claudetools/session-logs/2026-04-06-session.md

Session Log: 2026-04-06

Session Summary

Mixed infrastructure session covering ScreenConnect redirect page, UniFi OS Server migration, and related networking changes.

Work Completed

1. ScreenConnect redirect page at azcomputerguru.com/sc

   • Created PHP redirect at /home/azcomputerguru/public_html/sc/index.php on IX server
   • Initially tried .htaccess RewriteRule but Apache mangled %2B encoding in the RSA key
   • Switched to PHP header() redirect which preserves URL encoding exactly
   • Correct SC download URL: https://computerguru.screenconnect.com/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest&c=&c=&c=&c=&c=&c=&c=&c=DirectDownload
   • Original attempt used wrong binary name (ConnectWiseControl.ClientSetup.exe) and included h/p/k params -- the correct URL from SC admin is simpler

2. UniFi OS Server - Docker troubleshooting on Jupiter (abandoned)

   • unifi-os-server Docker container on Jupiter (172.16.3.20) had "no internet" error on setup screen
   • Container actually had full internet -- all Ubiquiti endpoints reachable
   • Likely an application-level self-check issue
   • unifi-controller-reborn Docker was crash-looping due to missing symlink targets:
     • logs -> /var/log/unifi -> /unifi/log (didn't exist)
     • run -> /var/run/unifi -> /unifi/run (didn't exist)
   • Only /unifi/var was volume-mounted, not /unifi/log or /unifi/run
   • Created missing directories, MongoDB started, container went healthy
   • User ultimately removed Docker approach in favor of a dedicated VM

3. UniFi OS Server - VM installation (172.16.3.29)

   • New Rocky Linux 9.1 VM set up by user at 172.16.3.29
   • Hostname: unifi.azcomputerguru.com
   • Installed podman (5.6.0) and slirp4netns (1.3.3) via dnf
   • Downloaded UOS Server 5.0.6 installer (803MB) from Ubiquiti
   • Ran installer with echo y | ./installer (requires interactive confirmation)
   • Installer uses Podman internally to run a container as user uosserver (UID 1000)
   • Service: uosserver.service (systemd)
   • Web UI: https://172.16.3.29:11443/

4. Firewall - Rocky Linux VM

   • Opened all required UniFi ports in firewalld:
   • TCP: 11443, 8443, 8080, 8880, 8881, 8882, 8444, 6789, 5671, 5005, 9543, 11084
   • UDP: 3478, 10001, 1900, 5514, 10003

5. pfSense NAT updates

   • Checked existing NAT rules on pfSense (172.16.0.1:2248)
   • Unifi_Server alias was pointing to 172.16.3.28 (old Docker container IP)
   • User manually updated alias to 172.16.3.29 (new VM)
   • Existing port forwards on public IP 72.194.62.10: 8443/tcp, 3478/tcp+udp
   • NPM (172.16.3.20) handles HTTPS on 72.194.62.10:443 -> port 18443

6. UniFi inform URL configuration

   • Set system_ip=unifi.azcomputerguru.com in system.properties inside Podman container
   • Path: /usr/lib/unifi/data/system.properties (inside container)
   • Restarted uosserver service to apply
   • Devices will inform to: http://unifi.azcomputerguru.com:8080/inform

7. NPM proxy host update

   • User updated unifi.azcomputerguru.com proxy host in NPM to point to new VM
   • Port changed from 443 to 11443, scheme HTTPS

Key Decisions

• Abandoned Docker approach for UniFi OS on Jupiter -- too many symlink/volume issues
• Dedicated Rocky Linux 9.1 VM is cleaner for UOS Server
• UOS Server 5.0.6 uses Podman internally (not Docker) even on bare metal install
• Recommended bumping VM RAM from 8GB to 16GB before migrating ~300 devices

---

Credentials

UniFi VM (172.16.3.29)

• SSH: root / Gptf*77ttb123!@#-unifi
• OS: Rocky Linux 9.1
• Hostname: unifi.azcomputerguru.com

IX Server (172.16.3.10)

• SSH: root / Gptf*77ttb!@#!@# (port 22)
• Requires sshpass or paramiko (no SSH key auth from this workstation)

pfSense (172.16.0.1)

• SSH: admin / r3tr0gradE99!! (port 2248)
• See vault: infrastructure/pfsense-firewall.sops.yaml

NPM (Nginx Proxy Manager)

• Host: 172.16.3.20:7818
• See vault/1Password for credentials

---

Infrastructure & Servers

Server	IP	Role	Notes
IX Server	172.16.3.10	Web hosting (cPanel)	azcomputerguru.com WordPress
Jupiter	172.16.3.20	Unraid, NPM, Gitea	NPM on port 7818/18443
UniFi VM	172.16.3.29	UniFi OS Server 5.0.6	Rocky Linux 9.1, 8 vCPU, 7.4GB RAM
pfSense	172.16.0.1	Firewall/router	SSH port 2248

DNS / Proxy

• unifi.azcomputerguru.com -> 72.194.62.10 (public) -> NPM -> 172.16.3.29:11443
• azcomputerguru.com/sc/ -> PHP redirect to ScreenConnect installer

Files Created/Modified

• /home/azcomputerguru/public_html/sc/index.php (IX server) -- SC redirect
• /usr/lib/unifi/data/system.properties (inside UOS Podman container) -- inform URL
• Firewalld rules on 172.16.3.29 -- all UniFi ports opened
• pfSense Unifi_Server alias updated from 172.16.3.28 to 172.16.3.29

---

Pending/Incomplete Tasks

• Bump UniFi VM RAM from 8GB to 16GB (recommended for ~300 devices)
• Migrate from old UniFi Network controller to new UOS Server (backup + restore)
• Verify all pfSense port forwards are working correctly after alias change
• Consider adding port 11443 NAT rule on pfSense for external UOS web UI access
• Set up SSH key auth on IX server and UniFi VM for this workstation
• Note: captive portal port changed from 8843 (legacy) to 8444 (UOS Server)

Port Reference - UniFi OS Server

Port	Protocol	Purpose
11443	TCP	UOS Web UI (maps to 443 inside container)
8443	TCP	UniFi Application HTTPS
8080	TCP	Device inform
8444	TCP	Captive portal HTTPS (was 8843 on legacy)
8880	TCP	HTTP portal redirect
3478	UDP	STUN
10001	UDP	Device discovery
1900	UDP	L2 discovery
5514	UDP	Remote syslog

UOS Server Management Commands

sudo systemctl stop uosserver
sudo systemctl start uosserver
sudo systemctl restart uosserver
sudo systemctl status uosserver
# Container runs as user 'uosserver' via podman
su - uosserver -c "podman exec uosserver <command>"