What ended working for me in the end was to recreate the project in google (probably unnecessary) and temporarily go back to directly exposing the HA https interface on port 443 using NGINX SSL Proxy (Or NGINX Proxy Manager) and a port forward. I set this up and then created a new project on the google side and after following the steps I finally got a prompt to login through the google home app.
After this, I switched back to cloudflared and its been working fine since. I feel like there was something in the cloudflared configuration that was resulting in the timeout message, I didnt see anything obvious (checked WAF etc as mentioned above), either that, or I got lucky and it just happend to work this time around.
Since setup, i’ve had no issues, my IP has changed, I am only using cloudflare tunnel for access and HA has been restarted.
I totally agree with you. If I activate IP’s or geolocation in the Cloudflare tunnel, Google Home services do not work. If you can explain a little more or make a project of how you have set up Nginx ssl Proxy for 443, I would appreciate it. Thank you
Expression Preview (http.request.uri.path contains "/api/google_assistant" and ip.geoip.asnum eq 15169) or (http.request.uri.path eq "/auth/token" and ip.geoip.asnum eq 15169) or (cf.tls_client_auth.cert_verified)
By using URI filtering you get only legitimate GA requests not google search bots etc.
Where exactly should I set this? I’ve clicked through the entire cloudflare panel but don’t see anything similar. Did I miss something or has cloudflare changed the interface?
Where/how did you disable the access rules? I’m out of ideas with what I can try now.
Previously I had Google Assistant working with duckDNS, but after I migrated to the Cloudflare solution I tried to redo the entire Google Assistant setup, but I just won’t work!
I’ve followed the steps in the thread’s initial post. I’ve recreated the project and actions in Google Console from scratch, using English as language and entered all the details that are needed for it to work.
I’m able to access Home Assistant remotely and I can curl /api/google_assistant and /auth/token and I get a "405: Method Not Allowed" response back.
But when I try to test/simulate the action on console.actions.google.com I only get a “We’re sorry, but something went wrong. Please try again.” when I ask the assistant something.
When I try to add the Home Assistant devices in the Google Home app I selected "[test] My App" and initially I get a message saying the link is successful, but then it continues to load and eventually I get a “Something went wrong. Please try again” message.
I’ve tried to add rules on Cloudflares in the section “Security > WAF > Custom rules”. The ones that @paulka007 listed here, what @mbe used here, and what @Arduxxxx posted here. But none of the variants make any difference when I add them to Cloudflare, same issue and errors.
Does anyone have any advice what I could try or what could be wrong? I’m using iOS by the way.
I’m the exact same. I had Google assistant working from when I used DuckDNS but once I moved to Cloudflare, I was no longer able to sync new devices but could use existing devices. I tried a number of times to get it working with Cloudflare but did but succeed.
I have recently added some more devices I want to be able to control through Google assistant so had another look and even deleted the whole Google project to start again.
I am now left with the situation that I can get as far as logging in with my home assistant credentials in the Google Home app but get the “Cannot reach [test] myapp” as seen by others.
It is very frustrating as I now have lost the ability to control all my devices through Google assistant.
I’m in the same situation. I used to use DuckDNS but occasionally got responses to voice commands saying the Home Assistant could not be reached. So I implemented NGINX which worked fine for remote access but still got the same error. Having been through all the threads on this problem I decided to use Cloudflared so I now have my own domain which again works perfectly for remote access but I can’t link Google Home at all now.
I’ve recreated the project from scratch (with new name) on 4 or 5 occasions now. I have been through the latest iteration with a fine toothcomb and checked that the project name and server name in the SERVICE.ACCOUNT.JSON and in the /google_assistant_integ.yaml files are correct.
When I use my phone to link to the new project (through a browser window not the app, as suggested) I choose the new project. The next screen where you put in your username/password, where it says "you are about to give [your project] access to your Home Assistant instance has one of the old project names and I can’t see how to change it.
Oddly, that project still exists in Google Project but it doesn’t appear on Google Assistant as one of my projects (nor do some other attempts), so I can’t select it in the first place. But I have changed all the parameters in Google Project to the correct ones yet it still won’t connect. Obviously there is mismatch of server & project names internally in the two files I mentioned above (also probably a load of other mismatches in internal namings which I can’t see).
At the moment I’m not even sure I can easily go back to my original arrangement - but at least that worked some of the time!!!
I am stuck and have pretty much run out of ideas. Has anyone got any thoughts please?
I’ve tried so many things but still couldn’t solve it.
I configured 2 rules in the WAF to allow reachability of /auth/token and /api/google_assistant.
In the WAF logs I see the correct transit on the 2 endpoints but still the app add [test] goes to error
I am in the “tried everything” group and still getting “could not reach [test]…”
I had this working for almost 2 years prior and stopped working the other day so started fresh and followed almost every option here and same issue. Final option is nginx and port forward. Anyone else have any luck?
