Issue with Configurator showing in Haas.IO

DavidFW1960 · November 11, 2017, 4:23am

I have just installed Haas.io on a RPi3 - pretty painless.

I’m trying to get the configurator working. I have the following in my yaml file:

panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: http://hassio.local:3218

This works perfectly and puts it in the menu as expected. However, chrome says the page is trying to load scripts from unauthenticated sources and I can allow them and it works.

In an attempt to fix this, I forwarded port 3218 on my router to the Pi and it just won’t work. I do have LetsEncrypt installed and I access my Hass.io by going to:
https://my-duck-dns.duckdns.org:8123 and I get the green padlock and all’s well. If I access the configuration page and allow unsafe scripts (without the port forward) I get insecure site warnings. If I do the port forward it just doesn’t work.

Any advice?

danielperna84 · November 11, 2017, 10:09am

Did you configure the configurator to use the same certificate as you Home Assistant? The certificate has to be used for both. And in that case you also have to change the URL for the panel to use https as well.

DavidFW1960 · November 12, 2017, 5:18am

Well I thought I did.

In my config yaml file it’s set to /ssl/fullchain.pem etc.
The default for the configurator is just without the /ssl/

I also found I couldn’t get any data if I just went to https://my-domain.duckdns.org:3218 it just said no data - this is without even trying to get in via the panel. I think until I can get this working it won’t work from within home assistant.

I had this as my setup:

{
  "username": "nice-username",
  "password": "nice-password",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "ssl": true,
  "allowed_networks": [
    ""
  ],
  "banned_ips": [
    ""
  ],
  "ignore_pattern": [
    "__pycache__"
  ]
}

I can’t even connect on https://x.x.x.x:3218
I think it’s an issue with the certificate but don’t know how to correct it.

danielperna84 · November 12, 2017, 11:47am

Your allowed_networks is empty. Hence every connections is being dropped. Not knowing anything about your network you probably have to add something like 192.168.1.0/24 or even 0.0.0.0.

DavidFW1960 · November 13, 2017, 12:53am

I added my local network - I get an error when I try https://my-domain.duckdns.org:3218 which says ‘policy not fulfilled’

The Log says:

starting version 3.2.2
INFO:2017-11-13 11:50:14,418:main:Starting server
INFO:2017-11-13 11:50:14,422:main:Listening on: https://0.0.0.0:3218
INFO:2017-11-13 11:50:43,925:main:Requesting authorization
INFO:2017-11-13 11:50:43,926:main:x.217.12.67 - “GET / HTTP/1.1” 401 -
INFO:2017-11-13 11:51:44,714:main:x.217.12.67 - “GET / HTTP/1.1” 420 -
INFO:2017-11-13 11:51:45,037:main:x.217.12.67 - “GET /favicon.ico HTTP/1.1” 420 -

Interestingly, if I change the ip address to my public IP address it connects!

I have also tried entering 0.0.0.0 and I get policy not fulfilled.
I have tried entering my-domain.duckdns.org as the allowed IP address as well. Can’t make it work.

danielperna84 · November 13, 2017, 1:02am

Try 0.0.0.0/0. Don’t know out f the top of my head if the /0 is needed, but if 0.0.0.0 alone doesn’t do the trick, it may be.

DavidFW1960 · November 13, 2017, 1:05am

When I enter my-domain I get this error:

This page isn’t working

my-domain.duckdns.org didn’t send any data.
ERR_EMPTY_RESPONSE

DavidFW1960 · November 13, 2017, 1:07am

Ah! Bugger! 0.0.0.0/0 and I can connect!!! Woot!
Cheers. I’ll just put this in the configuration.yaml now.

This would be good to add to the docs.

DavidFW1960 · November 13, 2017, 1:12am

So restarted and it’s working correctly from within Home Assistant now. Phew!

DavidFW1960 · November 13, 2017, 1:18am

Regarding this note:

Be careful when setting up port forwarding to the configurator while embedding into Home Assistant. If you don’t restrict access by requiring authentication and / or blocking based on client IP addresses, your configuration will be exposed to the internet!

I do have a username and password. Is it possible to limit unsuccessful logins after 5 attempts like I can for the frontend?

danielperna84 · November 13, 2017, 7:13pm

There will be when this PR gets merged. The banlimit option is new and will do exactly that.

DavidFW1960 · November 13, 2017, 10:33pm

Thanks Daniel - I saw you had written about this yesterday in a different thread. Excellent news.

Vlad · November 14, 2017, 3:07am

Just spend couple hours to configure it with Hass.io .
Finally in configuration.yaml, url must be https://hassio.local:3218:
panel_iframe:
configurator:
title: Editor
icon: mdi:wrench
url: https://hassio.local:3218

In Configurator Options:
{
“username”: “",
“password”: "”,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“ssl”: true,
“allowed_networks”: [
“192.168.1.0/24”
],
“banned_ips”: [
“”
],
“ignore_pattern”: [
“pycache”
]
}

DavidFW1960 · November 15, 2017, 8:30pm

Hi Daniel - I see it’s merged now. Excellent!

Just a question, with the main hassio, a text file is created with the banned IP and you can delete that if your IP got banned. Is there any way to reset the banned IP for the configurator?

danielperna84 · November 15, 2017, 11:02pm

You just have to restart the add-on. I’m not using hassio, but if I recall correctly there’s a menu where add-ons can be restarted.

DavidFW1960 · November 15, 2017, 11:03pm

OK so an IP is only banned until you restart the add-on - there’s a button to restart it so that’s easy.

danielperna84 · November 15, 2017, 11:07pm

Correct. This feature is meant to be a defense against brute force attacks. For statically banned IPs there’s an extra option available (banned_ips).

ngknick · March 21, 2018, 11:42pm

hey David, I seem to be getting a lot of the same errors you did. (I also end up looking at a lot of your other threads when I hit the same snags! I’m looking at you google…so thanks for taking on some of these battles for me already.) My issue now is when I connect via the configurator from the panel iframe my connection becomes unsecure. I can use 192.168.x.x or 0.0.0.0/0 in the configurator configuration - but I’m not sure where you added it in the config.yaml file when you got it to work?

0.0.0.0/0 and I can connect!!! Woot!
Cheers. I’ll just put this in the configuration.yaml now.

In my config.yaml file I have my local Hassio address 192.168.x.x:3218 - but not sure where to add the 0.0.0.0/0 ? Not sure if it matters, but I haven’t setup any add’l ports for it…unless I need to?

DavidFW1960 · March 21, 2018, 11:48pm

Hi,

I am using duckdns/letsencrypt so in my configuration.yaml I have this:

#Configurator, Terminal & MDI Icon Files
panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: https://my-domain.duckdns.org:3218/sesame-i-defined

In the configurator, here are my options:

{
  "username": "my-username",
  "password": "my-password",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "ssl": true,
  "allowed_networks": [],
  "banned_ips": [
    ""
  ],
  "banlimit": 5,
  "ignore_pattern": [
    "__pycache__"
  ],
  "dirsfirst": true,
  "sesame": "sesame-I-defined"
}

I also forward port 3218 to 3218 in my router

Hope that makes sense and helps

pedro991 · May 5, 2018, 10:27pm

Hey hi, how did you solve the ERR_EMPTY_RESPONSE error?
I’m trying router_ip/hassio_ip but there is no way to get it trough