I recently started working on my first add-on “Cloudflared” and would like to share it with all of you.
When I got a new domain name, I started working with Cloudflare. Up until then, I used Duck DNS to access my HA instance via opening ports in my router, which I did not really like. Recent announcements from Cloudflare regarding their new Zero Trust Platform Teams, made me check them out in detail. I realised that they offered a great way of securing your applications and connecting them to their servers by leveraging their tunnel service Cloudflare Tunnel. So, I device to try to use this service for my HA instance.
I created this Cloudflared add-on. I also created an Add-On repository that you can find here so you can easily install the Add-on. It connects your Home Assistant Instance via a secure tunnel to a domain or subdomain at Cloudflare. By doing that, you can expose your Home Assistant to the Internet without opening ports in your router. Additionally, you can utilise Cloudflare Teams to further secure your Home Assistant connection.
I invite all of you to test the add-on. Since this is my first add-on, any feedback is very much appreciated. My plan is to bring this add-on to the Add-On Community Repository at some point. I tried following the best-practices from the example add-on as much as possible and am happy about any suggestions to improve.
Regarding additional functionality, there are a couple of things that could be included in future releases:
- The existing tunnel can also be used to connect to Cloudflares DNS servers in a secure way. Using that, HA could be used as a DNS server in your local network, leveraging the security features of Cloudflare Teams. It might be a good idea to do that in combination with the Dnsmasq Add-On.
The tunnel can also be used for multiple inbound connections and decide based on the domain, which service to call. With a proper config, a simple reverse proxy in the network for other services (e.g. DiskStation, Router configuration) could be realised.(done)
- I am currently testing to use HomeAssistant as an application in Cloudflare Teams behind an additional layer of Authentication. So far, Google is not working, but GitHub is. I am investigating how this is working out and expanding the documentation accordingly.
I do have two one issue s that I would love to address:
I have included a bool var in the config to reset the add-on and delete all the config files. I would be happy to get a second opinion on that approach and try other options (see issue on GitHub).(fixed)
1. When initially setting up Cloudflared, you have to authenticate the add-on. To do that, the add-on prints a URL in the Log section that you have to open. I would love to use that URL and automatically open a new website tab or mobile browser on the app, if this is possible at all (see issue on GitHub).(this is unfortunately not possible in HA right now, still I think the set-up is fine the way it is right now).
A couple of days ago, I found an already existing Cloudflared Argo Add-on from @latic (see also this thread). Since I was already deep into my development and it looked like an experimental version itself, I decided to move on with the development anyways. I am happy to join forces on this development, so please feel free to reach out to me.
Overall, everyone please feel free to reach out to me in this thread, via a GitHub Issue here or directly. I am happy to continue the development on this.
Update: Since you need a domain name to use Cloudflare, I wrote an article about getting one for free if you do not have one. Feel free to check it out: