Hey everyone,
I recently installed Tailscale to remote access my HA - it works great but it sucks that I’ve got to install the tailscale app on each device I want to access HA from.
I know there’s Tailscale Funnel that let’s anyone access your HA via a public URL without requiring the app. I’ve been struggling to set this up. Has anyone succeeded with this? Would greatly appreciate your help.
Thanks.
I think there’s a more simple approach to this by using cloudflare and you have a domain name.
setup cloudflare within HA link
very simple to follow guide.
then configure access policies to control who can reach your Home Assistant http://ha.yourdomain.com for example. another good guild to that here
Thanks, yes I’ve used Cloudflare before. I want to avoid paying for domains dedicated to HA. The one that I purchased on GoDaddy for almost $2 last year is now $150/year!
I have another domain that hosts my website that I’d like to use with Cloudflare using a sub-domain name (eg. subdomain.domain.com and not domain.com) - not sure if Cloudflare would allow that.
My entire goal of moving to Tailscale is to use custom sub-domain names to connect to HA instances remotely. I want to give Tailscale a shot and if that doesn’t work then it’s Nabu Casa all the way, because they let you use your own sub-domain.
you can indeed use sub domains.
I do exactly that for a number of resources
Oh wow ok. I’m going to look this up. Would super appreciate if you could point me to resources that explain how
Here’s the complete guide: How to set up Tailscale Funnel to securely access Home Assistant from anywhere for free
This thread was the second result on google for “how to set up tailscale funnel with home assistant”, even though my answer was originally intended to answer how to set up multiple subdomains with Tailscale funnel. So for the convenience of everybody I expanded it into a proper guide and moved it thither.
Thanks @parhelion for this steps guide. It seems super clear, so going to try this. To be clear, this means that anybody to whom I share the funnel link will now be able to access HA without being connected to the Tailnet?
yes, that’s the case. They will still need to log in, though.
Thanks works perfectly!
Hi, I have just set this up, but wanted to understand how secure is this? Conscious that HA can be accessed by a URL from a device without that device being connected to the tailnet…
Great from a usability perspective as there is no need to connect to the tailnet, but does this open up any concerns from a security perspective. Appreciate they still need to log in anyway! Trying to understand how this is more secure than opening up a firewall port on the network - which i am sure it is!
Thanks for the question, I’m sure many people are curious about it.
If you open a firewall port on the network, any device that is on your home network becomes accessible from the internet. And most devices on your network (Wi-Fi connected appliances, sensors, cameras, robot vacuums) are very insecure and are vulnerable to attacks, even if your HA device might not be. This is just the unfortunate reality today.
With Tailscale funnel however, it’s only Home Assistant that is exposed to internet:
This is IMHO a near-flawless level of security. The only thing exposed to the open internet is the Home Assistant login page, which I trust the developers to keep secure.
Don’t forget to use strong auto-generated passwords securely stored for your HA user logins.