to use the AWS Certificate Manager. This required me to place my ec2 instance behind the Elastic Load Balancer. The load balancer will then present my subdomain certificate to users that navigate to the subdomain. In order to make this work, I needed to modify my DNS records to alias my subdomain to the Elastic Load balancer dns name.
I also needed to create listeners, and a target group to forward the requests.
After this project, I now have a UniFi controller that I can access anywhere on the internet 24/7 with a TLS encrypted session on a valid certificate signed by Amazon.
No comments:
Post a Comment