In order to access my Homeassistant from anywhere I set up the zero trust cloudflare tunnel, which many reported to work well. Actually it does for me too. I can access my Homeassistant without any problem when I am not at home. But locations don’t get updated and in general all the sensors from my iPhone.
I also tried to use the shortcut app to verify if it is a problem of location services which I ruled out as the shortcut couldn’t call the notify service and reported and prompted a operation took to long error (I verified that this shortcut worked via Wi-Fi)
The location updates in the app prompt a outoftime error in the log. So in general i assume that somehow the app services can not connect to the instance but the standard https request for showing and interacting with UI is working.
Did someone else have a similar problem and fixed it?
Or how do the app services communicate to the server so that I maybe can have a look if I need to activate / find some configuration to fix it.
Do you have any Webhook error logs in the Settings > Companion App > Debugging > Event Log? All of the actions you’ve mentioned above use the mobile_app webhook to send messages in, so it would be good to know if they are succeeding.
As I wanted to protect my local network / Homeassistant from bad internet intends I added a cloudflare additional „login“ which asks for an email and provides a PIN code to verify the connection. With UI this works without problem, and I can access my Homeassistant. I now assume that the sensor Update connection or in general the app connection for any services to HA is not verified together with the UI, or in other words UI and app services as completely different things from cloudflare point of view and therefore need to be verified separately. For UI this is obviously no problem but for the App services as they obviously don’t show up a login prompt.
I tested it without the additional cloudflare login and then the iPhone sensors directly worked without problem.
Can you strengthen the assumption that it might be two different things from cloudflare point of you with your knowledge of the Apps code?
Then maybe the only solution is that I think about if I want to remove the additional security/login layer. But would be open for ideas.
Actually I there is the concept of Service Tokens (Service tokens · Cloudflare Zero Trust docs) for automated access of services. But I am not into this things, so maybe this is not a general concept and only a solution from cloudflare.
If it is general concept it might be a solution to secure „publicly available“ (via a domain name) Homeassistant instances.
Earlier I had not scroll down enough to reach the section : “Exposing Webhook” - after doing that, things got to work
Still not sure why I couldn’t find any error in Companion app and with HA logs in INFO mode.
[NOTE] In case of a vulnerability in the webhook, you should limit the access, for example allow only the AS# of your cellular provider and specific user-agent. I’ll do more tests and update this post.