As a former Ubiquiti employee, I'm sad to watch the slow decline of the company. There was a steady exodus of engineering talent through 2020. The CEO was focused on moving to countries where engineering was cheaper and employees complained less about constant crunch mode. If you search around, you can find interviews where he brags about closing the San Jose office because he thought everyone there was too entitled.
The saddest part is that we had many good engineers who could have continued to do amazing things with the UniFi momentum. So much time was wasted on dead end products like FrontRow. Most everyone I know left for jobs where we were treated better and paid more.
As someone who uses Ubiquiti NanoStation M2 APs very often as a part of wireless bridging solution for our own products, I was wondering what is happening with Ubiquiti. I have close colleague in Taiwan and he was so excited to inform me that he’s now working for Ubiquiti. I was sorta shocked because I thought Ubiquiti was a US based R&D team. When it first started, I remember watching the video of all the awesome engineers that left Cisco to start this new revolution. It’s sad to hear how the company is now being driven into the ground (merely for profits over innovation). I always thought that Ubiquiti would champion something in the 5G realm that would give US an edge over everyone else.
Yes of course, but there also comes a time at such companies that have experienced exponential growth (primarily attributed to innovation) that the innovation curve reaches a plateau and the focus shifts to brining in the next hot CEO to deliver profits and profits only by reducing overhead and increasing market share. At this point, any innovation and employee morale goes running out the door.
I'm a developer from one of the cheaper engineering countries to where Ubiquiti has moved to. I'm not sure what are you implying with your comment and I hope it's not "the company is declining because the company moved talent to countries where developers are cheaper". I do personally have friends working there and they are top class developers. Living costs don't necessarily correlate with talent levels.
That said I don't hear the best about the company (long working hours, not the highest pay) and have declined a job offer there myself.
> Living costs don't necessarily correlate with talent levels.
As someone who lives in a low cost country: rubbish. There's a reason we're a lower cost.
1. We have a lower standard of education
2. We have a higher cost of technology (relative to average income)
3. We have a lower need for the luxury market where most technology resides
You can also look at the proportion of field leaders. Are more from the developed nations or the developing ones?
The developed nations had a headstart on technology, do you think the developing ones have overcome that, despite most of us going backwards in terms of access to education and the wealth gap?
Don't take it personally, I'm not trying to tell you that you're a bad developer. What I'm saying is we have to work harder to uplift our country's fields and not fall into the trap of "well I'm the biggest fish in this tiny pond so therefore I'm an equally big fish in the ocean". It does not work that way.
> You can also look at the proportion of field leaders. Are more from the developed nations or the developing ones?
Lower cost of living does not imply developing nation.
Czhech Republic or Poland or Taiwan are developed nations, all with the cost of living a fraction of Bay Area.
I see Ubiquiti dev center apparently moved to Latvia. You can argue it's a depressed region of the EU but it is not a developing country by any metric.
I’ve spent a lot of time in Czech and Poland, and while someone could argue they’re developed countries when looking at the wider gamut, it doesn’t compare well Canada, USA, UK, etc engineering talent.
A lot of the engineering talent you find there is extremely limited in quantity, but it is untapped.
Overall I think it’s a step in the right direction as compared to other countries we’ve outsourced work to, but let’s not pretend Poland is an exemplary ray of developed industry and society.
As somebody who founded and ran R&D-heavy companies in Czech Republic and in Bay Area - this is complete bullshit. Arguably the per-capita amount engineering talent is much higher in Eastern Europe, and it is untapped because the target market is small and there's lack of entrepreneurship tradition.
Sure, if you take 300M market like US and pool all the best talent to west-coast, there is a lot of engineers. But the market is saturated, and it's nigh-impossible to hire a team of the magnitude you can get in Eastern Europe. Canada? Oh please...
Developed in "developed country" customary means certain things. Like a decent standard of governance, sanitation, education, healthcare, welfare and quality of life. All these countries I mentioned are roughly on the same level.
You don't have problems with access to clean water in Poland. You ain't going to die from hunger in Czech Republic. There are no issues getting education in Latvia.
And mythical Anglo engineering talent, please. They are approximately the same anywhere you mentioned.
I guess in reality the opposite can be said. In 'poorer' countries actually more folks want to work in IT or software. Hence a possible perception of a bit worse talent.
And i suppose it can become/seem important to embellish ones resume, to land a job and get "food for the day" for one's family -- if there's no functioning social welfare system
But I wouldn't think of the Baltics as such a place?
Instead, just hanging over the code and infra to new people, is risky in itself and can easily make security problems happen?
Clearly false unless you think a fresh graduate in a high cost area is let's say twice as skilled as someone with decades of experience in a low cost area? Salary is a good proxy of bargaining power, not a good proxy for skill.
You simply cannot ignore the wider context here. The new leadership is moving development to cheaper regions and, if the interviews and comments about "entitlement" etc are to be believed, you can bet they are not fussed about hiring the best talent in the new regions - they are going to be hunting out the "good enough" agencies and/or employees, which is most definitely going to reduce quality.
I'd like to also add that from my own perspective Ubiquiti gear and software is/was _exceptionally_ good. So converting to "just another network gear company" level of quality is going to have a much greater impact on my perception of the company compared to if this news of off-shoring came from say cisco.
Yes! The move to low cost countries is confusing because the company has more than enough profits to pay high wages. I think the company wanted offices in cheaper countries because it was easier to convince the employees to accept the abuse because they had fewer options for employers who could pay well.
In the US, good engineers don't have to tolerate abusive companies in exchange for good wages. Not all countries are so fortunate.
Maybe there is no causality, but quality is definitely declining, and the company focus is shifting from making enthusiast hardware to extracting profit at all costs. The fiasco with the UDM firmware, releasing more incompatible PoE products (I think they use every possible variation of the standard now), passive/active, 24v/48v). And discontinuing stand alone video software just to force everyone on new hardware?
Almost forgot, but just last month my wife started complaining about the WiFi, turned out the latest firmware that was pushed to my UAP's is horrible. You have to turn off auto update and check reddit before upgrading firmware, what a joke!
There are many angles to this, I'll just look at one in the hope that it helps.
> I hope it's not "the company is declining because the company moved talent to countries where developers are cheaper"
We probably agree the cost of developers varies considerably in different locations.
Companies operating in markets where local developers are expensive (I work near London for example) sometimes decide to outsource development to locations where it is much cheaper (e.g. India).
What I have seen (admittedly just anecdotally, not carefully studied and subject to bias) is a correlation between companies that don't value high quality software development and companies that are happy to dump a substantial part of their development efforts on cheap developers overseas.
Such companies don't care about their existing team - developers who are expensive but have built the software and understand it, and are to some extent understanding the end customer (often filling gaps left by product managers in smaller organisations). They just see their development team as a huge cost that needs to be reduced. Or they have trouble hiring locally.
When the daily rate of developers overseas is substantially lower, the company also doesn't care about those developers. They will want to outsource the least creative and satisfying work to them. They want to just fire and forget: "here's the spec, go and build it". Lower productivity is less of an issue if the "resources" are cheap. I'm over simplifying and I'm sure some companies try to work more in equal partnership but you get the picture.
Also, the move to outsourcing is often done suddenly; it's more like wielding an axe than an organic growth or shift in development model. Companies don't tend to invest in overseas developers as individuals.
In my view it's not great for either set of developers, or for the customers of that company. Perhaps when done right it can be more beneficial and I hope things will improve overall.
Some of the best engineers I worked with were in non-US offices. They were also smart enough to leave.
You cut my quote short of the important part which was "and employees complained less about constant crunch mode". It is easier to "trap" engineers in countries where average salaries are lower by offering them 20% over market rate and then threatening to fire them if they don't work constant crunch hours. We were promised very large bonuses that never arrived.
> That said I don't hear the best about the company (long working hours, not the highest pay)
It is a sad situation. The pay was very good and the working hours were reasonable when I started, but that changed for the worse. That is why all of my peers left the company.
It doesn't have to imply that developers are lower quality for this to be a troubling signal - if you close an existing office that is doing good work to save money, that shows where your priorities lie. And I agree with your sentiment, I worked with some very talented developers in Shanghai, but there are a lot of factors at play that make it hard to build a solid team from the other side of the world, factors that are legitimate and feed into the misconception that these countries have inferior talent.
I'm one as well, but I think the OP meant that the company is not trying to keep the existing experienced employees and just replacing them when they leave.
My company started doing the same and erosion of knowledge is really bad.
>> That said I don't hear the best about the company (long working hours, not the highest pay) and have declined a job offer there myself.
You are saying the same as the parent. Expecting “short” hours is seen as “feeling entitled”... There are countries where people are not willing to work in those conditions.
The whole motivation for management moving development to Brutopia is to maximize savings, they are not going for the most expensive, world-class developers of Brutopia.
Bottom-of-the-barrel developers bring even greater savings, and paying peanuts has always been a great way to get monkeys.
I bought a Unifi Dream Machine last year because it was an all-in-one device that seemed like the simplest way to have multiple VLANs on my home network, in order to segregate my IoT devices and security system from the rest of my home network. At the time, I didn't see any similar products.
Are there any other "prosumer"-type devices on the market that could replace a Dream Machine? If Unifi is going downhill it doesn't seem like I'll be going with them for a replacement.
The recommendation I've seen around is to run opnsense or pfsense for the router, then unifi APs. (I first found out about it from a YouTube channel as being a way.
https://youtube.com/user/TheTecknowledge . They are PFsense resellers, which is why they talk about it. But they could go straight unifi but they don't. After running PSNs myself for the last 4 years, I like opnsense being a little more open to community involvement, versus the control that PFsense has.).
Opnsense forums have lots of recommendation for hardware, which is the path I went recently. I went with https://protectli.com/, which are just some rebranded hardware sold on Alibaba, but they provide support ontop of the hardware.
I've been down this path before. I'd argue strongly pfSense is non-trivial and will require significant time investment for most people coming off Unifi stuff to learn the ropes, and should not be considered a serious alternative for most people. They have very different target markets and this is reflected in the software. Unifi is much closer to a "plug and play" user experience in comparison to pfSense. The customization options for pfSense are of-course fantastic.
I actually reversed this choice and am back to using the Unifi Controller again - pfSense is superb in production or more-networking-enthusiast style environments, not so nice for "average" home. I used a 5-ethernet port fan-less Intel Atom box almost identical to the one you linked for my homemade pfSense router while it was running, for that purpose it was pretty good.
Point taken. I've been running linux with iptables since 1999. I also spent a few years at Cisco doing network security stuff. So PFsense was a minimal learning curve for me.
But at the same time, I run Google WiFi points as I don't want to deal with them. :)
If you only need to VLAN-tag the 4 ports on that one device, you can do it with like… about literally anything? e.g. an Archer C1750 with OpenWRT does that easily.
The benefit of UniFi is that you can centrally control a bunch of switches. It's definitely overkill and overpriced if you just want an all-in-one.
I need to set up multiple wifi SSIDs, each on a distinct VLAN, and apply firewall rules to ensure things like: hosts in the "home" vlan can open connections to hosts in the "iot" vlan, but "iot" cannot open connections to "home".
Though you'll probably end up with Atheros wifi chipset on modern hardware... and I've found the OpenWRT drivers to be extremely unreliable when providing multiple SSIDs--- crashing every few days instead of weeks of uptime.
I keep hoping that one of the OpenWRT snapshots will fix it, but this is something I've been fighting with for years on multiple pieces of hardware.
I bought a Linksys WRT3200ACM specifically for use with OpenWRT after a bunch of research. It's modern hardware and based on Marvell, not Atheros. I don't have lots of SSIDs, but I do have separate 5G and 2.4G SSIDs, and they're working well enough.
Separate 5G and 2.4G SSIDs are no issue in my experience-- it's multiple SSIDs on one phy where Atheros goes wrong.
I really want WiFi6 gear... but given that there's no real OpenWRT support yet, and how long it's taken 802.11ac to mature in OpenWRT (it arguably hasn't yet), it's kind of discouraging.
as the name implies, that company made a ruckus in the prosumer segment like ubiquiti but since bought by Arris is declining same same (like you only get FW updates with registration).
It's definitely overkill, but what is a homelab if not overkill? It's not really high maintenance, though. Once it's in and running you'll never have to touch it.
The MSP I work at maintain some 500 MikroTik devices, I wouldn't call it particularly high maintenance. Once they're set up they'll just keep working. I've been auto upgrading my stuff at home with beta software for the last 4 years without encountering any issues. (ROS6, 7 is another story).
I have come across several situations where professional network engineers have accidentally left a Mikrotik in a dangerously insecure state by misunderstanding the UI. I like Watchguard or Draytek in the small business space. They are a bit more expensive than Mikrotik though
The MikroTik UI is... an acquired taste. Honestly I don't think it's bad, I would argue that it's among the best GUIs out there for routers. I would be surprised if it's more common for MikroTik routers to be left in an insecure state that any other router, unless it's only because people who work on routers tend to have been trained on Cisco or Juniper and that training just doesn't translate very well to MikroTik. But I'm also not going to die on a hill of defending MikroTik's configuration design choices, there's a lot to be desired.
I replaced my ISP-provided all-in-one box (Orange in France) with an EdgeRouter 4 and it is many, many times more stable. The crap you get from the ISP does not compare.
The management is horrible and how they designed it is horrible as well (from the OS perspective) but once it works, it works.
Has UI gone downhill ? or is it just because of all the negative feedback ?
Data leaks happen! It shouldn't but that's just how the world is. UI has been honest about it, and informed every customer as a precaution. (I assume they're still investigating).
I can't be sure, but since UniFi Video went offline at the same time the breach was announced, a week earlier than it was scheduled to, that might have been the entry point.
In any case, the UDM (despite all the negative talk) is a fine machine, and does what it promises to do. If you want similar performance you're either looking at building something yourself, or paying twice of what you paid for a firewall appliance. The Netgate SG-3100 has less performance at twice the cost.
You need a UI account to set it up, but that doesn't mean you have to allow managing it from the cloud. Disable the cloud controller access and any access to your firewall configuration will have to happen from your local network. I'm unsure if you can disable the UI account, but i have a spare UDM sitting around so i will test it.
I built up my companies network infrastructure on unifi gear the past two years. I did so because we don't have budget for a professional network engineer, but we do have some important network requirements that I needed to be able to set up with minimal learning curve. For the most part this turned out great, there's a powerful UI that lets you configure all of the basics. And lets you inspect everything without having to relearn a bunch of tools and concepts everytime. I'd say perfect for a situation where the CTO has to 'solve' the network.
What disappointed me is that some aspects are really unfinished, and it looks like there's no intention of it to be fixed.
For example we bought their pro firewall (which has been out for years), it's got 2 WAN ports for automatic fail over. To use the 2nd WAN port I had to switch over the UI back to legacy mode. Ok weird but I guess the new UI is still sort of new. But then it turned out that to configure automatic fail over in the most common way, I needed to ssh in and edit configuration files manually.
It didn't turn out to be very hard, but it was just jarring. One of their flagship products, and of the 4 ports it has, 1 port is not supported in their main UI and it's most common use is not possible even in their legacy UI.
Unifi Protect has similar incompleteness issues.
I don't think there's a company that does it better than Ubiquity right now, just disappointed that it stops there.
I agree there's a lot of unused potential with their existing product line, but as you said, nobody does it better currently.
I've been running Ubiquiti gear for years, from a single 2.4GHz UAP with the Edgerouter products, to my current setup with UDM Pro, 10 GB backbone and multiple NanoHD access points, and to use an Apple quote, "It just works". I don't have a complicated setup, just some basic VLANs, firewall rules, radius assigned VLANs via MAC, and IDS/IPS, so maybe that's why i'm not having any issues with it.
I have the technical skill to set it up from scratch if i wanted a second day job, but i don't anymore. I've run on homebuilt devices, on a Soekris net4801, on an Alix APU1D4, on m0n0wall and PfSense in various configurations, latest on a Netgate SG-3100, and while the SG-3100 comes very close to being a network appliance, it still managed to crash to a point where i was flashing it and setting it up over a USB cable, and while Netgate support was very helpfull, that's hardly something you'd ask the average consumer to do.
On the access point side of things the only real contender would be Meraki, but those are 2-3 times the cost of UniFi gear. You could of course also get a bunch of Zyxel/Netgear/whatever consumer devices and put them in bridge mode, and lose all central management.
In fairness, SSH in and edit a file is the "standard" here. I used to manage a bunch of Cisco devices, and I don't believe there was a GUI at all.
I would generally expect the UI to be for enthusiasts, with the more advanced functionality hidden in the CLI (kind of like Windows). WAN Failover probably isn't super popular among enthusiasts
For the routing/firewall side, I would encourage looking at either pfSense (as others here have suggested), or possibly VyOS.
I used to have several Ubiquit USG devices as well as their EdgeRouter.
I moved to pfSense as it's open-source, more stable, and gives you much better control/configurability on your hardware. There's a great ecosystem of packages on pfSense, that you can install via the web UI - making it a really feature-packed for a homelab.
However, recently I've been moving to VyOS to pfSense, which is basically a stripped-down Linux distro, with a heavily tuned FRR routing stack built on top of it.
VyOS is an open-source fork of Vyatta, which was previously owned/released by Brocade networks.
It operates with a CLI, like many enterprise/commercial routing products. It takes a bit of getting used to, but it's really great to use in practice, and makes it easy to diff configurations, or rollback changes, or copy the same configuration across multiple devices.
And of course, it implements with config-management software like SaltStack/Ansible (via Napalm), which is something that pfSense. If you have multiple pfSense devices, you basically need to point/click via the web UI on each one.
For APs - Ruckus is great, as is HPE/Aruba (they have a new low-cost line that's targeting the Prosumer market) - they have both been leaders in the wifi field for ages, and have things like AP handover, RF tuning/optimisation, adaptive antennas etc down pat.
I have a Mikrotik Audience I can wholeheartedly recommend. The performance is great, it had a great price and doesn’t look half bad. The UI is very much “pro” in the sense that you get all the options you might ever want to play with which for 90% of the time is just too much.
The wiki is good and the community is really friendly. If you have networking experience or want to something to tinker with it’s a nice deal. If you want something you can set and forget I’d look elsewhere though as the UI is not friendly at all.
I would suggest looking into Mikrotik. Bit of a steep learning curve and a prerequisite that you understand networking, but cheap, reliable, feature packed.
Their WiFi APs are behind the curve (no mu-mimo even afaik), but you can just hook up some other wAP if you need the newer protocol features.
What I do is keep a Mikrotik router that does all the heavy stuff and hang wAPs off of it as needed. I especially love capsman for wAP management. They do have all-in-ones of course, just not my cup of tea.
FritzBox is way better than isp-provided or TP-Link-like boxes but certainly not pro-anything (no vlans or ingress-qos, guest-wifi but no real multi-ssid, severely limited dns-customization ...)
fritzboxes are everything but certainly no "prosumer"-type devices. Most of their "mesh" is still dual band. only the latest repeater "FRITZ!Repeater 3000" is tri-band and afaik there is no router yet available that supports tri-band.
Ironically you can do that with pretty much ANY access point. From TP-LINK, assus all the way to arruba ones (unleashed). BUT you can't do that with unifi ones alone. Go figure. You need a usg+key or the discontinued UDM you have.
This is wrong. First, the UDM is not discontinued- it's for sale right now. Second, you don't need a USG+key to do VLANs. You do need to run a Unifi controller, but you can self host that anywhere like on a RasPi or in a VM. You don't need a USG to do the tagging and routing, either... the VLANs you set in the Unifi controller will work with any router/gateway it's just not all streamlined into the controller interface if you use a separate gateway. I know this because I do exactly that, I have a pfSense gateway and Unifi switches/APs.
VLANs are at layer 2 which is switching. Routing is layer 3.
I have several Unifi switches and a controller (running on an rpi) on my network but I use my own router. I can setup VLAN access ports and trunks all day on the switches no problem, but I can't control the layer 3 routing between those VLANs with the controller, which is what you're talking about. By setting up a gateway/network on each VLAN from my router I can control routing. It's just not as slick as having a USG where it's all controlled via the controller UI.
A couple of their top of the line switches can actually do layer 3 switching. I haven't actually tried that, but the docs don't mention it requiring a USG so I don't think it does.
Yes. As I said, I do that myself with a pfSense firewall/router into Unifi switches and APs with multiple VLANs and routing between them. I've also done it with an Edgerouter + Unifi switches and APs, and a Mikrotik router too. Of course the Unifi controller doesn't control a non-Unifi router, but you can set up whatever VLAN arrangement you want in the Unifi controller and then set up your router to match and do whatever inter-VLAN routing you want separately in its own interface.
It is not all nicely integrated together if you use a separate router (obviously), but it's not like it makes it impossible. It's not even difficult... at least not any more than it would be in any other setup.
Same here but with opnsense instead of pfsense. It would be great to have all of the info in the controller's dashboard, but I wasn't thrilled with what ui had available over the last year and figured I'd punt buying a usg or similar down the road a few years.
I personally wouldn't recommend it, the USG and their other Unifi gateways are actually kinda limited feature wise. You get all the stuff in the dashboard, but I'd say it's fairly primitive compared to what you'd be used to in ***sense. It's a good solution for people who want something turnkey, but if you're a prosumer/homelabber type you're better off leaving switching and APs in Unifi but using something else for the gateway. I do quite like the EdgeMax routers like the ER-4 paired with Unifi, however. Just my own perspective having tried all of the above.
It's not, the parent is wrong. I'm not sure if I would 100% recommend one (it depends on your needs and how nervous Ubiquiti's recent business decisions make you), but it's not discontinued nor about to be.
I’m not sure how it is that they still don’t have a hardware update to the USG3P that can enable both IPS and DPI without throttling network speeds to sub-80Mbps speeds. It’s been years now.
I’m a big fan of the ecosystem and I’ve recommended it to many people but I’m constantly astonished by the slow pace of hardware updates.
I guess you're more waiting for the XSG-Pro, which was announced at least a year ago but hasn't materialized yet. I'm guessing that the UDM and UDM-Pro are meeting the needs for most customers, although obviously they're not the right fit for everyone.
The USG3P can do gigabit (I get very close to gigabit speeds in internet speed tests - ~950/950) but I can’t use IPS/IDS without severe performance penalties. It basically becomes a fancy router with little in the way of actual “security” besides its basic firewall functionality.
I am aware of the UDM Pro and USG Pro but those things are expensive 1U monsters. Maybe fine for SMB use but this is for home use and I’m very space constrained.
If Ubiquiti made a small footprint security gateway with some modern hardware (the USG3P is some 8 years old at this point!) I’d buy it in an instant.
Second this. I'm no great expert in this area but have greatly enjoyed using Ubiquiti gear for my home the past few years. If there is something else that offers a comparable experience at similar price point would be great to know. The Unifi Controller software has been some of the nicest I've used in a domestic setting.
Strange, I found the Unifi Controller web UI to be really poorly architected.
1) You start a .app that sits for a few seconds then requires you to launch the browser by clicking a button. While using the browser, you can't close the extra window for the controller.
2) On the browser, you go to a localhost website that has an invalid TLS certificate (you can a "Not Secure" warning) and have to click through to the unsafe website (and it's still like that in my current Unifi version).
3) The login page doesn't let you use the Chrome password manager, so you have to type it all in each time to access a local program.
4) In the web UI, the icons are not intuitive, and some combination of circles and rounded rectangles.
5) The new UI makes it seem like you can configure things that can't actually be configured outside your router.
6) Speaking of your router, Ubiquity's own EdgeRouter routers aren't supported in the Controller UI. They require a completely different interface.
I'm not sure it's fair to fault the Unifi software for using a self-signed SSL certificate. I think the only theoretical security risk here would be that Ubiquiti could decrypt the traffic between you and your Unifi controller, if they could somehow obtain it. (Someone please correct me if I'm wrong.)
Ultimately, if you don't trust the certificate it comes with, it's not too difficult to replace it with one of your own (in fact, the page you linked explains how).
I haven't had the password manager issue you describe. KeepassXC in Chrome and Firefox both fill out my credentials successfully on the login page. I totally agree about the UX of the web application though. It feels like over time, options have become more and more hidden and the icons more cryptic.
- Without a valid SSL certificate, there's no way to tell whether you're actually visiting your UniFi controller or a honeypot. Ubiquiti isn't the risk here.
- UniFi features that depend on WebSocket and WebRTC are unavailable when using self-signed certificates. This includes live stats updating, device terminal, airView, etc. (Those features can be used in the cloud UI... if your Internet connection happens to be working fine.)
- Valid SSL certificates would be easy to auto-provision these days with LetsEncrypt. There are some minor challenges around port forwarding / relay, but that isn't rocket science. If Plex can figure it out, Ubiquiti can figure it out :)
Enabling non self-signed TLS certificate on IoT devices looks like easy task but actually it has difficulty. Especially router is hard because it bootstrap WAN connection.
You can reverse-proxy the traffic into the Ubiquity app, and have your RP terminating the TLS connection. This is what I do and I get a correct HTTPS connection to the web site.
Well, sorry for that. I will have to google "reverse proxy" a little bit more. And thank the god of your choice for having that setup miraculously working at home on my server.
What to say - maybe before assuming that someone "don't really know how any of this works" you may, just a second, think that the person your comment is directed to has written a security reverse proxy and presented on that on one of the largest security conferences.
Or not, maybe that I really do not know how terminating traffic on MY reverse proxy and sending it upstream to MY ubnt controller works. Who knows.
In that case, you'd understand the difficulties of providing a product or piece of software out of the box with valid certificates without user setup, as you've done (without running all user data through offsite servers).
I too have a working reverse proxy setup or few. I certainly don't expect something using a "localhost site" to come with valid certificates. Unless they somehow get a valid cert for https://localhost
Edit: apologies for the assumption, I didn't realise that you weren't the guy I originally replied to. I'm new around here.
But you can replace the certificate if you want to. But many users won't have a static IP address they can use to point to their controller, and many don't even own a domain, which means the self-signed certificate is the only option.
Its not the most pretty thing, but has a lot of features I wanted in Unifi; Ruckus has a version of firmware you can load on their APs called Unleashed. It turns one of the APs into the controller, then you can manage all of them from there.
You can run the controller software locally [0]; I use Unifi switches and APs, but use pfSense for routing/firewall. After getting a look at what Unifi offers for that with a Dream Machine, I'm pretty happy with my choice.
I once worked for a company, there were some "grievances" between the programmers and CEO (nothing major) but enough to elicited a "meeting" between all the devs and the CEO to "smooth" things over and build a better path forward, we will all in high spirits for the meeting and optimistic.
The very FIRST opening line from the CEO in the meeting was:
"How extremely lucky we(programmers) are to be working there..."
It all kinda just went downhill from there... 6 Months most of the programmers quit.
I can't see that they're actually selling solar panels. What I do see is them selling a specialized switch that is powered by solar panels and a battery that can then be used to power remote devices in locations where they would otherwise need to run power lines.
It's not traditional networking gear, sure, but I can certainly see the play they're making, so I wouldn't call this a scatter-shot approach.
They did sell solar panels but the product line was mostly killed. Product number SM-SP-260W-DC-US. You can find a legacy datasheet for the product family still.
But I think this is an example of them having an ideas they only end up abandoning. They are now selling an access control solution, but would you trust them to be standing behind this in 5 years? Enough to deploy it to a customer building? Not me. Attractive for the hobbyist perhaps.
I think some of their seemingly wackier stuff makes marginally more sense when you think of them trying to outfit their WISP customers - having solar to power stuff on your rohn tower, manage it all from one pane of glass, that kind of thing. They had a whole line of managed power products (since abandoned) for several years aimed at this crowd.
Any running Linux kernel is a router. You just have to know how to configure it. Of course, you might be expecting a lot more than just a router, ie. DHCP, DNS, traffic shaping etc. It's all available in most distros.
The saddest part is that we had many good engineers who could have continued to do amazing things with the UniFi momentum. So much time was wasted on dead end products like FrontRow. Most everyone I know left for jobs where we were treated better and paid more.