I using HA locally unsecured, and reaching it remotely using the Cloudflared addon (GitHub - brenner-tobias/addon-cloudflared: Connect remotely to your Home Assistant instance without opening any ports using Cloudflared.) which works great and securely and I love for 3 years now.
Nowdays I try to get away from google and I’ve set up voice, but the downside is this way I can only use it via the cloudflare with all my devices (mobile, browsers).
I can also create local certificates and connect to HA securely but in this case cloudflare does not work.
I would really prefer to use HA locally whenever possible and use the cloudflare tunnel only when I am not at home, but I cannot figure out a way to do so.
Is there a way to use Cloudflare tunnel and a secure local connection at the same time?
In order to see if a connection is secure the browser or app just check that the domain name you are connecting to is the same as the one presented in the certificate.
That means you can have multiple different ways in to a server as long as you just type the certificate contains the same domain name in its list as you are connecting to.
What you need here is called splitDNS.
SplitDNS is when you are running your DNS service internally that internal device use and that will reply with internal addresses to lookups.
Internally you can use the NGINX Proxy Manager addon with a wildcard certificate from Cloudflare, along with local DNS (eg pihole). This is fine for a browser as DNS is only cached for 5 minutes, but will not necessarily work for other applications. Don’t use it for the Companion App. For example you can set up ha.example.com that works internally and externally for browsers, and ha-int.example.com and ha-ext.example.com for the companion app.