If you'd prefer bare-bones setup instructions without explanation, see here.
Because LMS is not accessible from outside your LAN, we need to install a so-called proxy to enable secure access to your server from the Amazon cloud.
Our easy-setup procedure deploys a proxy called ngrok to open up a persistent tunnel resulting in a password-protected URL like https://70c663eee228.eu.ngrok.io for your LMS.
Since initializing the tunnel is an outward process originating in your LAN, there's no need to open any ports in your router — ngrok also takes care of a valid certificate for SSL.
Alexa ↔ [443/https] ↔ proxy ↔ [9000/http] ↔ LMS
The skill communicates with your proxy and it is the proxy (perched on the LAN side of your firewall on your local network at home) that actually interacts with LMS.
With this approach, cloud control is password-protected while local control within your LAN remains completely unrestricted. You should therefore not set a password in the LMS settings when using our skills.
There are actually two components to ngrok — a cloud service and an executable running on one of your computers. The ngrok cloud service provides the internet-facing URL that Alexa or a browser 'sees'. Incoming requests to this service are sent down the secure tunnel to your local executable which is always 'listening'. It 'knows' to relay all incoming requests onwards to your LMS server because it's configured accordingly. Responses from LMS simply follow the reverse path back up to the internet-facing ngrok cloud service where Alexa or the browser receives them. It's all lightning fast and adds no perceivable delay to your enjoyment of the skill(s).
 You don't have to use this procedure to link the skills. If your LMS is reachable via https due to an existing reverse-proxy running via e.g. nginx or apache in your setup, this can be used as-is. Should you prefer manual setup, see here.
To subsequently authenticate you towards ngrok, you should make a note of your personal authtoken which resides at https://dashboard.ngrok.com/auth/your-authtoken. It will look something like 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p.
Please ignore any download/setup instructions at the ngrok website as they are geared towards setting up access to a web-server on 80 rather than a media server like LMS on 9000. Our installer will automatically download ngrok for you and configure it for LMS.
 The easy-setup installer ensures that the skill(s) are updated with the changed tunnel URL whenever you restart ngrok or reboot your machine.
Visit our secure configurator landing page to download your personalized easy-install script. You can do this on any platform and it does not have to be the machine LMS or ngrok runs on.
Please stay within a single browser tab during the entire setup process, as your browser's localStorage does not share/update data between open tabs of the same website.
On the form, provide the following 7 pieces of information:
When all the entries are completed, press the yellow Download Script button and the script file will be saved by your browser.
Your browser may warn that script files sourced from the internet are potentially harmful — it does this based on the .sh or .ps1 file extension, not the actual contents. Some browsers may even change the extension of the saved file to .txt to render it 'harmless'. If that happens you will need to manually rename with the correct extension before running it.
 All sensitive data is transported over SSL and AES-256 encrypted at rest. The resulting file is built in RAM on our webserver — it is never saved to the filesystem.
 You should only need to specify a non-default nickname if you have multiple LMS servers and therefore multiple tunnels.
First follow the appropriate instructions for your platform or operating system — pCP, Linux, MacOS, or Windows 10. Then perform account-linking as explained in the bottom paragraph.
Make sure that the LMS server under pCP is already installed and running when you attempt this.
Installs ngrok as a persistent tcz package and adds it to onboot.lst. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration details. An entry in /opt/bootlocal.sh ensures ngrok_startup.sh runs at system boot to continually refresh your tunnel details when you reboot.
Applies to any Debian-based distro which supports systemd services and bash scripting. Examples include Max2Play, Raspberry Pi OS, Ubuntu and Debian.
Installs ngrok to /usr/local/bin/ngrok and creates a service file /etc/systemd/system/ngrok.service to run ngrok as a daemon at boot. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration. Finally, it creates the ~/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Place the downloaded setup.sh script in your normal Downloadsfolder.
Installs ngrok to /usr/local/bin/ngrok and creates a launchd file /Library/LaunchDaemons/com.ngrok.onstartup.plist to run ngrok as a daemon at boot. It also builds a file called /usr/local/bin/.ngrok2/ngrok.yml with your configuration. Finally, it creates the /usr/local/bin/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Installs ngrok to c:\ngrok and creates a config file called c:\ngrok\ngrok_config.yml. In the same directory, you'll see ngrok_autostart.ps1 and a wrapper ngrok_autostart.cmd. A shortcut to ngrok_autostart.cmd is added to Windows' startup apps folder.
When the setup script finishes, you will be told that ngrok is now running a tunnel through a URL like https://70c663eee228.eu.ngrok.io
 If the target system is headless, use ssh or scp via e.g. filezilla, winscp or putty to transfer the script file across.
 On the free plan, ngrok can only be run on a single machine in your local LAN so if it's already running you will receive an error. If you run ngrok with the same authtoken in a different (remote) LAN, you must select a different region code for the second instance or it won't work. If you need multiple tunnels in the same LAN, up to 4 can all be run from the same proxying-machine by adding extra tunnel entries to the .yml file. Do it this way rather than trying to run multiple instances of ngrok itself. The legacy help has an example.
 If you like, you can verify that the tunnel works by visiting this URL from a browser (enter your chosen credentials in the popup). You'll see the familiar 9000 LMS GUI (notice the ).
 If you get a message that you first need to run the installer script before these links will work — and you did already run it successfully — try forced-refreshing the page (hit ctrl-F5 in Chrome). Alternatively, close the browser and then re-open it. The links should then be active.
Setup help for MediaServer and LMS-lite is available at different subdomains of the smartskills.tech website. Because your uuid is stored in the browser's localStorage and that is always (sub)domain-specific, you may be told that you have not yet set things up if you alternate between help-file source locations on our server. If this happens, switch to the help subdomain you originally used and your localStorage should still be there. Same is true if you use different browsers or alternate between incognito and regular browsing.
If you get a 108 error during setup, it's because ngrok is already running (in the background / on some other machine?) using your authtoken — you can only run one instance on a free account. For a full list of ngrok errors, see here.
From any machine in your local network, you can watch what the background ngrok process is doing by browsing to the IP address of the ngrok host machine on port 4040, e.g. http://192.168.1.8:4040 or http://localhost:4040. The status tab there will show you the ngrok subdomain assigned to your tunnel.
Alternatively, you can login to your ngrok online dashboard and see your assigned tunnel at https://dashboard.ngrok.com/status/tunnels.
The golden rule is — think before you re-link! It's almost never necessary.
If Alexa tells you your ngrok tunnel no longer exists, manually running the updater script should get you back online again immediately. If it happens regularly, consider using Ethernet rather than WiFi or move the machine closer to your router. Remember, ngrok can run on any machine in your network and happily proxy to LMS on a different machine. If you're running e.g. pCP on a wireless-pi, you can run ngrok on a different/wired machine no problem.
Unless you deliberately changed the username and password in your .yml file, the only plausible explanation for this is that you dropped a tunnel without running the updater script. In the meanwhile, your old URL was randomly allocated to some other ngrok user (by ngrok, not us) who of course has different credentials to you. So the previously-known tunnel 'exists' but the authorization fails (for you). The cure is to manually restart ngrok on your machine — that way, you will get a new URL without conflict. If you really did change your .yml credentials then you have no option other than to re-link the skill(s). The tunnel credentials are immutable in the Alexa cloud and not pushed as part of updating (for security reasons).
If for whatever reason you want to reset your uuid to start an install with a clean slate, click on the tiny symbol in the info-banner on the configuration page.