Cloudflare tunnel and local access

Configuration
1

So I followed this guide on setting up a Cloudflare tunnel with my only change being setting it it up for a subdomain. Works very well. Having previously had DuckDNS with SSL, I can now access my HA remotely without any ports open. And being in a location where routers get fried due to lightning a few times a year, it’s useful not having to open ports as I am not there much of the time.

But I digress. My issue is with local access, I still had this in my configuration.yaml from when I used DuckDNS:

http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

This shouldn’t be needed with Cloudflare tunnel, but as soon as I deleted it I could no longer access HA. Put it back in and HA via subdomain works again but local via Android app does not, as there is no valid security cert. I can override this for local access via https on browser but not in the app, unless I access via subdomain even when on the local network, which is not ideal.

Does anyone know what I have done wrong or how I can get local access working again for the app?

There is another guide I read I didn’t follow for Cloudfare tunnel setup, but it requires port opening, it states the connection between Cloudfare and HA is not secure, is this correct for the guide I followed? I assume not given I didn’t need any ports open…

2

I’ve got exactly the same issue. Did you ever find a fix?

3

I did, but can’t remember how. I just read more guides. Sorry, just saw the post. Did you fix it? I am having other cloudflared issues though.

4

Now fixed, and I thought I’d specify what I did for anybody else having the same issue. You’ll need to be on your local network accessing via your local https://IP:8123

  1. Go to the Cloudflared add-on, configuration, edit in YAML, copy the YAML into somewhere so you’ve got it for later
  2. Uninstall the add-on
  3. Go to your code editor of choice, and in the configuration.yaml file you need to delete the ssl_certificate and ssl_key lines. Save
  4. Restart home assistant
  5. Go to Cloudflare site itself. Click Access in the left hand menu. Launch Zero Trust
  6. Go to Networks/Tunnels on the left hand menu
  7. You should see your tunnel listed. Click the 3 dots at the end of the row, and delete. You’ll get some warnings which you need to accept.
  8. Go back to home assistant, but you’ll now need to use http://IP:8123 (note not https)
  9. Reinstall cloudflared add-on
  10. In configuration, edit in YAML, and paste your config you saved earlier
  11. Start the add-on and give it a few seconds.
  12. Go to the logs. You should get instructions for copying a url to authorise your new tunnel. Do that and confirm on the Cloudflare site
  13. Go back to HA, and your Cloudflared logs should switch shortly to confirming the new tunnel, and you’re all done! Your local access is now http, and external is all https.
1 Like
5

You are a LEGEND for this write-up. Thank you!

6

I don’t get it - you’re saying basically remove the tunnel and then re-install it? And that fixes the problem? How does that happen?