Document ways of running without `--net=host`

[rickardp]

This is in fact unnecessary, though full network access is more convenient, it causes all sorts of issues such as conflicts with other containers and/or services on the host. IMHO, a better option is to just expose ports 8443 and 8080 (EDIT: and 10001/udp) (both of which can be re-mapped), and then SSH:ing into the AP and issuing the following commands:

# mca-cli
# set-inform http://<host_ip>:8080/inform

(where host_ip is the IP of the machine running Docker, and 8080 can be changed as appropriate if the port is remapped).

This makes the container play a lot more nicely in a multi-container system.

(Disclaimer: I got this information from a forum thread, but I verified this working and I am currently running your container this way)

[jacobalberty]

Easiest way is to export port 8080 and 8443 and set dns on your router for the host unifi to be the host_ip. No trickery needed on the access points then. That's actually how I run it. the --net=host is just a quick way to cget it up and running. I'd like to get a wiki writeup done because theres a couple of options for handling this. It's even possible to bridge your containers to the network directly and have them behave as if they are running --net=host but without the conflict possibilities.

I do believe current beta (5.6.x) doesn't play nicely if you only map 8080 and 8443, it complains if all of the ports aren't mapped.

[rickardp]

True, port 10001/udp is also required, but IIRC those are the only ports needed if the captive portal is not used.

I believe it depends on the use case. For me, issuing one command every time I buy/hard reset an AP is easier than fiddling with my hostfile permanently. The best solution would of course be for Ubnt to support a NATted configuration by specifying an external IP and port, but I have not seen that they do so.

I believe I was quite vague when I created the issue. I just wanted to suggest that the different ways of using the container is documented as you write, since I nearly rejected this container because I did not want to do --net=host.

[jacobalberty]

I think port 10001 is only needed when unifi is on the same network segment (ie bridged to the network or in --net=host mode), I'll go ahead and include it in the example setup in README.md.

[jacobalberty]

https://github.com/jacobalberty/unifi-docker/blob/master/README.md I believe that should provide enough information on the networking options. The macvlan option needs to be fleshed out and ideally the other layer 3 options should be documented directly in the readme but I believe that should cover most of the basics and provide a location for more reading for anyone interested.