I’m willing to update the article with anything you feel may help. Can you give a few more details on what was missed, and how you think the article could be updated to make things more clear? I appreciate the feedback.
I wanted to say thanks for this detailed process it helped me a lot!!
Also wanted to highlight for those without HAOS that it still works without the HA Cloudflared addon, I manually configured the Cloudflare tunnel (Docker version of it) and following this amazing document I made it work on web browser and Android mobile app, sadly I still struggling with iOS (because it’s iOS) as it does not seem to recognize the certificate…I still reading around, agian sir, big thanks!
Same here!!! I did not find this until a lot of time later and then felt so dumb, I guess it’s good not to be the only one tho
1 Like
Can someone awnser this? On my PC I still have an old certificate. It’s already revoked in Cloudflare. But if I use it on ha-app.mydomain.com then I still get to the login screen. If I don’t select a certificate then I get blocked. But looks like I still can select any certificate to go to the login screen. How is that possible? My security rules says this with action “Block”:
(not cf.tls_client_auth.cert_verified and http.request.uri.path in {“ha-app.mydomain.com”})
Hi, I think it is a bit deprecated with the updated cloudflare interface.
For example, I didn’t see “groups” in cloudflare, only policies.
Another note is that since I’m using cloudflare for the main (and not sub) domain in my public blog, I avoided set the mTLS rule because I think it will block my users in my public domain.
1 Like
Hi,
I’m really struggling with this and would love some insight from those more versed.
After I updated home assistant core and OS I stopped being able to access HA externally through my cloudflare tunnel. I found this guide and have set up cloudflare to the settings I was able to given the difference in interface that cloudflare has now.
I’m at the point where I can access the cloudflare zero trust code page, it emails me a code, i enter it and it redirects me to the HA login page, however clearly not all of the page is loading as it looks like this:
I have faith that whatever is causing this is causing the app to not work.
Anyone have any ideas?
Thanks
for reference the HA login page when accessed through the internal network address looks like this:
as a new contributor I can only post 1 media per post
To also block revoked certificates you should add that to the condition.
Something like this would do:
((not cf.tls_client_auth.cert_verified or cf.tls_client_auth.cert_revoked) and http.request.uri.path in {“ha-app.mydomain.com”})
It’s now the “Rule Groups” subheading under “Access”, right after “Policies”. This tripped me up for a while too.
Thanks for the screenshot. 
I have spent the last 3 days trying to get it to work. But it never asked me for the certificates. After I disabled the option it works fine now. 
THANK YOUUUUU 
You are a life saver! This was the missing piece for me. Thank you.
I have been running this setup for like 6 months without issues, except with separate docker container instead of the addon. Sometimes when I launch the app, it looks like this.
But after using the retry option, it works fine again. This happends like once a day or so. Any ideas? Maybe some timeout or something?
1 Like
I’ve noticed it has started happening to me as well. So far, I have not found a solution, but I haven’t tried very hard either. I’ll post an update here if I find anything.
3 Likes
Same problem here. I have tried reinstalling everything, but nothing seems to work.
1 Like