I run Home Assistant container on a Debian VM and have it working with Cloudflare Tunnel (used to be Argo). I moved to this a few months back after some of the older non-Cloudflare maintained containers stopped working properly without workarounds.
Here are some basic instructions on how I got it working. There are probably easier ways, but throwing this out there in case it points someone in the right direction. This does not cover setting up Cloudflare Teams / Access rules. It only gets the tunnel working.
Install
On any computer, install cloudflared, login (to get a cert.pem file), and create a tunnel (to get a .json). This only needs to happen once and you can use the login (cert.pem) to manage your tunnels (create/delete). The tunnel file and a config are really the only files you need on your Docker machine.
Install
Login
Create Tunnel
Pay attention to where your .json file lives. You will have to move it to your server. It will look something like this:
12345678-1234-1234-1234-123456789012.json
On your Docker host, make a folder for the docker container, in my case this is /srv/docker/cftunnel
Move your tunnel json there and create a config.yml.
Inside /srv/docker/cftunnel:
- config.yml
- 12345678-1234-1234-1234-123456789012.json
config.yml
tunnel: 12345678-1234-1234-1234-123456789012
credentials-file: /etc/cloudflared/12345678-1234-1234-1234-123456789012.json
ingress:
- hostname: "homeassistant.mydomain.com"
service: http://<machine ip>:8123
- service: http_status:404
Note: Dont use the docker container name in place of local ip. Since Home Assistant container usually runs in host mode, you have to specify the local machine ip. Also note that Cloudflare tunnel will not route to a host outside of the local machine, so it has to be installed on the same machine as Home Assistant.
docker-compose.yaml entry - I call mine cftunnel
cftunnel:
container_name: cftunnel
hostname: cftunnel
image: cloudflare/cloudflared
restart: unless-stopped
volumes:
- /srv/docker/cftunnel:/etc/cloudflared
command: tunnel --config /etc/cloudflared/config.yml run 12345678-1234-1234-1234-123456789012
Start your container with docker-compose up -d. Check log output to make sure it started correctly.
Final step, make a CNAME entry on Cloudflare to point to the tunnel.
There are multiple ways to do this:
LINK
Access your Home Assistant instance from https://homeassistant.mydomain.com
This doesnt make dynamic tunnels like some of the other containers out there, but you do have a lot of flexibility in the config.yml to create additional ingress rules for other services on the same machine if you like (SEE HERE). Anything on a different machine requires a new tunnel (and associated .json file).