Hello,
I followed the above guide along with the different comments but I am still unable to use this.
Trying to debug it piecewise, starting with the web access.
I get the following screen when accessing ha.mysite.net
Help please.
There are multiple Step 5s.
Which section are you referring to?
That’s the screen you are supposed to see. That’s Cloudflare securing your app.
Set up Cloudflare Application Authentication to get to HA.
Section: Set up Cloudflare access for the HA Companion App and HA Web GUI. - Step 5
Because you want to make sure the app (as opposed to the web GUI) is using the cert you specify, not just “any” cert. The idea is to protect the HA install from being seen from the internet without first passing through Cloudflare. Doing this with the web UI is easy. Getting the app to do it is hard. Setting up the app to use Cloudflare without also screwing up the web UI requires a very specific set of configurations. This is just away I got it to work. Perhaps one day the app will support Cloudflare auth, and all this will become a moot point. Currently though, this is the only way I am aware of to make both work at the same time.
Strange. I only use mTLS cert with mTLS rules and it works well for both android app and web access from PC. On PC web gui, you’ll get a prompt to select the mTLS certificate every session. On the android app, you’ll get the prompt once on set up.
Does it require that you install a cert on the PC, as well as the app?
Yes I have the cert on both the PC and the android phone
I guess the difference is I would rather rely on Cloudflare auth for the PC without the need for a specific private cert. Meaning I can log in from anywhere on a PC as long as I have authenticated with Cloudflare. If I’m at my mom’s house for example I don’t want to have to install a certificate on her PC first to access my HA instance. I just want to hit the URL and have Cloudflare to its thing.
The HA app is not compatible with Cloudflare auth (yet), so a cert is needed if you wish to also use Cloudflare with the app.
So yes, you are correct in the you don’t have to do anything after step 5, if want to use a private cert for everything, however this article is about getting the app to work with a cert, while still allowing the web gui to use Cloudflare without the need for a manually installed private cert on a PC.
1 Like
Really appreciate the well written guide.
Perhaps it’s just me missing something, but I could not select the necessary option from the Selector field when adding a group.
Are you sure you uploaded a certificate to Cloudflare? It may not come up until you do.
If you mean ‘upload a certificate to Cloudflare’ by following steps 1 to 4 (Generate public and private keys), then yes I’ve done that and rechecked that the certificate is active.
@skykingjwc Thank you very much for writing this guide! Got my HA up and running on Cloudflare Tunnel in 1 evening’s work.
The only thing which tripped me up was in Step 5 for the Web GUI Application, Cloudflare enforces “Create additional rules” (can’t leave it blank). I had to include emails to only my email address to be able to save the application policy.
Hi, i’ve follow the guide, but with browser I can access to my instance of home assistant, but when I try to open the app, I receive an error that say " the certificate is not yet or is no longer valid, install a new credential on the phone and try again" without any possibility of choice which certificate it must use. What can I verify? I’m sure the certificate create on cloudflare is the only installed on phone.
can anyone help me?
One question. Should we setup local tunnel or remote tunnel? Or do both work?
Good tutorial, but unfortunately due to conflict of interests, iOS users are not able to use this way to protect their setups while allowing external access without paying for it.
There was a discussion on the PR:
And it moved to this topic, but it will probably be ignored:
Unfortunately, seems that community pressure will not work with this conflict as it involves Nabu Casa
Hi! Does that mean I won’t be able to access HA in my ios app with this method?
Hi, thanks a lot for your guide. It helped a lot.
But why do you need a WAF rule ?
I created 2 applications on cloudflare, one for web access with cloudflare PIN authentication and one for home assistant android app with certificate authentication and it’s work great. Doesn’t need a WAF rule. The only thing I had to do is to configure the access policy for web access to authorize only my mail.
Hopefully a question with a simple answer.
I have an iOS phone with a cloudflare tunnel through the Cloudflared addon that all works well.
My wife however has an Android phone!!!
Is there anyway to run the above setup in parallel with what I have existing there for iOS?
Thanks,
Are you sure you are running the IOS App through Cloudflare. As far as I know that’s not currently possible, at least not with Cloudflare Auth enabled.