I feel like I’m so close and I’m just missing one setting. I’m behind a CGNAT and so I’m trying to get remote access to my HA Core dashboard. I’ve setup a host name on freenom. I’ve created a Cloudflare Zero Trust account. Built the tunnel on cloudflare, installed cloudflared on docker and my tunnel shows active on the cloudflare side.
Now when I go to the url, I get a 400 bad service request. I read that this was because I had to add a proxy to the HA yaml. So I added the proxy and now my message changed to 404:Not Found. So now I’m stuck. Anyone have any other advice?
Adding in my docker compose section for HA and Cloudflared:
homeassistant:
container_name: homeassistant
image: lscr.io/linuxserver/homeassistant:latest
network_mode: host
# ports:
# - 8123:8123
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DOCKERCONFDIR}/homeassistant:/config
restart: unless-stopped
tunnel:
container_name: cloudflared-tunnel
image: cloudflare/cloudflared
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN="my actual token here"
networks:
default:
external:
name: homeassistant
The lines added to my HA configuration yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.19.0.0/16
Logs from Cloudflared
2022-12-16T16:41:43Z INF Starting tunnel tunnelID= ******
2022-12-16T16:41:43Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
2022-12-16T16:41:43Z INF Version 2022.11.1
2022-12-16T16:41:43Z INF GOOS: linux, GOVersion: go1.19.3, GoArch: amd64
2022-12-16T16:41:43Z INF Settings: map[no-autoupdate:true]
2022-12-16T16:41:43Z INF Environmental variables map[TUNNEL_TOKEN:*****]
2022-12-16T16:41:43Z INF Generated Connector ID: *******
2022-12-16T16:41:43Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
2022-12-16T16:41:43Z INF Initial protocol quic
2022-12-16T16:41:43Z INF ICMP proxy will use 172.19.0.3 as source for IPv4
2022-12-16T16:41:43Z INF ICMP proxy will use :: as source for IPv6
2022-12-16T16:41:43Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error="Group ID **** is not between ping group 1 to 0"
2022-12-16T16:41:43Z WRN ICMP proxy feature is disabled error="cannot create ICMPv4 proxy: Group ID **** is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied"
2022-12-16T16:41:43Z INF Starting metrics server on 127.0.0.1:38216/metrics
2022/12/16 16:41:43 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022-12-16T16:41:43Z INF Connection ***** registered with protocol: quic connIndex=0 ip=**** location=SEA
2022-12-16T16:41:44Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"mydomainname.tk\",\"path\":\"HA\",\"service\":\"http://192.168.1.69:8123\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=1
2022-12-16T16:41:44Z INF Connection **** registered with protocol: quic connIndex=1 ip=*** location=LAX
2022-12-16T16:41:44Z INF Connection **** registered with protocol: quic connIndex=2 ip=**** location=SEA
2022-12-16T16:41:45Z INF Connection ****** registered with protocol: quic connIndex=3 ip=***** location=LAX
2022-12-16T16:46:02Z INF Updated to new configuration config="{\"warp-routing\":{\"enabled\":false},\"ingress\":[{\"path\":\"HA\",\"service\":\"http://192.168.1.69:8123\",\"hostname\":\"mydomainname.tk\",\"originRequest\":{}},{\"service\":\"http_status:404\"}]}" version=2
Ultimately, I end up here and I don’t know what else to do: