Issue with Configurator showing in Haas.IO

I have just installed Haas.io on a RPi3 - pretty painless.

I’m trying to get the configurator working. I have the following in my yaml file:

panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: http://hassio.local:3218

This works perfectly and puts it in the menu as expected. However, chrome says the page is trying to load scripts from unauthenticated sources and I can allow them and it works.

In an attempt to fix this, I forwarded port 3218 on my router to the Pi and it just won’t work. I do have LetsEncrypt installed and I access my Hass.io by going to:
https://my-duck-dns.duckdns.org:8123 and I get the green padlock and all’s well. If I access the configuration page and allow unsafe scripts (without the port forward) I get insecure site warnings. If I do the port forward it just doesn’t work.

Any advice?

Did you configure the configurator to use the same certificate as you Home Assistant? The certificate has to be used for both. And in that case you also have to change the URL for the panel to use https as well.

1 Like

Well I thought I did.

In my config yaml file it’s set to /ssl/fullchain.pem etc.
The default for the configurator is just without the /ssl/

I also found I couldn’t get any data if I just went to https://my-domain.duckdns.org:3218 it just said no data - this is without even trying to get in via the panel. I think until I can get this working it won’t work from within home assistant.

I had this as my setup:

{
  "username": "nice-username",
  "password": "nice-password",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "ssl": true,
  "allowed_networks": [
    ""
  ],
  "banned_ips": [
    ""
  ],
  "ignore_pattern": [
    "__pycache__"
  ]
}

I can’t even connect on https://x.x.x.x:3218
I think it’s an issue with the certificate but don’t know how to correct it.

Your allowed_networks is empty. Hence every connections is being dropped. Not knowing anything about your network you probably have to add something like 192.168.1.0/24 or even 0.0.0.0.

I added my local network - I get an error when I try https://my-domain.duckdns.org:3218 which says ‘policy not fulfilled’

The Log says:

starting version 3.2.2
INFO:2017-11-13 11:50:14,418:main:Starting server
INFO:2017-11-13 11:50:14,422:main:Listening on: https://0.0.0.0:3218
INFO:2017-11-13 11:50:43,925:main:Requesting authorization
INFO:2017-11-13 11:50:43,926:main:x.217.12.67 - “GET / HTTP/1.1” 401 -
INFO:2017-11-13 11:51:44,714:main:x.217.12.67 - “GET / HTTP/1.1” 420 -
INFO:2017-11-13 11:51:45,037:main:x.217.12.67 - “GET /favicon.ico HTTP/1.1” 420 -

Interestingly, if I change the ip address to my public IP address it connects!

I have also tried entering 0.0.0.0 and I get policy not fulfilled.
I have tried entering my-domain.duckdns.org as the allowed IP address as well. Can’t make it work.

Try 0.0.0.0/0. Don’t know out f the top of my head if the /0 is needed, but if 0.0.0.0 alone doesn’t do the trick, it may be.

When I enter my-domain I get this error:

This page isn’t working

my-domain.duckdns.org didn’t send any data.
ERR_EMPTY_RESPONSE

Ah! Bugger! 0.0.0.0/0 and I can connect!!! Woot!
Cheers. I’ll just put this in the configuration.yaml now.

This would be good to add to the docs.

So restarted and it’s working correctly from within Home Assistant now. Phew!

1 Like

Regarding this note:

Be careful when setting up port forwarding to the configurator while embedding into Home Assistant. If you don’t restrict access by requiring authentication and / or blocking based on client IP addresses, your configuration will be exposed to the internet!

I do have a username and password. Is it possible to limit unsuccessful logins after 5 attempts like I can for the frontend?

There will be when this PR gets merged. The banlimit option is new and will do exactly that.

Thanks Daniel - I saw you had written about this yesterday in a different thread. Excellent news.

Just spend couple hours to configure it with Hass.io .
Finally in configuration.yaml, url must be https://hassio.local:3218:
panel_iframe:
configurator:
title: Editor
icon: mdi:wrench
url: https://hassio.local:3218

In Configurator Options:
{
“username”: “",
“password”: "
”,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“ssl”: true,
“allowed_networks”: [
“192.168.1.0/24”
],
“banned_ips”: [
“”
],
“ignore_pattern”: [
pycache
]
}

Hi Daniel - I see it’s merged now. Excellent!

Just a question, with the main hassio, a text file is created with the banned IP and you can delete that if your IP got banned. Is there any way to reset the banned IP for the configurator?

You just have to restart the add-on. I’m not using hassio, but if I recall correctly there’s a menu where add-ons can be restarted.

OK so an IP is only banned until you restart the add-on - there’s a button to restart it so that’s easy.

Correct. This feature is meant to be a defense against brute force attacks. For statically banned IPs there’s an extra option available (banned_ips).

hey David, I seem to be getting a lot of the same errors you did. (I also end up looking at a lot of your other threads when I hit the same snags! I’m looking at you google…so thanks for taking on some of these battles for me already.) My issue now is when I connect via the configurator from the panel iframe my connection becomes unsecure. I can use 192.168.x.x or 0.0.0.0/0 in the configurator configuration - but I’m not sure where you added it in the config.yaml file when you got it to work?

0.0.0.0/0 and I can connect!!! Woot!
Cheers. I’ll just put this in the configuration.yaml now.

In my config.yaml file I have my local Hassio address 192.168.x.x:3218 - but not sure where to add the 0.0.0.0/0 ? Not sure if it matters, but I haven’t setup any add’l ports for it…unless I need to?

Hi,

I am using duckdns/letsencrypt so in my configuration.yaml I have this:

#Configurator, Terminal & MDI Icon Files
panel_iframe:
  configurator:
    title: Configurator
    icon: mdi:wrench
    url: https://my-domain.duckdns.org:3218/sesame-i-defined

In the configurator, here are my options:

{
  "username": "my-username",
  "password": "my-password",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "ssl": true,
  "allowed_networks": [],
  "banned_ips": [
    ""
  ],
  "banlimit": 5,
  "ignore_pattern": [
    "__pycache__"
  ],
  "dirsfirst": true,
  "sesame": "sesame-I-defined"
}

I also forward port 3218 to 3218 in my router

Hope that makes sense and helps

Hey hi, how did you solve the ERR_EMPTY_RESPONSE error?
I’m trying router_ip/hassio_ip but there is no way to get it trough