Closed marceldarvas closed 2 years ago
There's a lot to unwind here, I'm not quite sure what your issue is. Questions:
Yes indeed, it's somewhat related to the CF DDNS module as well, but I thought I'd post it here, due to the DDNS IP update seems to be working and it's either an SSL issue or some kind of firewall misconfig.
All of this tweaking has definitely made me learn a lot more about networking, but it seems to be endless with complexity 😆
For the record, I too use pihole but do not have my UDMP use it for DNS because it was causing mDNS storms. Instead I have my UDMP set to use Cloudflare, but use the pihole on my vlan configs for internal client use.
As for the hostname, if you log into the Unifi portal, go into the controller and go to Advanced there's a "Console Name" setting that I set to the name I use with my SSL certificate.
So by not having your UDMP use Pihole, so you mean the WAN network and not all individual VLANs using Pihole running on the UDM? I have a backup Pihole running on the Raspberry, it seems to have worked fine. In the past days, I've reviewed the query logs on the Pihole, it looks like unifi.lan gets called, which is also cached via unbound. However, I found out about Conditional Forwarding, but couldn't really confirm.
Since you mentioned mDNS, I've followed the tutorial on setting up the multicast-relay container, which seems to have made HomeKit devices quicker in the short-term, but by now, they seem to be struggling (I also tried moving my Homebridge install to the UDM).
However, I may be trying to do too much, with fundamentals not being in place.
I tried following and looking for the "Console Name" but I was not able to find that. My Firmware is on 1.9.3 and my Controller Version is 6.1.71
Now, I only find the "Domain Name" under Networks > VLAN # > Advanced Not sure if they changed anything here, but Unifi likes changing things around and then combining them... It seems like this has worked now. Now while doing all of this, I put back my Pihole on my Main VLAN and even that works. I guess I'm not so good at troubleshooting all of this. I believe it will most likely be Firewall related.
Ok I am back to where I started. So the clear cut-off point where my SSL issued controller subdomain stops working is when I enable the CF DDNS updater and also have the records proxied through CF. Any ideas why I am getting 522 TImed Out errors when masking my A record?
So I after troubleshooting some more, I refined several security several settings, but the key setting I was missing to make Port 443 accessible: https://help.ui.com/hc/en-us/articles/360042156774-UniFi-UDM-Pro-How-to-Access-the-UniFi-Network-Application-by-WAN-IP-or-Hostname
Is your feature request related to a problem? Please describe. I'm using CloudFlare DDNS, I end up having issues with actually using (accessing) this add-on. Would also be nice to find a way to use CloudFlare Access for authentication purposes.
Describe the solution you'd like Please provide instructions on how to configure our sub-domain or wildcard within Unifi, to access the admin UI via the Domain we issued a certificate for.
Describe alternatives you've considered I'm not sure what keeps going wrong, as DuckDNS (running off an RPi worked just fine, but that's missing IP masking.