šŸŒŸ New Add-on: Cloudflare Tunnel Client

Share your Projects!
1

:star2: New Add-on: Cloudflare Tunnel Client - Secure Remote Access made simple!

Hello Home Assistant community! :wave:

Iā€™m excited to share a new add-on that makes setting up secure remote access to your Home Assistant instance, and, in general your home servers, incredibly simple using Cloudflare Tunnels!

:thinking: What is it?

This add-on provides a simple, maintenance-free way to run a Cloudflare Tunnel client (formerly Argo Tunnel) directly in Home Assistant. No more port forwarding, no more complex network configurations, and most importantly - no more exposing your home network to the internet!

:sparkles: Key Features

  • :shield: Zero port forwarding required
  • :lock: End-to-end encryption
  • :zap: Simple one-token configuration
  • :robot: Leverage on add-onsā€™ automatic startup and watchdog capabilities
  • :dart: Focused on security and simplicity
  • :moneybag: Uses Cloudflareā€™s free tunnel service

:gift: Why I Created This Add-on

Iā€™ve been using Cloudflare Tunnels to securely publish my websites without opening any ports on my home router, taking advantage of Cloudflareā€™s robust DDoS protection and security features. I wanted to simplify my home network setup by hosting the tunnel directly within Home Assistant, leveraging its built-in features like:

  • Automatic updates
  • Watchdog monitoring
  • Simple configuration
  • Easy maintenance

:dart: Perfect For You Ifā€¦

Youā€™re looking to:

  • Avoid opening ports on your router
  • Get enterprise-grade DDoS protection for free
  • Simplify your remote access setup
  • Enhance your Home Assistant security
  • Reduce maintenance overhead

:rocket: Getting Started

Itā€™s really this simple:

  1. Add my repository to your Home Assistant add-on store:
https://github.com/fredericks1982/hass-addon-cloudflared
  1. Install the ā€œCloudflare Tunnel Clientā€ add-on
  2. Get your tunnel token from Cloudflare
  3. Paste the token in the configuration
  4. Start the add-on

Thatā€™s it! No complicated networking setup, no security risks, just secure remote access to your Home Assistant instance!

For detailed setup instructions, check out the documentation.

:pray: Feedback Welcome!

This is a new add-on, and Iā€™d love to hear your feedback! Feel free to:

  • Share your experience
  • Report any issues on GitHub
  • Suggest improvements
  • Ask questions

Letā€™s make remote access to Home Assistant simple and secure together! :rocket:

Note: This add-on is not affiliated with or endorsed by Cloudflare, Inc. Cloudflare Tunnel is a product of Cloudflare, Inc.

6 Likes
2

Could you state shortly how does it compare to using NabuCasa Cloud?

  • I assume itā€™s free (while NabuCasa is paid ā€“ I donā€™t mind, I want to help the project)
  • With NabuCasa Cloud I get a specific URL to access my HA setup from anywhere ā€“ is that the same in the end with Cloudflare Tunnel?
  • Are there any security differences/comparisons? Despite having to ā€œtrustā€ either NabuCasa or Cloudflare?
3

Hi, yes itā€™s free - by the way, Iā€™m a NabuCasa subscriber too. Actually itā€™s not so much about exposing Home Assistant, I agree that NabuCasa works and is more ā€œnativeā€ to Home Assistant: itā€™s more about exposing your (possible) others services you host.

The main reasons I adopted Cloudflare Tunnel are:

  • To me, Cloudflare Tunnel just ā€˜worksā€™, while NabuCasa continuously gives me network errors, even if I reviewed and tried every configuration set I could figure out.

  • I cannot say about security: Cloudflare is maybe the worldā€™s biggest provider so I can easily trust it, but I assume that NabuCasa is leveraging on similar secure technologies (or even the very same :grin:)

  • With Cloudflare Tunnel you do have a specific URL, but using a custom domain that you must already own. In other words, if youā€™re the owner of the domain my-lovely-home.com you could setup in seconds the URL homeassistant.my-lovely-home.com or, if you prefer, my-lovely-home.com/homeassistant

  • The main reason is that with Cloudflare I could expose the others services I host in my Home network, e.g. a multimedia server (I use Plex), a NAS console, a self-hosted website, etc. It takes 1 minute to configure this, without touching anything in my home router configuration, and everything is managed in a single place (the Cloudflare dashboard).

  • With Cloudflare Tunnel I can configure easily but in details the routes to my servers. For instance, I can change the target IP or port, or switch protocol (HTTP, HTTPS, UDP, etc.) between the local tunnel client and the local server (the connection between the tunnel client and the Internet is always secured). So itā€™s very flexible if I move something, and configuration changes are immediately effective, even without restarting anything. To give you an idea, Iā€™ve:

    • www.my-lovely-home.com pointing to 192.168.0.123:443/mywebsite
    • plex.my-lovely-home.com pointing to 192.168.0.123:32400
    • nas.my-lovely-home.com pointing to 192.168.0.123:8081
    • ha.my-lovely-home.com pointing to 192.168.0.99:8123.

In sum, if you are interested in Home Assistant only, I would recommend NabuCasa; if instead you host several services, Cloudflare Tunnel is great.

1 Like
4

Hi @fredericks,

How does this compare to the add-on of Tobias? Im no expert, but looks the same to me?

1 Like
5

Hi @matrover, thanks for pointing out! Actually I wasnā€™t aware of the existing addon.

In theory, I would say that the addon you mentioned is better, because it covers a broader set of options and use casesā€¦ the only problem is that in my use case (a Cloudflare Tunnel managed remotely from the Cloudflared Dashboard) it doesnā€™t work properly :sob:

Iā€™ll raise an issue on that repository, in the meantime I see two main reasons to use mine:

  • It works :smiley: (at least for my use case)
  • Itā€™s (by far) easier to configure
1 Like
6

Ah ok, thanks for sorting out the differences!

7

Surprisingly straightforward getting the add-on to work if your already familiar with CF and /or their ZTNA. Would be nice if the add-on updated automatically though as the 2024.11.0 version is out of date and displaying the warning triangle in the CF dashboard.

2 Likes
8

Very simple to implement tunnel.
Occasionally hangs and needs to be restarted. Is there no watchdog option?
I keep parallel Ziertier vpn tunnel available so I can get into HA from the outside and restart the Cloudflare add-on.

11

For me this is not working. I thought perhaps this plugin would handle the ā€˜trusted proxiesā€™ IP range?

I can get this working if my tunnel passes the request through to an nginx reverse proxy manager first and that is listed in my trusted proxies, but I was hoping to be able to pass the tunnel directly through to HA.

Is there something Iā€™m missing?

LOL. Iā€™ve got it, I just needed to add Home Assistantā€™s own IP address to the list of trusted proxies and it works fine.

Thanks for putting this add-on together for us @fredericks :smiley: