I managed to set up a Cloudflared tunnel so that I could connect remotly to my HA instance. I simply added the domain in as the server in the HA app and logged in and it worked for about a month until today. The app showed me cloudflares site to verify my account with my email which I did but now it fails like this;
However I can still access the tunnel just fine from a web browser.
I think the issue might be in the app? In cloudflared, a session lasts a month before requiring signing in again.
I’ve been using it off an on for a few years without to many issues. although I do run cloudflare in its own lxc on proxmox.
I have had that issue a few times and re-authenticating within the app has always worked.
have you changed any of the zero trust app access settings within cloudflare.
and is the tunnel status again within cloudflare, showing healthy?
I didn’t think cloudflare ever worked with the app without setting up mtls certificates (at least with any kind of authentication. Something about not handling the login cookies I think.
I’ve not set it up, only researched it so I may not be the one to solve it, but I’m sure we’d need more info about your configuration.
Alright, to clarify. I run Cloudflared (and HA for that matter) in separate docker containers. I set up cloudflared for about 2 years ago and it has worked flawlessly. Though I settled for connecting remotly using my browser. The app still pointed at my local instance. In cloudflared zero trust, I only allow cloudflared accounts with specific emails. So you get a pin code that you entee and then you can access HA for 30 days before having to redo the pin authentication.
Last month, I got an idea to just put in the cloudflared domain directly as a server in HA app so that the app always works regardless of the network. I was asked for the pin and it all worked perfectly! But now, my session 30 day limit has expired. I was asked for a pin as usual but then the errors appeared.
Found these threads with the same issue:
There might be some cookie or cache not being cleared in the HA app? Sure I could remove the policy but it would leave my HA instance open to the world. Reinstalling HA app maybe also works but that is not viable to do every month.
The HA Android app does not appear to support token auth (used by the Cloudflare tunnel) at this time. When auth is turned on, the HA app will open a browser, but after sign in the token never makes it back to the app. This is why auth works in a browser, but not in the app. We can however use mTLS to get around this.
I guess setting up the cert is the next step.
Using cert seems to be the way, works for me at least!
