77 echo " $( date +" [%Y-%m-%d %T,%3N]" ) $* "
88}
99
10+ set_java_home () {
11+ JAVA_HOME=$( readlink -f /usr/bin/java | sed " s:/jre/bin/java::" )
12+ if [ ! -d " ${JAVA_HOME} " ; then
13+ # For some reason readlink failed so lets just make some assumptions instead
14+ # We're assuming openjdk 8 since thats what we install in Dockerfile
15+ arch=` dpkg --print-architecture 2> /dev/null`
16+ JAVA_HOME=/usr/lib/jvm/java-17-openjdk-${arch}
17+ fi
18+ }
19+
20+ instPkg () {
21+ for pkg in $* ; do
22+ if [ $( dpkg-query -W -f=' ${Status}' " ${pkg} " 2> /dev/null | grep -c " ok installed" ) -eq 0 ];
23+ then
24+ apt-get -qy install " ${pkg} " ;
25+ fi
26+ done
27+ }
28+
29+ # Validate that any included hotfixes have been applied
30+ validate () (
31+ shopt -s nullglob
32+ for i in /usr/local/unifi/hotfixes/* -validate.md5sum; do
33+ md5sum -c " $i " > /dev/null 2>&1 || return 1
34+ echo " Hotfix validated: $( basename ${i::- 16} ) "
35+ done
36+ )
37+
38+
39+ # Check that any included hotfixes have been properly applied and exit if not
40+ if ! validate; then
41+ echo " Missing an included hotfix"
42+ exit 1
43+ fi
44+
45+
1046exit_handler () {
1147 log " Exit signal received, shutting down"
12- java -cp /usr/share/java/javax.activation. jar: ${BASEDIR} /lib/ace.jar com.ubnt.ace.Launcher stop
48+ java -jar ${BASEDIR} /lib/ace.jar stop
1349 for i in ` seq 1 10` ; do
1450 [ -z " $( pgrep -f ${BASEDIR} /lib/ace.jar) " && break
1551 # graceful shutdown
@@ -27,20 +63,18 @@ exit_handler() {
2763
2864trap ' kill ${!}; exit_handler'
2965
66+ [ " x${JAVA_HOME} " != " x" || set_java_home
67+
68+
3069# vars similar to those found in unifi.init
31- RUNAS_UID0=true
3270MONGOPORT=27117
33- BASEDIR=/usr/lib/unifi/
3471
3572CODEPATH=${BASEDIR}
3673DATALINK=${BASEDIR} /data
3774LOGLINK=${BASEDIR} /logs
3875RUNLINK=${BASEDIR} /run
39- DATADIR=${DATADIR:-/ unifi/ data}
40- LOGDIR=${LOGDIR:-/ usr/ lib/ unifi/ logs}
41- CERTDIR=${CERTDIR:-/ unifi/ cert}
42- RUNDIR=${RUNDIR:-/ var/ run/ unifi}
4376
77+ rm $DATALINK
4478ln -sf $DATADIR $DATALINK
4579
4680DIRS=" ${RUNDIR} ${LOGDIR} ${DATADIR} ${BASEDIR} "
@@ -54,7 +88,7 @@ JVM_MAX_HEAP_SIZE=${JVM_MAX_HEAP_SIZE:-1024M}
5488
5589
5690MONGOLOCK=" ${DATAPATH} /db/mongod.lock"
57- JVM_EXTRA_OPTS=" ${JVM_EXTRA_OPTS} -Dunifi.datadir=${DATADIR} -Dunifi.logdir=${LOGDIR} -Dunifi.rundir=${RUNDIR} "
91+ JVM_EXTRA_OPTS=" ${JVM_EXTRA_OPTS} --add-opens=java.base/java.time=ALL-UNNAMED - Dunifi.datadir=${DATADIR} -Dunifi.logdir=${LOGDIR} -Dunifi.rundir=${RUNDIR} "
5892PIDFILE=/var/run/unifi/unifi.pid
5993
6094if [ ! -z " ${JVM_MAX_HEAP_SIZE} " ; then
83117if [ -d " /usr/unifi/init.d" ; then
84118 run-parts /usr/unifi/init.d
85119fi
120+
86121if [ -d " /unifi/init.d" ; then
87122 run-parts " /unifi/init.d"
88123fi
@@ -124,6 +159,9 @@ if ! [[ -z "$LOTSOFDEVICES" ]]; then
124159 settings[" unifi.G1GC.enabled" " true"
125160 settings[" unifi.xms" " $( h2mb $JVM_INIT_HEAP_SIZE ) "
126161 settings[" unifi.xmx" " $( h2mb ${JVM_MAX_HEAP_SIZE:- 1024M} ) "
162+ # Reduce MongoDB I/O (issue #300)
163+ settings[" unifi.db.nojournal" " true"
164+ settings[" unifi.db.extraargs" " --quiet"
127165fi
128166
129167# Implements issue #30
@@ -134,6 +172,14 @@ if ! [[ -z "$DB_URI" || -z "$STATDB_URI" || -z "$DB_NAME" ]]; then
134172 settings[" unifi.db.name" " $DB_NAME "
135173fi
136174
175+ if ! [[ -z " $PORTAL_HTTP_PORT " ; then
176+ settings[" portal.http.port" " $PORTAL_HTTP_PORT "
177+ fi
178+
179+ if ! [[ -z " $PORTAL_HTTPS_PORT " ; then
180+ settings[" portal.https.port" " $PORTAL_HTTPS_PORT "
181+ fi
182+
137183if ! [[ -z " $UNIFI_HTTP_PORT " ; then
138184 settings[" unifi.http.port" " $UNIFI_HTTP_PORT "
139185fi
@@ -142,15 +188,24 @@ if ! [[ -z "$UNIFI_HTTPS_PORT" ]]; then
142188 settings[" unifi.https.port" " $UNIFI_HTTPS_PORT "
143189fi
144190
145- for key in " ${! settings[@]} " ; do
146- confSet " $confFile " " $key " " ${settings[$key]} "
147- done
148- UNIFI_CMD=" java ${JVM_OPTS} -cp /usr/share/java/javax.activation.jar:${BASEDIR} /lib/ace.jar com.ubnt.ace.Launcher start"
191+ if [[ " $UNIFI_ECC_CERT " == " true" ; then
192+ settings[" unifi.https.sslEnabledProtocols" " TLSv1.2"
193+ settings[" unifi.https.ciphers" " TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
194+ fi
195+
196+ if [[ " $UNIFI_STDOUT " == " true" ; then
197+ settings[" unifi.logStdout" " true"
198+ fi
199+
200+ UNIFI_CMD=" java ${JVM_OPTS} -jar ${BASEDIR} /lib/ace.jar start"
201+
202+ if [ " $EUID " -ne 0 ] && command -v permset & > /dev/null
203+ then
204+ permset
205+ fi
149206
150207# controller writes to relative path logs/server.log
151208cd ${BASEDIR}
152- mkdir -p ${LOGDIR}
153- touch ${LOGDIR} /server.log
154209
155210CUID=$( id -u)
156211
@@ -165,15 +220,18 @@ if [[ "${@}" == "unifi" ]]; then
165220 mkdir -p " ${dir} "
166221 fi
167222 done
223+ for key in " ${! settings[@]} " ; do
224+ confSet " $confFile " " $key " " ${settings[$key]} "
225+ done
168226 if [ " ${RUNAS_UID0} " == " true" || [ " ${CUID} " != " 0" ; then
169227 if [ " ${CUID} " == 0 ]; then
170228 log ' WARNING: Running UniFi in insecure (root) mode'
171229 fi
230+ echo ${UNIFI_CMD}
172231 ${UNIFI_CMD} &
173- WAIT_PID=" $! "
174232 elif [ " ${RUNAS_UID0} " == " false" ; then
175233 if [ " ${BIND_PRIV} " == " true" ; then
176- if setcap ' cap_net_bind_service=+ep' " ${JAVA_HOME} /jre/ bin/java" ; then
234+ if setcap ' cap_net_bind_service=+ep' " ${JAVA_HOME} /bin/java" ; then
177235 sleep 1
178236 else
179237 log " ERROR: setcap failed, can not continue"
@@ -193,10 +251,8 @@ if [[ "${@}" == "unifi" ]]; then
193251 fi
194252 done
195253 gosu unifi:unifi ${UNIFI_CMD} &
196- WAIT_PID=" $! "
197254 fi
198- tail -f ${LOGDIR} /server.log &
199- wait $WAIT_PID
255+ wait
200256 log " WARN: unifi service process ended without being signaled? Check for errors in ${LOGDIR} ." >&2
201257else
202258 log " Executing: ${@ } "
0 commit comments