If you'd prefer bare-bones setup instructions without explanation, see here.
LMS pre-dates the cloud era and was never designed to be controlled from outside your home. Luckily we can install a separate piece of software called a proxy to facilitate ultra-secure access for Alexa.
If you have any install-related questions then you can ask them at the slimdevices forum here.
Our easy-setup procedure deploys a free proxy called ngrok, with no need to open any router ports or worry about a certificate for SSL. When completed, your LMS will be reachable via its own password-protected URL like https://70c663eee228.eu.ngrok.io.
The skill communicates through a so-called tunnel with 'your' ngrok, which in turn interacts with LMS:
Alexa ⇆ [443/https] ⇆ ngrok ⇆ [9000/http] ⇆ LMS
There are actually two components to ngrok — a cloud service and a program we'll install on one of your computers. The ngrok cloud service provides the internet-facing URL that Alexa or a browser 'sees'. Incoming requests to this service are sent down the secure tunnel to your local program which is always 'listening'. It 'knows' to relay all incoming requests onwards to your LMS server because it's configured accordingly. Responses from LMS simply follow the reverse path back up to the internet-facing ngrok cloud service where Alexa or the browser receives them. It's all lightning fast and adds no perceivable delay to your enjoyment of the skill(s).
With this approach, cloud control is password-protected while local control within your LAN remains completely unrestricted. You should therefore not set a password in the LMS settings when using our skills.
 SliMP3 dates from 2001. Logitech stopped development of LMS in 2012.
 You don't have to use this procedure to link the skill(s). If your LMS is already exposed via a https reverse-proxy, this can be used as-is. Should you prefer manual setup, see section Ⅵ here.
Visit the ngrok.com website (no affiliation) for an explanation of how it works and what plans are available. The free plan works just fine for our purposes so go ahead and Sign Up.
Note that at no stage in the easy-setup process will you be asked for the login particulars for your ngrok account. The username and password you will later choose to protect your tunnel are a different concept. The former protect your ngrok account while the latter protect remote access to LMS. If you have difficulty managing multiple passwords, by all means choose Login with Google when signing up for ngrok.
You should make a note of your personal authtoken which resides at https://dashboard.ngrok.com/auth/your-authtoken. It will look something like 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p.
Please ignore any download/setup instructions at the ngrok website as they are geared towards setting up access to a web-server on port 80 rather than a media server like LMS on 9000.
Our installer will automatically download the correct binary version of ngrok for your system and also pre-configure it for operation with LMS.
 A drawback of the free plan is that your assigned ngrok-URL (deliberately) changes every time ngrok restarts. However, our easy-setup installer includes an updater-script to push your new tunnel details off to the skill(s) when that happens.
Visit our secure configurator landing page to download your personalized easy-install script. You can do this on any platform and it does not have to be the machine LMS or ngrok runs on.
Please stay within a single browser tab during the entire setup process, as otherwise your browser's localStorage cannot perform its magic.
On the web-form, provide the following 7 pieces of information:
When all the entries are completed, press the large yellow Download Script button and the script file will be saved by your browser.
Your browser may warn that files sourced from the internet are potentially harmful — it does this based on the .sh or .ps1 file extension, not the actual file contents. Some browsers or antivirus software may even change the extension of the saved file to .txt to render it 'harmless'. If that happens you will need to manually rename with the correct extension before running it. Remember, because the script file is ascii, you can easily check its contents in any text editor.
 All data is transported over SSL and is AES-256 encrypted at rest.
 For Max2Play, choose Linux 32 or 64 bit. Windows 10 and 11 are supported as-is — earlier versions may work if your system's PowerShell is v5.1 or greater.
 The password you choose for your tunnel is stored in plain-text in ngrok's .yml file on your machine. It's probably wise not to re-use a password you use elsewhere.
 You only need to change the nickname if you have multiple LMS servers and therefore multiple instances of ngrok in parallel use. You'll never encounter the nickname otherwise.
Follow only the appropriate instructions for your platform or operating system — pCP, Linux, macOS, or Windows:
Make sure that the LMS server under pCP is already installed and running when you attempt this.
Installs ngrok as a persistent tcz package and adds it to onboot.lst. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration details. An entry in /opt/bootlocal.sh ensures ngrok_startup.sh runs at system boot to continually refresh your tunnel details when you reboot.
Applies to any Debian-based distro which supports systemd services and bash scripting. Examples include Raspberry Pi OS, Ubuntu, Debian and Max2Play.
If your target machine is a pi there's one more important step to ensure the OS waits for the network to come up at boot time. Issue the command sudo raspi-config. Choose System Options and then S6 Network at Boot and choose <Yes>.
If something does not work and you are wondering if your fetched ngrok binary is the correct version for your architecture, type which ngrok and then use the file command on the result, e.g. file /usr/local/bin/ngrok. The output will include something like ELF 64-bit LSB executable, x86-64 or ELF 64-bit LSB executable, ARM aarch64.
Installs ngrok to /usr/local/bin/ngrok and creates a service file /etc/systemd/system/ngrok.service to run ngrok as a daemon at boot. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration. Finally, it creates the ~/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Place the downloaded setup.sh script in your normal Downloadsfolder.
Installs ngrok to /usr/local/bin/ngrok and creates a launchd file /Library/LaunchDaemons/com.ngrok.onstartup.plist to run ngrok as a daemon at boot. It also builds a file called /usr/local/bin/.ngrok2/ngrok.yml with your configuration. Finally, it creates the /usr/local/bin/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Installs ngrok to c:\ngrok and creates a config file called c:\ngrok\ngrok_config.yml. In the same directory, you'll see ngrok_autostart.ps1 and a wrapper ngrok_autostart.cmd. A shortcut to that .cmd file is added to Windows' startup apps folder.
 If the target system is headless, use ssh or scp via e.g. filezilla, winscp or putty to transfer the script file across.
When the setup script finished, you were told that ngrok started a tunnel with a URL like e.g. https://70c663eee228.eu.ngrok.io (yours will be different of course).
You can easily verify that your tunnel works correctly by visiting this URL from a browser (enter your chosen credentials in the popup). You should see the familiar 9000 LMS default skin (notice the which you don't see inside your LAN).
You have 2 choices for how to perform account-linking:
If you installed LMS-lite, you can now say "Alexa, discover devices". In the case of MediaServer, say "Alexa, open MediaServer". That's it — enjoy the skill(s)!
Make sure to keep a safe copy of the installer script so that you can re-install ngrok with the same uuid should the need arise. That way, there will be no need to re-link the skill(s).
For MediaServer, verify that LAME is installed on your system if you intend to use any of the stream commands. You can find information on how to do that here.
 The skill(s) should be linked with you logged in as the main user in an Amazon family account. Make sure that FreeTime for Kids is not blocking commands from any Echos you intend to use with the skill(s).
 If the links won't unblock, it's probably just a localStorage issue (your uuid is unretrievable). Try forced-refreshing the page (e.g. hit ctrl-F5 in Chrome). Alternatively, close the browser and then re-open it at this page. The links should then be active.
If you have any unanswered questions then you can ask them at the slimdevices forum threads for Mediaserver or for LMS-lite.
Notice you didn't create an account with smartskills.tech. Each visitor to our configurator is assigned a random uuid which is stored in your browser's localStorage cache so that you don't have to copy/paste as you move from step to step in the overall setup-process. For security purposes, localStorage is domain-specific and even protected across different browser tabs of the same site. That's why you need to perform all steps in the same browser and in the same tab. If you don't, you'll be seen as a new visitor and served up a fresh uuid so where you are in the overall process will be lost.
The golden rule is — think before you re-link! It's almost never necessary.
The updater-script is run whenever you restart your machine but if something goes wrong then you sometimes have to run it manually to recover. Open a terminal and run:
On the free plan, ngrok can only be run on a single machine in your local LAN. If it's already running and you start a second instance, you'll receive a 108 error. If you need to run ngrok with the same authtoken in a different (remote) LAN, you can select a different region code for the second instance as a workaround. If you need multiple tunnels in the same LAN, up to 4 can all be run from the same ngrok instance by adding extra tunnel entries to the .yml file. Do it this way rather than trying to run multiple instances of ngrok itself. The legacy help has an example. For a full list of ngrok errors, see here.
From any machine in your local network, you can watch what the background ngrok process is doing by browsing to the IP address of the ngrok host machine on port 4040, e.g. http://192.168.1.8:4040 or http://localhost:4040. The status tab there will show you the ngrok subdomain assigned to your tunnel.
Alternatively, you can login to your ngrok online dashboard and see your assigned tunnel at https://dashboard.ngrok.com/status/tunnels.
The /stream.mp3 endpoint in LMS requires non-mp3 formats to be transcoded to mp3 for streaming. LMS does this under the hood but it does rely on your system having the LAME encoder utility installed. If you notice that non-mp3 sources produce no sound while streaming, make sure that you have it installed. You can find information on how to do that here.
The easy-setup Windows installation procedure runs ngrok in a windowless process. If you'd prefer to run ngrok as a service that will
survive logouts, do the following. You will need to use a program that can create services from
regular .exe files. An example of a free program that does this is
NSSM (Non-Sucking Service Manager). Download NSSM and place its exe in the
same directory as ngrok. Open a cmd or Powershell
terminal and cd into the same directory as your nssm.exe. Run the following command:
nssm.exe install ngrok
select the ngrok executable in the window that appears and add the following to the arguments:
start --all --config="C:\ngrok\ngrok_config.yml"
then press 'Install service'. The service can now be managed from service manager. Start it here or alternatively open a cmd as administrator and run the following:
sc start ngrok
If for whatever reason you want to reset your uuid to start an install with a clean slate, click on the tiny symbol in the info-banner on the configuration page.