I am very new to homeassistant, if i follow this guide, will I be able to send commands via homeassistant to my Google nest to play a particular song etc??? e.g. play songs by Bryan adams
Doesn’t work for me either. Have you found a solution?
Is this still a valid solution?
Is there someone that can help us? I followed the guidelines putting also the rule on WAF (even if I had no rules) without success… The procedure ends with a 404 o 429 errors.
I had great luck with this Reddit… after I figured out how to input info into Origin Rules. Reddit - Dive into anything
In Cloudflare create a new Custom WAF rule, (Security → WAF) paste this code (is from this Reddit post) :
(ip.src in {8.8.4.0/24 8.8.8.0/24 8.34.208.0/20 8.35.192.0/20 23.236.48.0/20 23.251.128.0/19 34.64.0.0/10 34.128.0.0/10 35.184.0.0/13 35.192.0.0/14 35.196.0.0/15 35.198.0.0/16 35.199.0.0/17 35.199.128.0/18 35.200.0.0/13 35.208.0.0/12 35.224.0.0/12 35.240.0.0/13 64.15.112.0/20 64.233.160.0/19 66.102.0.0/20 66.249.64.0/19 70.32.128.0/19 72.14.192.0/18 74.114.24.0/21 74.125.0.0/16 104.154.0.0/15 104.196.0.0/14 104.237.160.0/19 107.167.160.0/19 107.178.192.0/18 108.59.80.0/20 108.170.192.0/18 108.177.0.0/17 130.211.0.0/16 136.112.0.0/12 142.250.0.0/15 146.148.0.0/17 162.216.148.0/22 162.222.176.0/21 172.110.32.0/21 172.217.0.0/16 172.253.0.0/16 173.194.0.0/16 173.255.112.0/20 192.158.28.0/22 192.178.0.0/15 193.186.4.0/24 199.36.154.0/23 199.36.156.0/24 199.192.112.0/22 199.223.232.0/21 207.223.160.0/20 208.65.152.0/22 208.68.108.0/22 208.81.188.0/22 208.117.224.0/19 209.85.128.0/17 216.58.192.0/19 216.73.80.0/20 216.239.32.0/19} and ip.geoip.asnum eq 15169 and http.host eq "ha.example.com:1234" and http.request.uri.path eq "/api/google_assistant") or (http.request.uri.path eq "/auth/token")
Remember to replace the ha.example.com:1234 with your host and port #.
In “Choose action” select “Skip” and choose all the WAF components to skip (expand also the “More components to skip”).
1 Like
tried this still doesnt work
what do you mean with "replace the HA.example.com:1234
we are all changing the it to something like homeassistant.mydomain.com.
Still add the ports ?or do it without ? and shouldnt it be HTTPS??
or should it be the internal http://internalipadress:8123 ??
ever since my home assistant has been restored cloudflared is driving me nuts. cant repair this part.
i see it sometimes doing this skip.
But on my phone it instantly blocks
This worked in my case aswell. It’s important to notice, that the block countries rule comes in second and the google asn skip is in first place! I got them flipped first.
Thanks so much.
I got back to this a few days ago and finally got it working.
I tried many solutions from Google Home: Could not reach [test] myapp. Please try again - #49 by Zoomtronic but none of them would work.
What ended working for me in the end was to recreate the project in google (probably unnecessary) and temporarily go back to directly exposing the HA https interface on port 443 using NGINX SSL Proxy (Or NGINX Proxy Manager) and a port forward. I set this up and then created a new project on the google side and after following the steps I finally got a prompt to login through the google home app.
After this, I switched back to cloudflared and its been working fine since. I feel like there was something in the cloudflared configuration that was resulting in the timeout message, I didnt see anything obvious (checked WAF etc as mentioned above), either that, or I got lucky and it just happend to work this time around.
Since setup, i’ve had no issues, my IP has changed, I am only using cloudflare tunnel for access and HA has been restarted.
mTLS is a huge upgrade. Just install certificates on desired devices and block everything except traffic from these devices and the Google ASN.
mTLS isn’t compatible with the iOS app though, right? Otherwise, this would definitely be my goto approach as well.
I totally agree with you. If I activate IP’s or geolocation in the Cloudflare tunnel, Google Home services do not work. If you can explain a little more or make a project of how you have set up Nginx ssl Proxy for 443, I would appreciate it. Thank you
this doesn’t seems to work for me.
I see first message that link is established but then after a while i see another message (error. please try again later).
Any hint?
This is working well for Google Assistant:
Expression Preview
(http.request.uri.path contains "/api/google_assistant" and ip.geoip.asnum eq 15169) or (http.request.uri.path eq "/auth/token" and ip.geoip.asnum eq 15169) or (cf.tls_client_auth.cert_verified)
By using URI filtering you get only legitimate GA requests not google search bots etc.
The rule order looks like:
1 Like
it worked!
What the second rule does?
in my case, the issue about error 404 it was related to the authorization URL. Was missing /authorize at the end.
I have followed all the steps in the integration guide and the post above, but I am always getting a “Cannot reach [test] myapp” error when trying to link google home.
I have the WAF rules from here https://community.home-assistant.io/t/how-to-connect-google-assistant-using-the-cloudflare-tunnel/545574/23 and I am able to access my external url from the HA app and outside network.
I tried disabling the WAF rules altogether, but it still doesn’t work. I do have access rules setup for some emails and the one here https://community.home-assistant.io/t/howto-secure-cloudflare-tunnels-remote-access/570837.
My configuration.yaml lines are as follows:
google_assistant:
project_id: my_project_id
service_account: !include SERVICE_ACCOUNT.JSON
report_state: true
expose_by_default: true
I get 405: method not allowed when I try to access my /api/google_assistant and /auth/token from both my external and internal url.
Do I just need to wait for some time or is there something I am missing?
I think it was because of the access rules. I can link it if I disable access rules completely
Where exactly should I set this? I’ve clicked through the entire cloudflare panel but don’t see anything similar. Did I miss something or has cloudflare changed the interface?