Smartskills Logo

  Skill Help

If you'd prefer bare-bones setup instructions without explanation, see here.

Because LMS is not accessible from outside your LAN, we need to install a so-called proxy to enable secure access to your server from the Amazon cloud.

Our easy-setup[1] procedure deploys a proxy called ngrok to open up a persistent tunnel resulting in a password-protected URL like for your LMS.

Since initializing the tunnel is an outward process originating in your LAN, there's no need to open any ports in your router  — ngrok also takes care of a valid certificate for SSL.

Alexa [443/https] proxy [9000/http] LMS

The skill communicates with your proxy and it is the proxy (perched on the LAN side of your firewall on your local network at home) that actually interacts with LMS.

With this approach, cloud control is password-protected while local control within your LAN remains completely unrestricted. You should therefore not set a password in the LMS settings when using our skills.

There are actually two components to ngrok — a cloud service and an executable running on one of your computers. The ngrok cloud service provides the internet-facing URL that Alexa or a browser 'sees'. Incoming requests to this service are sent down the secure tunnel to your local executable which is always 'listening'. It 'knows' to relay all incoming requests onwards to your LMS server because it's configured accordingly. Responses from LMS simply follow the reverse path back up to the internet-facing ngrok cloud service where Alexa or the browser receives them. It's all lightning fast and adds no perceivable delay to your enjoyment of the skill(s).

[1] You don't have to use this procedure to link the skills. If your LMS is reachable via https due to an existing reverse-proxy running via e.g. nginx or apache in your setup, this can be used as-is. Should you prefer manual setup, see here.

Visit the website (no affiliation) for an explanation of how it works and what plans are available. The free plan[1] works just fine for our purposes so go ahead and Sign Up.

To subsequently authenticate you towards ngrok, you should make a note of your personal authtoken which resides at It will look something like 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p.

Please ignore any download/setup instructions at the ngrok website as they are geared towards setting up access to a web-server on 80 rather than a media server like LMS on 9000. Our installer will automatically download ngrok for you and configure it for LMS.

[1] The easy-setup installer ensures that the skill(s) are updated with the changed tunnel URL whenever you restart ngrok or reboot your machine.

Screenshot of the configurator landing page form

Visit our secure[1] configurator landing page to download your personalized easy-install script. You can do this on any platform and it does not have to be the machine LMS or ngrok runs on.

Please stay within a single browser tab during the entire setup process, as your browser's localStorage does not share/update data between open tabs of the same website.

On the form, provide the following 7 pieces of information:

  •  Target platform / operating system under which ngrok will run.
  •  Region. To minimize latency, ngrok will use a cloud server physically near you. You can choose one of us eu ap au sa jp in.
  •  Authtoken. Paste the personal authtoken you copied after ngrok sign-up (e.g. 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p) or else use the yellow button to visit your ngrok account and retrieve it.
  •  A username to associate with your tunnel to prevent unauthorized access to LMS. It must be at least 4 characters and may not contain spaces or |.
  •  A password to associate with your tunnel to prevent unauthorized access to LMS. It must be at least 8 characters and may not contain spaces or |.
  •  The local fixed IP address used to access LMS inside your LAN. For example, You may omit the http part but not the 9000.
  •  A nickname[2] by which to refer to the tunnel — defaults to lmstunnel if left blank.

When all the entries are completed, press the yellow Download Script button and the script file will be saved by your browser.

Your browser may warn that script files sourced from the internet are potentially harmful — it does this based on the .sh or .ps1 file extension, not the actual contents. Some browsers may even change the extension of the saved file to .txt to render it 'harmless'. If that happens you will need to manually rename with the correct extension before running it.

[1] All sensitive data is transported over SSL and AES-256 encrypted at rest. The resulting file is built in RAM on our webserver — it is never saved to the filesystem.

[2] You should only need to specify a non-default nickname if you have multiple LMS servers and therefore multiple tunnels.

First follow the appropriate instructions for your platform or operating system — pCP, Linux, MacOS, or Windows 10. Then perform account-linking as explained in the bottom paragraph.

Make sure that the LMS server under pCP is already installed and running when you attempt this.

  • Open a terminal. Place[1] the downloaded file in your /home/tc directory.
  • Run it using sh

Installs ngrok as a persistent tcz package and adds it to onboot.lst. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration details. An entry in /opt/ ensures runs at system boot to continually refresh your tunnel details when you reboot.

Debian Linuxes
Applies to any Debian-based distro which supports systemd services and bash scripting. Examples include Max2Play, Raspberry Pi OS, Ubuntu and Debian.

  • Open a terminal. Place[1] the downloaded file in your home directory, e.g. /home/pi.
  • Run it using sudo bash

Installs ngrok to /usr/local/bin/ngrok and creates a service file /etc/systemd/system/ngrok.service to run ngrok as a daemon at boot. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration. Finally, it creates the ~/ auto-updater file that refreshes your tunnel details when you reboot.

Place the downloaded script in your normal Downloadsfolder.

  • In the Finder, open the Applications folder and then Utilities. Double-click on Terminal to pop open a terminal.
  • Inside the terminal window, typecd ~/Downloads
  • Run the installer using sudo /bin/bash (you will need to type your Mac password to authorize).

Installs ngrok to /usr/local/bin/ngrok and creates a launchd file /Library/LaunchDaemons/com.ngrok.onstartup.plist to run ngrok as a daemon at boot. It also builds a file called /usr/local/bin/.ngrok2/ngrok.yml with your configuration. Finally, it creates the /usr/local/bin/ auto-updater file that refreshes your tunnel details when you reboot.

Windows 10

  • Right-click on the downloaded PowerShell file setup.ps1 in your downloads folder and select the option to Run with PowerShell. If that is not allowed on your PC, see the comments in the file for a simple fix.

Installs ngrok to c:\ngrok and creates a config file called c:\ngrok\ngrok_config.yml. In the same directory, you'll see ngrok_autostart.ps1 and a wrapper ngrok_autostart.cmd. A shortcut to ngrok_autostart.cmd is added to Windows' startup apps folder.

Account Linking

When the setup script finishes, you will be told[2] that ngrok is now running a tunnel through a URL like[3]

  • Enable/Link the skill(s) from here: [ → MediaServer | LMS-lite | Playground | Squeeze ][4]. You will be redirected to log in to your Amazon account and authorize/allow Alexa access to the skill in question. The correct language version for your locale will be automatically selected.
  • If you prefer to link the skill(s) manually from the Alexa portal, in the field you will enter the assigned ngrok URL, adding your credentials in the and fields. See here.
If you installed LMS-lite, you can now say "Alexa, discover devices". In the case of MediaServer, say "Alexa, open MediaServer". That's it — enjoy the skill(s)!

[1] If the target system is headless, use ssh or scp via e.g. filezilla, winscp or putty to transfer the script file across.

[2] On the free plan, ngrok can only be run on a single machine in your local LAN so if it's already running you will receive an error. If you run ngrok with the same authtoken in a different (remote) LAN, you must select a different region code for the second instance or it won't work. If you need multiple tunnels in the same LAN, up to 4 can all be run from the same proxying-machine by adding extra tunnel entries to the .yml file. Do it this way rather than trying to run multiple instances of ngrok itself. The legacy help has an example.

[3] If you like, you can verify that the tunnel works by visiting this URL from a browser (enter your chosen credentials in the popup). You'll see the familiar 9000 LMS GUI (notice the ).

[4] If you get a message that you first need to run the installer script before these links will work — and you did already run it successfully — try forced-refreshing the page (hit ctrl-F5 in Chrome). Alternatively, close the browser and then re-open it. The links should then be active.


Setup help for MediaServer and LMS-lite is available at different subdomains of the website. Because your uuid is stored in the browser's localStorage and that is always (sub)domain-specific, you may be told that you have not yet set things up if you alternate between help-file source locations on our server. If this happens, switch to the help subdomain you originally used and your localStorage should still be there. Same is true if you use different browsers or alternate between incognito and regular browsing.

During setup: ngrok errors

If you get a 108 error during setup, it's because ngrok is already running (in the background / on some other machine?) using your authtoken — you can only run one instance on a free account. For a full list of ngrok errors, see here.

monitor ngrok

From any machine in your local network, you can watch what the background ngrok process is doing by browsing to the IP address of the ngrok host machine on port 4040, e.g. or http://localhost:4040. The status tab there will show you the ngrok subdomain assigned to your tunnel.

Alternatively, you can login to your ngrok online dashboard and see your assigned tunnel at

Alexa says: ngrok tunnel invalid

The golden rule is — think before you re-link! It's almost never necessary.

If Alexa tells you your ngrok tunnel no longer exists, manually running the updater script should get you back online again immediately. If it happens regularly, consider using Ethernet rather than WiFi or move the machine closer to your router. Remember, ngrok can run on any machine in your network and happily proxy to LMS on a different machine. If you're running e.g. pCP on a wireless-pi, you can run ngrok on a different/wired machine no problem.

Alexa says: ngrok authorization failure

Unless you deliberately changed the username and password in your .yml file, the only plausible explanation for this is that you dropped a tunnel without running the updater script. In the meanwhile, your old URL was randomly allocated to some other ngrok user (by ngrok, not us) who of course has different credentials to you. So the previously-known tunnel 'exists' but the authorization fails (for you). The cure is to manually restart ngrok on your machine — that way, you will get a new URL without conflict. If you really did change your .yml credentials then you have no option other than to re-link the skill(s). The tunnel credentials are immutable in the Alexa cloud and not pushed as part of updating (for security reasons).

uuid reset

If for whatever reason you want to reset your uuid to start an install with a clean slate, click on the tiny symbol in the info-banner on the configuration page.