CloudFlare ZeroTrust with HA

Is anyone using CloudFlare ZeroTrust services? It’s a very simple service and 100% allows me to connect to my HA using a single domain without having to open my home port 80/443. However, having some problems with Cloudflare cache which does not allow my New photo CCTV capture to be sent to my browser nor Telegram. Maybe someone here know how to solve it?

1 Like

Check this out: New Add-On: Cloudflared

1 Like

I don’t need the addon because a simple docker can easily open up the link between the home network to Cloudflare. My current problem is that cloudflare cache my public link which has the photo captured by my front CCTV and by doing so, every time my doorbell is activated my CCTV new photo did not get sent to my telegram as notifications. instead, I just got the old picture. When I replace it with NGINX proxy then the picture did get updated.

Try turning off all caching and offline features. You have to create a page rule to do this. Log into Cloudflare, goto the domain you’re using, then goto Rules.
Create a rule like the following:

URL: *.domain.com/*
The add the following options:

  • Browser integrity check OFF
  • Always online OFF
  • Cache level BYPASS
  • Disable Performance

Save and then goto Caching tab, then Configuration, and “Purge Everything”

See if that helps.

Alright got it… thanks, man. BTW do you know if I can redirect example.com to www.example.com? or do I have to make 2 references for it in a tunnel? and one more thing… did you stream your cctv too? maybe you can help me with this problem too? Thanks man

I have never done it, but I believe you can do that in page rules as well. Another tunnel entry would do the same thing I guess. I’m not sure.

Not sure I can help with the camera streams either. I dont stream any through Home Assistant. If the camera streams dont come through at all, I would guess you might need a bypass rule in Cloudflare for the camera stream url (I dont know what that is though). If the stream is coming through, maybe you could try some of the other tunnel options like disabling chunked encoding. I have no idea if it would work, but it worked for me on an entirely different app I exposed through CF Tunnel.

alright… thanks so much for the help

I’m accessing my HA instances in the same way, but I cannot get the companion app working, because authentication fails when using an identity provider like google to secure the access to a limited user base.

Any ideas?

Everything is connected, but can’t find anywhere the option to use auth_header. That de userid is submitted by Zero Trust to Home Assistant. Then you don’t need to authorise for the second time. Like with Traefik/Authentik setup.

@irqnet Did you manage to solve is somehow?