!See next comment for Zero Trust Dashboard based configuration!
@wwwescape - Did you manage to get the docker image working? Thanks to your tip I managed to get it working. I tried the zero trust dashboard way of configuring first but when that didn’t work I created a named tunnel using CLI and then used that as the config for the docker image. I think it should work with the zero trust way as well but didn’t have time to try again. Here’s what I did
- On a separate machine (I am running Pi 3 so I couldn’t run CLI on the PI), installed CLI and created a tunnel
Note: mytunnel is the name I used for the tunnel. This can be anything.
cloudflared tunnel login
cloudflared tunnel create mytunnel
-
The login command creates a cert.pem and the create command creates a tunnel and installs a tunnel credentials file locally.
-
Copied the cert.pem and the tunnel credentials file to the pi into a folder (this folder will be mapped to a docker volume). Folder Name I used: cloudflared
-
Created a config.yml file in the same folder
tunnel: <<tunnel_id>>
credentials-file: /etc/cloudflared/<<tunnel_id>>.json
ingress:
- hostname: <<domain_name>>
service: http://<<hass_ip>>:<hass_port>>
- service: http_status:404
- docker-compose config
version: '3'
services:
cloudflared:
image: erisamoe/cloudflared
restart: unless-stopped
volumes:
- ./cloudflared:/etc/cloudflared
command: tunnel run mytunnel
network_mode: host
- home-assistant config
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.0/24
Caveats
- I couldn’t get this working with HTTPS on the home-assistant instance. I think it is just a syntax issue with using noTLSVerify. This post might help fix it: https://community.cloudflare.com/t/cloudflared-ignores-notlsverify-option/233448/4
- I couldn’t get this working with a tunnel created in the Zero Trush Dashboard as I couldn’t figure out how to create the credentials file.