[BUG] Incorrect (obsolete) TLS settings #129
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
The current settings for the unifi are :
unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello
This prevents traefik to work properly as a frontend (post data are not transferred) as well as browser clients are unable to connect to controller even with "continue to unsecure site" button clicked.
By setting the v1.2 as enabled TLS protocl the issue is resolved completely.
Expected Behavior
unifi.https.sslEnabledProtocols=TLSv1.2,SSLv2Hello
Steps To Reproduce
Just setup and try to connect with browser
Environment
- OS:
- How docker service was installed:CPU architecture
x86-64
Docker creation
:
unifi-db:
image: docker.io/mongo:4.4
container_name: unifi-db
environment:
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=${UNIFI_MONGO_ROOT_PASSWORD}
- MONGO_USER=unifi
- MONGO_PASS=${UNIFI_MONGO_PASSWORD}
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
volumes:
- unifi_mongo_data:/data/db
- /opt/svcs/unifi/initdb.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
restart: unless-stopped
unifi:
image: lscr.io/linuxserver/unifi-network-application:latest
container_name: unifi-network-application
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- MONGO_USER=unifi
- MONGO_PASS=${UNIFI_MONGO_PASSWORD}
- MONGO_HOST=unifi-db
- MONGO_PORT=27017
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
volumes:
- ./unifi/config:/config
ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp #optional
- 8843:8843 #optional
- 8880:8880 #optional
- 6789:6789 #optional
- 5514:5514/udp #optional
labels:
- "traefik.enable=true"
- "traefik.http.routers.unifi.rule=Host(`${UNIFI_HOSTNAME}`)"
- "traefik.http.routers.unifi.entrypoints=websecure"
- "traefik.http.routers.unifi.tls=true"
- "traefik.http.routers.unifi.tls.certresolver=myresolver"
- "traefik.http.services.unifi.loadbalancer.server.port=8443"
- "traefik.http.services.unifi.loadbalancer.server.scheme=https"
- "traefik.http.services.unifi.loadbalancer.serverstransport=ignorecert"
- "traefik.http.serversTransports.ignorecert.insecureSkipVerify=true"
- "traefik.http.routers.unifi.middlewares=unifi-cn"
- "traefik.http.middlewares.unifi-cn.headers.customrequestheaders.Host=unifi"
restart: unless-stopped
volumes:
unifi_data:
unifi_mongo_data:Container logs
unifi-network-application | [migrations] started
unifi-network-application | [migrations] no migrations found
unifi-network-application | ───────────────────────────────────────
unifi-network-application |
unifi-network-application | ██╗ ███████╗██╗ ██████╗
unifi-network-application | ██║ ██╔════╝██║██╔═══██╗
unifi-network-application | ██║ ███████╗██║██║ ██║
unifi-network-application | ██║ ╚════██║██║██║ ██║
unifi-network-application | ███████╗███████║██║╚██████╔╝
unifi-network-application | ╚══════╝╚══════╝╚═╝ ╚═════╝
unifi-network-application |
unifi-network-application | Brought to you by linuxserver.io
unifi-network-application | ───────────────────────────────────────
unifi-network-application |
unifi-network-application | To support LSIO projects visit:
unifi-network-application | https://www.linuxserver.io/donate/
unifi-network-application |
unifi-network-application | ───────────────────────────────────────
unifi-network-application | GID/UID
unifi-network-application | ───────────────────────────────────────
unifi-network-application |
unifi-network-application | User UID: 1000
unifi-network-application | User GID: 1000
unifi-network-application | ───────────────────────────────────────
unifi-network-application | Linuxserver.io version: 9.0.108-ls74
unifi-network-application | Build-date: 2025-01-06T09:58:35+00:00
unifi-network-application | ───────────────────────────────────────
unifi-network-application |
unifi-network-application | [custom-init] No custom files found, skipping...
unifi-network-application | [ls.io-init] done.