I use docker, so I cannot install the cloudflared plugin. AI suggested me to do this:
version: '3.8'
services:
homeassistant:
# ... your existing home assistant config ...
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=YOUR_TOKEN_HERE # Paste the token from Step 1
I would like to know how safe this is. If I understand, it will expose localhost:8123 to anyone that knows my subdomain, which is public. I think I can add a /path to cloudflare, with some hidden token that only I know. It will then show homeassistant as HTTP or HTTPs? If https, will it be signed by cloudflare?
Then I need to allow reverse proxies:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.16.0.0/12 # Allows default Docker networks
- 192.168.1.0/24 # ??? is this needed?
Is there something more I need to do?