I use AWS Lightsail $5/mo plan for multiple sites. 1GB ram does get a little tight. So far a reboot every month or so does the trick. Unifi runs nightly backups. That folder is synced out to S3/Glacier along with occasional snapshots. Especially important to snapshot before upgrading controller versions. Open firewall TCP on 80,443,8080,8443,8843,8880,8883 UDP 3478. 22 is only opened when I need to do some console work.
Do a set-inform either command line or use the Chrome App on each device to unifi.yourdomain.com:8080 and you are all set. Adopt the device and move it from Default to the customer site. Sometimes you have to set-inform a second time after you hit adopt or maybe I just get impatient. Note the password gets changed from ubnt/ubnt to whatever you have set in the controller after set-inform.
We just upgraded the controller to 5.10.12 this weekend and all seems to be working. It seems sometimes (1% of the time) while the WAPs work fine, they don't connect to the controller after a firmware upgrade or controller software upgrade. Usually a simple hard reboot of the WAP will bring it back on the console. This is why you do want Unifi switches so you can remotely power cycle the port.