New Add-On: Cloudflared

In configuration I put “ha” subdomain and is working. Is taking me to home assistant.
Also I created Additional Hosts plex, router and unifi.
plex subdomain is working and is taking me to my plex server.
router subdomain doesn’t work it should take me to 192.168.0.1 (no port) but I am getting “400 bad request. Invalid Header.”
unifi subdomain doesn’t work. It should take me to unifi controller on port 8443 but I am getting “Bad Request
This combination of host and port requires TLS.”
Is possible to fix it?

Thanks for developing this. It works great and I can use Azure AD to authenticate. :grinning:

Thanks for this great Addon it works like a charm!

I have one issue on iOS - the iOS Actions/Siri is not working when connect via cloudflare when using cloudflare zero trust acces (i use Auth0 to login).
the iOS action from the config.yaml are also NOT synced to the phone if connected via cloudflare + zero turst access

if i remove the zero trust access application everything works like expected, but then i dont have the added security of cloudflare mfa

unfortunatly there is no error log in the app, i suspect the authentification for actions/siri is handled differently

Can this be installed as a custom component?

I’m not running an HA config that allows 'add-ons"

Maybe the better questions is, since this add-on is basically a docker container, can you make this a dockerhub offering? My docker platform uses that as a source.

Not sure if it will work but can’t you create a bypass policy and apply to the specific endpoint that is being called i.e www.example.com/endpoint/abc. You can also restrict this to specific source networks

Keep in mind that plex does not comply with their ToS.

Is viewing my security cams incidentally also against their ToS?

1 Like

thank you !
That did the trick!

  1. Create a new application with subdomain.domain.com/api (api is essential here)

  2. Create Bypass policy for Everyone or specific network

  3. Cloudflare Authentification + Siri works now

1 Like

I am not a lawyer, but maybe you breach Section 2.8 of their Cloudflare Self-Serve Subscription Agreement.

1 Like

Have a look at this video to setup cloudflared tunnel in docker.

Ruaandeysel,

Ok, I think you’re saying that if I download and configure a cloudflared docker container according to the video, I would not need the home assistant addon discussed here…

In the video he runs cloudflared as a service on a linux VM but it could just as easily be run as a docker container

The add-on is a shortcut for easy configuration.

Yes, there is an official docker container
https://hub.docker.com/r/cloudflare/cloudflared

I’m running Unraid and used this tutorial to setup Cloudflared CLI docker container and service.

A Cloudflared GUI tutorial was then released

On an iPhone I noticed the Cloudflare Authentication breaks device tracker updates in the companion app. When I leave home zone it still shows I’m at home.

Did your bypass policy fix the issue as well?

yes, everything works as expected

That’s good to know. Did you set your Bypass policy to Everyone and assigned a Group to the new application? Also just curious which identity provider you are using (Google, Github, One-Time Pin,…)

I noticed with Azure AD and the home assistant companion app it asks for credentials and MFA but goes into a loop but never gets to HA. Works fine through a browser like safari, chrome or edge.

Yeah google and azure does Not work

But auth0 Works like a charm oh mobile

The bypass is set for everyone for now(the /api url), no assigned groups there
It would be awesome if you could filter sth device specific without using the warp client (and even with the client i could not get the serialnumber filter to work for iOS)

But its fine for now, and with mfa for hassio even more so

1 Like

I have no choice but install the HA container version in my NAS system, hence it’s unable to install add-on by repository. Is it possible to do a manual installation? Or any other way to implement this cloudflare tunnel?

Read, just a couple of posts above yours, under this same thread.

Thank you. I’ll give Auth0 a try :blush: