Configurator not working

I am running Hassio on RPi 3.
My configurator will no longer pull up from the menu. When I click, I get a sad file icon on a grey baclground that says the connection was reset.
I tried uninstalling and reinstalling the configurator. No change. In the configurator add on, I am able to open the web ui interface.
Any idea as to what I screwed up is appreciated.
Below is the log onformation from the add on.
Log

INFO:2019-02-11 22:22:18,414:main:Requesting authorization INFO:2019-02-11 22:22:18,418:main:192.168.86.219 - “GET / HTTP/1.1” 401 - INFO:2019-02-11 22:22:28,306:main:192.168.86.219 - “GET / HTTP/1.1” 200 - INFO:2019-02-11 22:22:30,747:main:192.168.86.219 - “GET /api/listdir?path=. HTTP/1.1” 200 - INFO:2019-02-11 22:22:31,689:main:192.168.86.219 - “GET /favicon.ico HTTP/1.1” 200 - INFO:2019-02-11 22:22:31,691:main:192.168.86.219 - “GET /favicon.ico HTTP/1.1” 404 - INFO:2019-02-11 22:22:40,664:main:192.168.86.219 - “GET /api/file?filename=/config/configuration.yaml HTTP/1.1” 200 - INFO:2019-02-11 22:23:22,828:main:192.168.86.219 - “GET /api/netstat HTTP/1.1” 200 - INFO:2019-02-11 22:25:16,360:main:192.168.86.219 - “GET / HTTP/1.1” 200 - INFO:2019-02-11 22:25:17,746:main:192.168.86.219 - “GET /api/file?filename=/config/configuration.yaml HTTP/1.1” 200 - INFO:2019-02-11 22:25:18,035:main:192.168.86.219 - “GET /api/listdir?path=. HTTP/1.1” 200 - INFO:2019-02-11 22:25:18,452:main:192.168.86.219 - “GET /favicon.ico HTTP/1.1” 200 - INFO:2019-02-11 22:25:18,453:main:192.168.86.219 - “GET /favicon.ico HTTP/1.1” 404 - INFO:2019-02-11 22:26:08,657:main:192.168.86.219 - “GET /api/netstat HTTP/1.1” 200 -

Thanks,
David

I’m having the same issue here. I believe it must have happened from one of the recent updates although I can’t be sure.

I’ve reported this here:

Can you post your addon config. I am not having any trouble with this.

Hi Dave,

Config below:

{
  "username": "xxxx",
  "password": "xxxx",
  "ssl": true,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "allowed_networks": [
    "0.0.0.0/0"
  ],
  "banned_ips": [
    "8.8.8.8"
  ],
  "banlimit": 2,
  "ignore_pattern": [
    ".*",
    "*.log",
    "__pycache__"
  ],
  "dirsfirst": true,
  "enforce_basepath": true,
  "notify_service": "persistent_notification.create"
}

Hmm, after a full host reload it seems to have come good!

Good to hear… how odd though…

Yeah it must have been something with that particular container, I did try to restart the addon within HA but the full host reload fixed it. I’m having another weird issue since the last upgrade last night to 88.2, a miflora sensor has stopped showing values; are these signs of a bad SD? I’ve not yet experienced a bad SD card in almost two years with this host…

I fixed mine after changing the ssl setting to false from true (may have been the other way around) - I must have tinkered with it and forgot about it, then went to check the configurator, and it wouldn’t open!
All is good now.

Except…
I still can’t access the configurator when I log in using my duckdns address. I only have access from home (192.168.XX.XXX). My duckdns address lets me use all other aspects of the HA, just nothing in regards to the configurator.
I’m running both the Duckdns, and the NGINX add-on.
I followed set-up instructions from the Konnected website (article here: https://help.konnected.io/support/solutions/articles/32000023964-set-up-hass-io-with-secure-remote-access-using-duckdns-and-nginx-proxy)
My RPi3 has a static IP.
I forwarded port 443 to 443. thats my only forwarding.
Any thoughts are appreciated.

Can you show your addon config for nginx?

Is this via an iFrame? What about ipaddress:3218 in a different browser window?

As above, I have access to the configurator when I’m at home using the IP address. I can’t access it when using the duckdns address. Below is my set-up. I have XXX’d out my private / sensitive information.

Here’s a portion from my config file:

http:
  # Secrets are defined in the file secrets.yaml
   api_password: XXXXXXX
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
   base_url: XXXXXX.duckdns.org:3218

and further down:

panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: http://192.168.86.52:3218

Here’s the code from the configurator add-on:

{
“username”: “admin”,
“password”: “XXXXXX”,
“ssl”: false,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“allowed_networks”: [
“192.168.0.0/16”,
“https://XXXXX.duckdns.org:3218”,
“172.30.0.0/16”
],
“banned_ips”: [
“8.8.8.8”
],
“banlimit”: 0,
“ignore_pattern”: [
“pycache”
],
“dirsfirst”: false,
“enforce_basepath”: false,
“notify_service”: “persistent_notification.create”
}

Here’s from the DuckDNS add on:

{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “XXXXXXXXXXXXXXXX”,
“domains”: [
“XXXXX.duckdns.org”
],
“seconds”: 300
}

Lastly, my NGINX add-on information:

{
  "domain": "XXXXXX.duckdns.org",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "hsts": "max-age=31536000; includeSubDomains",
  "customize": {
    "active": false,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }
}

I have my RPI3 on a reserved IP address.
I have port 443 forwarded to 443.

If you see somewhere why I can’t access the configurator using duckdns (remotely) due to my code above, please let me know! Thanks.

You can’t add that duckdns-domain there. Allowed networks always have to be IP addresses / network notations. You also have to add 0.0.0.0/0 to your list of allowed networks (or just change it to []). Which basically allows access from anywhere. So in that case make sure you use strong credentials and consider making use of the sesame option.

Besides that, it seems as if you are using SSL for Home Assistant. When you do that, you also have to use SSL for the configurator (at least when embedding it into the HASS UI). SSL and non-SSL can not be mixed within a single website for security reasons.

On top of that you also have to expose the port of the configurator (3218 by default) in your router. Otherwise your request to your duckdns domain won’t be forwarded to the configurator.

Thanks a lot for reviewing my set-up, danielperna84.
I think I theoretically understand everything you listed. Except I don’t know how to go about “exposing the port” of the configurator (3218 for me, as I didn’t change it) in the router.
Does the require forwarding a port? Is it an line I need to add in any of the configuration codes above?
Thanks again for your assistance.

expose == forward in this context. So do the same for port 3218 as for port 443.

You shouldn’t need to expose an additional port if your NGINX has been setup correctly. I’ll post my config for you soon, i have a working solution.

For base_url, I simply have https://xxxxx.duckdns.org (no port specified). Of course with this, I have 443>443 port forward on my router. This should be all you need if using NGINX.

panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: https://xxxxx.duckdns.org/configurator

Here is my iframe config, the URL will be explained further down in the NGINX configuration file. My configurator and duckdns config is very much the same as yours.

My NGINX config:

{
  "domain": "xxxxx.duckdns.org",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "hsts": "max-age=31536000; includeSubDomains",
  "customize": {
    "active": true,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }
}

Note the ‘active: true’ part in the above. Then I also have this in my /share/nginx_proxy_default.conf file:

location /configurator/ {
    rewrite /configurator/(.*) /$1 break;
    proxy_pass https://192.168.0.xxx:3218;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

This configures the reverse proxy to redirect requests from https://xxxxx.duckdns.org/configurator to the specified local web host, defined in the first line.

One other thing to note is that I use a Pi-Hole addon with the following also defined:

  "hosts": [
    {
      "name": "xxxxx.duckdns.org",
      "ip": "192.168.0.xxx"
    }

This allows LAN clients accessing the https://xxxxx.duckdns.org/configurator to not use the outside IP address but to use the LAN IP instead.

Hope this helps.

I’m trying to configure my set-up to yours. Some questions:

1. Regarding your nginx_proxy_default.conf file, is that just a JSON file you created in the share folder? Because there are no files in my share folder.
2. Regarding your PI-Hole setup, can you show me a copy of your config file from your hassio add-on?

Thanks a lot!

This site will explain what you need to do:

https://khaz.me/accessing-other-applications-with-hassio-nginx-addon/

pi-hole addon config:

{
  "log_level": "info",
  "password": "xxxxx",
  "update_lists_on_start": false,
  "admin_port": 4865,
  "dns_port": 53,
  "ssl": true,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "interface": "",
  "ipv6": true,
  "ipv4_address": "",
  "ipv6_address": "",
  "virtual_host": "xxxxx.duckdns.org",
  "hosts": [
    {
      "name": "xxxxx.duckdns.org",
      "ip": "192.168.0.xxx"
    }
  ]
}

Thanks for the quick response. That link seems a bit technical for me, but I’m chewing on it.
Another thing: I just made the changes (re: your initial post to me 13 days ago), now with both the xxx.duckdns.org and loading my HA locally, when I click the configurator icon on the left hand panel, instead of bringing up the configurator, it opens another instance of home assistant left sided menu (the menu within the menu). Is there a change my NGINX file I created isn’t working to redirect to the configurator port?
Perhaps I miscopied something? Any thoughts?

Try to restart HA but also restart the NGINX addon to refresh any changes made. Do you have configurator in your nginx_proxy_default.conf file?

I would suggest to go through that technical link first.