How to enable reverse tunnel

Learn how to use Spotipo if you UniFi controller/UDM/CK does not have a public IP

Rakesh Mukundan avatar
Written by Rakesh Mukundan
Updated over a week ago

If your UniFi controller/ Cloud Key/ UDM/ UDR does not have a public IP you, you won't be able to use an external portal solution like Spotipo. However we now have a reverse tunnel solution that will help you in such situation.

The solution works by creating a reverse SSH tunnel from your controller to our server, so that we can access your controller.

Enable SSH access on your UDM/CK/UDR

If you are using a software controller, ie UniFi controller running on a server, skip this.

Make sure to login to your device by going to https://<it's local IP>, and navigate to Console Settings.

Enable Remote Access and SSH, use the Change Password option to set a password.

SSH into your controller

Using your favorite SSH terminal, log in to the UniFi controller. If you got a CK/UDM/UDR etc use root as username and the password you set above.

Install autoSSH

We will use autossh to keep the connection active, install the same using below command after logging into the controller.

apt install autossh

Generate SSH Keys

Check if you already have a set of SSH keys under /root/.ssh/ if not create them using the command


And then copy the content of /root/.ssh/ and send to us via chat. In return we will assign a USERNAME to you.

Proceed to the next steps once you have a USERNAME from support.

Check the SSH credentials.

Once you have the username from support, execute the below command on the SSH terminal


Accept the fingerprint by typing yes and pressing enter.

The command should return something

Create an AutoSSH service

Now create a file /etc/systemd/system/spotipo-tunnel.service with the below content.

Remember to replace <USERNAME> with the actual username.

Description=AutoSSH tunnel service to spotipo

ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -N -R /:localhost:443 <USERNAME> -p 3333


Now reload the configuration using the command.

systemctl daemon-reload

And start the service

systemctl start spotipo-tunnel.service
systemctl enable spotipo-tunnel.service

Now check the status of the service by

systemctl status spotipo-tunnel.service

It should say something like

Now you should be able to use <USERNAME> as the Hostname for your server in the Settings tab.

Did this answer your question?