Unfortunately not. That’s sort of a chicken/egg problem. When using SSL, you’re arriving at the configurator from your external IP. Depending on your provider this IP usually changes every now and then (that’s why you’re using DockDNS). So what you would like to do is blocking every IP, except your external one. But you never know which IP you’ll get, so you can’t really whitelist it in advance.
You could observe the IPs you get from your ISP (or even just ask directly). They’ll probably be within a certain range. If they start with 82 every time, you could limit the allowed IPs to 82.0.0.0/8. That however breaks if you connect remotely and have some totally different IP.
If you just want to use the configurator from home, then limiting access to IPs from your providers network would be better than 0.0.0.0.
Hey,
I have a feature in mind regarding the external access. How about an Rest-API call HASS can make to the configurator to dynamically add allowed addresses/networks? So for example people with Tasker on their phone could have an automation that publishes the current cellular IP to Home Assistant, and Home Assistant forwards it to the configurator. Or for people that use MQTT they could send the IP to a specific topic.
Would anybody use such a feature or should I discard that idea?
Alternativeley there could be a single destination within the API of the configurator that’s always accessible, and when it’s accessed with the correct credentials, the source IP of the request gets whitelisted.
Sounds good! I would like to a more secure way to access the Configurator.
But If I use a very good login password (e.g. aslfjeo942sdjoylk_asd) how big is the change to get an unauthorized access from anywhere?
Maybe you can a a feature to block on “x” failed login attempts
The standalone vesion of the configurator actually already has a banning feature implemented. With it being enabled (by setting a count of possible retries) access is blocked after the failed attempts (until the service has been restarted). I guess this should be enabled for the hassio version as well.
My current idea is the other way around: always block connections until the, yet to be defined, method for whitelisting has been triggered.
I have this all working with SSL on both HASS and Configurator, but I want to set the password for configurator using the keyring, anyone know how to do this in the python script?
Thanks 
I have a character encoding issue. I run the Home Assistant on a Windows PC and just installed configurator.py, its great!
But it translates my swedish characters (see below)… 
å -> Ã¥
ä -> ä
ö -> ö
Å -> Ã…
Ä -> Ä
Ö -> Ö
It’s very anoying, tried to google it myself but could not find a fix, can anyone help me out?
Thanks.
Did you try using a different browser? In general, the configurator is using UTF-8. So any problem in displaying the content correctly should be more of a local issue than in the configurator itself.
Well the contents of the actual edited files changes… So there is something strange going on. It’s not only in the browser. If I open a file with swedish characters and insert any one single character and saves the file it changes ALL of my swedish characters in the file. I tried Internet Explorer also now, same thing…
I think I can’t really help with that. Even though the configurator is capable of running on Windows, it might be the cause of your problem. There once was a reported issue which also seem to have been related to the encoding, but I never recieved a final answer (and it was a little different anyways).
If it would be possible for you, could yuo spin up a Linux VM and install the configurator there? If so it would be interesting to see if you experience the same problem and we could narrow it down on being related to Windows or not.
There’s an update to version 0.2.3 available.
The important fix is, that it’s compatible to HASS 0.57. The previous method to fetch entities, services etc. (the stuff in the dropdown menus on the left) broke because the used API endpoint was removed (sadly without any annoucement). The new version now uses different endpoints that provide the same data, although not grouped anymore like before. Which you don’t have to care about. What matters is, that it’s working again. 
Hi,
I have just gotten into the Home Assistant setting up.
I was following the instructions closely and they asked me to update the password:
So this is what I typed.
{
“username”: “admin”,
“password”: “secret”,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“ssl”: false,
“allowed_networks”: [“192.168.0.0/16”],
“banned_ips”: [“8.8.8.8”],
“banlimit”: 0,
“ignore_pattern”: [“pycache”],
“dirsfirst”: false,
}
I saved it and started, opening the web UI.
I keyed in the login name and password.
But i keep getting the policy not fulfilled message.
Can someone help?!
Best Regards,
Norman
Does you local network match the one configured in allowed_networks?
Hi,
My computer’s internal IP is 192.168.1.54.
I tried 192.168.1.0/24 after reading the previous threads and it still couldn’t work.
So i tried 192.168.1.54 instead but unfortunately it didn’t work either and instead of “policy not fulfilled” message, it now says the page isn’t working, hassio.local didn’t send any data.
Sorry for this noob problem.
192.168.1.0/24 would be the correct value for your network. In that case I actually don’t know what the issue could be. Do you have any special characters in your password that may be interpreted awkwardly?
Hey guys. Version 0.2.4 has been released. Besides IPv6 support, we now have automatic linting of your yaml code. Thanks a lot @AtoxIO for your work!
Linting may not work as good as the HASS-internal configuration-check (it doesn’t know about the !secrets stuff etc.). But it still gives direct feedback about issues with your syntax. Just click the red icon if there’s an error to get details about the error.
Are you using SSL?
Hey Daniel.
Any possible way to have as an allowed IP address the duckdns domain? At the moment, I have to use an allowed IP address of 0.0.0.0/0 when I have the configurator configured in the side panel.
I tried adding mydomain.duckdns.org but it does not use it.
Unfortunately no, that’s not possible at the moment. The way it is done now is that it compares IP addresses, which works very efficient. Doing this based on domains would require to resolve that domain with every request that arrives, which would have a huge impact on performance.
A workaround would be to add an API to the configurator that allows to add trusted IP addresses at runtime. That way if you monitor your external IP in HA you could have an automation that publishes the new IP to the configurator. Would that be a an acceptable workaround for you?
Hi Daniel - yes that would work fine…