Can't connect to my HA remotely by using a cloudflare tunnel (novice to the bone user)

Hello all.
I’m going to try explaining my situation. But as mentioned in the title, most of the time I have no idea what I’m doing. All this linux, docker, home assistant is new for me.

I have a ISP modem that is connected to my usg unifi router. the range ip between those two is where my usg has the ip address
I have created a network on my usg unifi to connect my home devices.
On this network I have a beelink mini pc on a static ip address
I installed an ubuntu server on it and used the install guide of home automation guy to install docker, home assistant docker and portainer on it. So far so good, all this is working fine.

As you can see, I also installed cloudflared-tunnel on docker. I can see that the tunnel is active and I can ping my domain from my linux server.

But when I try to connect I get the bad gateway error 502 from cloudflare page.
This is the error I find in the homeassistant log:

2023-03-16 16:46:10.428 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
File “/usr/local/lib/python3.10/site-packages/aiohttp/”, line 332, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File “aiohttp/_http_parser.pyx”, line 551, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message=“Bad status line ‘Invalid method encountered’”’

This is the log of my cloudflare tunnel:
2023-03-16T16:46:10Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: tls: first record does not look like a TLS handshake” cfRay=7a8e78830d4f2e02-BRU ingressRule=0 originService=
2023-03-16T16:46:10Z ERR Request failed error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: tls: first record does not look like a TLS handshake” connIndex=3 dest=http://( my domain is filled in here but removed it) /favicon.ico ip= (removed this also) type=http

I tried to find some help online on google and even chat-gpt, but I am turning the last 3 days in circle’s.

This is my HA config, all the # is what I tried, but without succes

#cloudflare test 2
 #  external_url: https://(removed)

#cloudflare test
#  use_x_forwarded_for: true
#  trusted_proxies:
#    -
#    -
#    -
#Add Container User Interfades to Navigation Menu
    title: "Portainer"
    url: ""
    icon: mdi:docker
    require_admin: true
# Loads default set of integrations. Do not remove.

# Load frontend themes from the themes folder
  themes: !include_dir_merge_named themes

# Text to speech
  - platform: google_translate

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

I even ad my netplan config file:

        search: []
      - to: default
  version: 2

This is my dockercompose config:

version: '3.0'

    container_name: portainer
    image: portainer/portainer-ce
    restart: always
      - "9000:9000/tcp"
      - TZ=Europe/London
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/portainer:/data
    container_name: homeassistant
    image: ""
      - /opt/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true
    network_mode: host
    container_name: cloudflared-tunnel
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
      - TUNNEL_TOKEN=token is correct but removed it for security

I tried to add the integration of cloudflare in HA docker, as most guides are talking about an addon ( can’t use it because not HA os) created an api token with zone:zone:read and zone:dns:edit, I can chose my domain, but no record, as there is no A record created but only a cname.

I realy have no idea what to do anymore. I have read so many forums, but can’t find something that is related to my issue. I hope some of you have an idea what I’m missing…
My appologies for my bad spelling/language and noobisme. Thanks in advance.
(sorry for the messy layout, had took all images, but as a new user I can only add 1 image)

Have you disabled cert verification in the TLS settings (where you define the hostname in the cloudflare tunnel config).

I did not, I will check this as soon as I can to see if that fix the problem. Will try in the mean time to see how to work with ssl/tls :slight_smile: Thanks for the quick reply

just an update for people with the same issue:
Disable TLS seems not be the sollution, keep getting the same error.
I added an iptable on my linux to forward traffic from my cloudflare container to my homeassistant.

sudo iptables -A FORWARD -i docker0 -s -d -p tcp --dport 8123 -j ACCEPT

Also added the following in my config of HA

  use_x_forwarded_for: true

when I use http as a service I can now connect remotly.
Going to catch some reading now how to set up my ssl/tls with let’s encrypt in docker :smiley:

1 Like

You may want to check my post here where I finally got HA and Vaultwarden (Bitwarden) Password Manager both working locally and remote.using HTTPS SSL/TLS via Cloudflared Tunnels and Caddy 2 Proxy Server