search

jacobalberty / unifi-docker

Unifi Docker files
MIT License
2.14k stars 454 forks source link

UniFi does not start, error "logger: invalid option -- 'R'" #506

Closed chopeen closed 2 years ago

chopeen commented 2 years ago

Operating system

Ubuntu 18.04.6 LTS

UniFi Tag

latest

Docker run

docker run -d --init -p 8080:8080 -p 8443:8443 -p 3478:3478/udp -p 10001:10001/udp -e TZ='Europe/Warsaw' -v ~/unifi:/unifi --name unifi jacobalberty/unifi:latest

Bug description

The unifi service is not starting.

I saw #93 but I am sure I am using the jacobalberty/unifi image.

Steps to reproduce

No response

Relevant log output

$ docker exec -it e32 /bin/bash 
root@e32a91b3afd0:/unifi# service unifi status
logger: invalid option -- 'R'
Try 'logger --help' for more information.
unifi cannot start. Please create unifi user, and chown -R unifi /var/lib/unifi /var/log/unifi /var/run/unifi

server.log

[2021-12-22T13:52:27,102] <ModelLifecycleManager-startStop> WARN  dev    - failed to read /usr/lib/unifi/data/model_lifecycles.json - /usr/lib/unifi/data/model_lifecycles.json (No such file or directory)
[2021-12-22T13:52:27,606] <model-lifecycle-cache-refresh> WARN  dev    - failed to retrieve EOL stats from - I/O error on GET request for "https://static.ubnt.com/network/devices/lifecycle.json": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
jacobalberty commented 2 years ago

What are you getting in docker logs unifi

chopeen commented 2 years ago 
$ docker logs unifi 
Hotfix validated: cve-2021-45105
[2021-12-22 18:27:07,330] <docker-entrypoint> Starting unifi controller service.
[2021-12-22 18:27:07,331] <docker-entrypoint> WARNING: Running UniFi in insecure (root) mode
jacobalberty commented 2 years ago

ok what about docker top unifi and also curl --insecure -vvI https://static.ubnt.com/network/devices/lifecycle.json 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'

chopeen commented 2 years ago

After a few more restarts and tests, it is now working - both on my laptop and Raspberry Pi. The company VPN have been causing issues. Thank you for all the tips!

I will fork your repository to show how to run an image on Pi Zero (platform linux/arm/v6).

jacobalberty commented 2 years ago

Thats what I was suspecting. It sounds like your company vpn has a transparent proxy running on it. that error indicates the ssl certificate for static.ubnt.com didn't have a valid issuer. That curl command would have shown who issued the certificate. for reference the output of the command for me is:

quake@sannhet:~$ curl --insecure -vvI https://static.ubnt.com/network/devices/lifecycle.json 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ubnt.com
*  start date: Oct 13 00:00:00 2021 GMT
*  expire date: Nov 10 23:59:59 2022 GMT
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5608b671a560)
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* Connection #0 to host static.ubnt.com left intact