CloudFlare Argo

Another thought: if it works when you run the command manually, but not in the add-on, its possible you are using two different keys.

An additional thing to look at: the add-on uses the config file form of the command, you can try emulating it to find the problem. Here’s what it looks like in the code:

cloudflared --origincert=${certificate} tunnel --config=/config/cf-argo/config.yml run
1 Like

I run Home Assistant container on a Debian VM and have it working with Cloudflare Tunnel (used to be Argo). I moved to this a few months back after some of the older non-Cloudflare maintained containers stopped working properly without workarounds.

Here are some basic instructions on how I got it working. There are probably easier ways, but throwing this out there in case it points someone in the right direction. This does not cover setting up Cloudflare Teams / Access rules. It only gets the tunnel working.

On any computer, install cloudflared, login (to get a cert.pem file), and create a tunnel (to get a .json). This only needs to happen once and you can use the login (cert.pem) to manage your tunnels (create/delete). The tunnel file and a config are really the only files you need on your Docker machine.

Create Tunnel

Pay attention to where your .json file lives. You will have to move it to your server. It will look something like this:


On your Docker host, make a folder for the docker container, in my case this is /srv/docker/cftunnel

Move your tunnel json there and create a config.yml.

Inside /srv/docker/cftunnel:

  • config.yml
  • 12345678-1234-1234-1234-123456789012.json


tunnel: 12345678-1234-1234-1234-123456789012
credentials-file: /etc/cloudflared/12345678-1234-1234-1234-123456789012.json

  - hostname: ""
    service: http://<machine ip>:8123
  - service: http_status:404

Note: Dont use the docker container name in place of local ip. Since Home Assistant container usually runs in host mode, you have to specify the local machine ip. Also note that Cloudflare tunnel will not route to a host outside of the local machine, so it has to be installed on the same machine as Home Assistant.

docker-compose.yaml entry - I call mine cftunnel

    container_name: cftunnel
    hostname: cftunnel
    image: cloudflare/cloudflared
    restart: unless-stopped
      - /srv/docker/cftunnel:/etc/cloudflared
    command: tunnel --config /etc/cloudflared/config.yml run 12345678-1234-1234-1234-123456789012

Start your container with docker-compose up -d. Check log output to make sure it started correctly.
Final step, make a CNAME entry on Cloudflare to point to the tunnel.
There are multiple ways to do this:

Access your Home Assistant instance from

This doesnt make dynamic tunnels like some of the other containers out there, but you do have a lot of flexibility in the config.yml to create additional ingress rules for other services on the same machine if you like (SEE HERE). Anything on a different machine requires a new tunnel (and associated .json file).

I followed your tutorial but I have 400: Bad Request, this seems related to HA when accessed from a external http/https address. Do you had the same problem?

This HA log:

A request from a reverse proxy was received from, but your HTTP integration is not set-up for reverse proxies

10:03:31 – (ERROR) HTTP

Solved adding in configuration.yaml

use_x_forwarded_for: true

@Tony2k sorry didn’t see this, that setting is part of the instructions.

Closing this down now.

GitHub - brenner-tobias/addon-cloudflared: Connect remotely to your Home Assistant instance without opening any ports using Cloudflared. has come a long way and is way better to use: