# Session Log: 2026-04-06 ## Session Summary Mixed infrastructure session covering ScreenConnect redirect page, UniFi OS Server migration, and related networking changes. ### Work Completed 1. **ScreenConnect redirect page at azcomputerguru.com/sc** - Created PHP redirect at `/home/azcomputerguru/public_html/sc/index.php` on IX server - Initially tried .htaccess RewriteRule but Apache mangled `%2B` encoding in the RSA key - Switched to PHP `header()` redirect which preserves URL encoding exactly - Correct SC download URL: `https://computerguru.screenconnect.com/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest&c=&c=&c=&c=&c=&c=&c=&c=DirectDownload` - Original attempt used wrong binary name (`ConnectWiseControl.ClientSetup.exe`) and included h/p/k params -- the correct URL from SC admin is simpler 2. **UniFi OS Server - Docker troubleshooting on Jupiter (abandoned)** - `unifi-os-server` Docker container on Jupiter (172.16.3.20) had "no internet" error on setup screen - Container actually had full internet -- all Ubiquiti endpoints reachable - Likely an application-level self-check issue - `unifi-controller-reborn` Docker was crash-looping due to missing symlink targets: - `logs` -> `/var/log/unifi` -> `/unifi/log` (didn't exist) - `run` -> `/var/run/unifi` -> `/unifi/run` (didn't exist) - Only `/unifi/var` was volume-mounted, not `/unifi/log` or `/unifi/run` - Created missing directories, MongoDB started, container went healthy - User ultimately removed Docker approach in favor of a dedicated VM 3. **UniFi OS Server - VM installation (172.16.3.29)** - New Rocky Linux 9.1 VM set up by user at 172.16.3.29 - Hostname: `unifi.azcomputerguru.com` - Installed `podman` (5.6.0) and `slirp4netns` (1.3.3) via dnf - Downloaded UOS Server 5.0.6 installer (803MB) from Ubiquiti - Ran installer with `echo y | ./installer` (requires interactive confirmation) - Installer uses Podman internally to run a container as user `uosserver` (UID 1000) - Service: `uosserver.service` (systemd) - Web UI: https://172.16.3.29:11443/ 4. **Firewall - Rocky Linux VM** - Opened all required UniFi ports in firewalld: - TCP: 11443, 8443, 8080, 8880, 8881, 8882, 8444, 6789, 5671, 5005, 9543, 11084 - UDP: 3478, 10001, 1900, 5514, 10003 5. **pfSense NAT updates** - Checked existing NAT rules on pfSense (172.16.0.1:2248) - `Unifi_Server` alias was pointing to `172.16.3.28` (old Docker container IP) - User manually updated alias to `172.16.3.29` (new VM) - Existing port forwards on public IP 72.194.62.10: 8443/tcp, 3478/tcp+udp - NPM (172.16.3.20) handles HTTPS on 72.194.62.10:443 -> port 18443 6. **UniFi inform URL configuration** - Set `system_ip=unifi.azcomputerguru.com` in system.properties inside Podman container - Path: `/usr/lib/unifi/data/system.properties` (inside container) - Restarted uosserver service to apply - Devices will inform to: `http://unifi.azcomputerguru.com:8080/inform` 7. **NPM proxy host update** - User updated `unifi.azcomputerguru.com` proxy host in NPM to point to new VM - Port changed from 443 to 11443, scheme HTTPS ### Key Decisions - Abandoned Docker approach for UniFi OS on Jupiter -- too many symlink/volume issues - Dedicated Rocky Linux 9.1 VM is cleaner for UOS Server - UOS Server 5.0.6 uses Podman internally (not Docker) even on bare metal install - Recommended bumping VM RAM from 8GB to 16GB before migrating ~300 devices --- ### Credentials #### UniFi VM (172.16.3.29) - SSH: root / Gptf*77ttb123!@#-unifi - OS: Rocky Linux 9.1 - Hostname: unifi.azcomputerguru.com #### IX Server (172.16.3.10) - SSH: root / Gptf*77ttb!@#!@# (port 22) - Requires sshpass or paramiko (no SSH key auth from this workstation) #### pfSense (172.16.0.1) - SSH: admin / r3tr0gradE99!! (port 2248) - See vault: infrastructure/pfsense-firewall.sops.yaml #### NPM (Nginx Proxy Manager) - Host: 172.16.3.20:7818 - See vault/1Password for credentials --- ### Infrastructure & Servers | Server | IP | Role | Notes | |--------|-----|------|-------| | IX Server | 172.16.3.10 | Web hosting (cPanel) | azcomputerguru.com WordPress | | Jupiter | 172.16.3.20 | Unraid, NPM, Gitea | NPM on port 7818/18443 | | UniFi VM | 172.16.3.29 | UniFi OS Server 5.0.6 | Rocky Linux 9.1, 8 vCPU, 7.4GB RAM | | pfSense | 172.16.0.1 | Firewall/router | SSH port 2248 | ### DNS / Proxy - `unifi.azcomputerguru.com` -> 72.194.62.10 (public) -> NPM -> 172.16.3.29:11443 - `azcomputerguru.com/sc/` -> PHP redirect to ScreenConnect installer ### Files Created/Modified - `/home/azcomputerguru/public_html/sc/index.php` (IX server) -- SC redirect - `/usr/lib/unifi/data/system.properties` (inside UOS Podman container) -- inform URL - Firewalld rules on 172.16.3.29 -- all UniFi ports opened - pfSense `Unifi_Server` alias updated from 172.16.3.28 to 172.16.3.29 --- ### Pending/Incomplete Tasks - [ ] Bump UniFi VM RAM from 8GB to 16GB (recommended for ~300 devices) - [ ] Migrate from old UniFi Network controller to new UOS Server (backup + restore) - [ ] Verify all pfSense port forwards are working correctly after alias change - [ ] Consider adding port 11443 NAT rule on pfSense for external UOS web UI access - [ ] Set up SSH key auth on IX server and UniFi VM for this workstation - [ ] Note: captive portal port changed from 8843 (legacy) to 8444 (UOS Server) ### Port Reference - UniFi OS Server | Port | Protocol | Purpose | |------|----------|---------| | 11443 | TCP | UOS Web UI (maps to 443 inside container) | | 8443 | TCP | UniFi Application HTTPS | | 8080 | TCP | Device inform | | 8444 | TCP | Captive portal HTTPS (was 8843 on legacy) | | 8880 | TCP | HTTP portal redirect | | 3478 | UDP | STUN | | 10001 | UDP | Device discovery | | 1900 | UDP | L2 discovery | | 5514 | UDP | Remote syslog | ### UOS Server Management Commands ```bash sudo systemctl stop uosserver sudo systemctl start uosserver sudo systemctl restart uosserver sudo systemctl status uosserver # Container runs as user 'uosserver' via podman su - uosserver -c "podman exec uosserver " ```