New Add-On: Cloudflared

You have to make an additional Bypass rule for country Sweden to make that work.

1 Like

Thank you! Working great now! :slightly_smiling_face:

Just tried to make it working but I have an error in logs and don’t know how to fix it.
The tunnel appear online and connected on Cloudflare interface + CNAME.

I can’t access my ha from external right now.

I need to do something more?

[18:03:05] INFO: Checking for existing tunnel...
[18:03:05] INFO: Existing tunnel with ID 213131233131312313 found
[18:03:05] INFO: Checking if existing tunnel matches name given in config
[18:03:06] INFO: Existing Cloudflare tunnnel name matches config, proceeding with existing tunnel file
[18:03:06] WARNING: Reset cloudflared warp routes and add-on warp options
[18:03:06] INFO: Removing already configured routes for tunnel hassio-tunnel
[18:03:08] WARNING: Warp disabled successfully
[18:03:08] INFO: Creating config file...
[18:03:08] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[18:03:09] INFO: Creating new DNS entry hassio.XXXX.ro...
2022-08-08T15:03:10Z INF Added CNAME hassio.XXXX.ro which will route to this tunnel tunnelID=213131233131312313
[18:03:10] INFO: Finished setting-up the Cloudflare tunnel
s6-rc: info: service init-cloudflared-config successfully started
s6-rc: info: service cloudflared: starting
s6-rc: info: service cloudflared successfully started
s6-rc: info: service healthcheck: starting
s6-rc: info: service healthcheck successfully started
s6-rc: info: service legacy-services: starting
[18:03:10] INFO: Starting Cloudflared Healthcheck for Home-Assistant add-on.
s6-rc: info: service legacy-services successfully started
[18:03:10] INFO: Connecting Cloudflared Tunnel...
2022-08-08T15:03:10Z INF Starting tunnel tunnelID=213131233131312313
2022-08-08T15:03:10Z INF Version 2022.7.1
2022-08-08T15:03:10Z INF GOOS: linux, GOVersion: go1.17.10, GoArch: amd64
2022-08-08T15:03:10Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:localhost:36500 no-autoupdate:true origincert:/data/cert.pem]
2022-08-08T15:03:10Z INF Generated Connector ID: 213131233131312313
2022-08-08T15:03:10Z INF Initial protocol quic
2022-08-08T15:03:10Z INF Starting metrics server on 127.0.0.1:36500/metrics
[18:03:10] WARNING: Connection unavailable, rechecking in 5 seconds.
[18:03:10] WARNING: Connection attempt 1/24 before restart.
2022-08-08T15:03:11Z INF Connection 63858b21-9699-41b2-92af-af6dafcc2247 registered connIndex=0 ip=198.41.200.43 location=AMS
2022-08-08T15:03:12Z INF Connection d63f53e9-e722-461f-b497-3077db317cc3 registered connIndex=1 ip=198.41.192.227 location=OTP
2022-08-08T15:03:12Z INF Connection bd2aa5e7-d971-4a73-9192-3f1293378f2c registered connIndex=2 ip=198.41.200.13 location=AMS
2022-08-08T15:03:13Z INF Connection 3c6f8b14-e145-4b0c-9eef-bd331f9c3fca registered connIndex=3 ip=198.41.192.37 location=OTP
[18:03:06] WARNING: Reset cloudflared warp routes and add-on warp options
[18:03:06] INFO: Removing already configured routes for tunnel hassio-tunnel
[18:03:08] WARNING: Warp disabled successfully

Maybe check these. Warp route reset…? My log file does not have these.

Is it possible to get somehow the Wireguard addon working with Cloudflared?
Currently it’s working with duckdns addon enabled.
Since the documentation says to remove duckdns addon, I’m not sure, if that has any impact on the cloudflared addon.

If you can get VPN going, and is OK with your VPN setup, then it is likely more secure to use VPN exclusively. No need to use Cloudflared add-on.

The reason the docs says to remove DuckDNS is to make sure Cloudflare being the one handling SSL.

But yes VPN and Cloudflare can co-exist… Technically doing VPN (WireGuard) you do not need HTTPS/SSL thingy.

thanks. i added cloudflare addon and via tunnel i could use my ha outside my local. but inside locally i can use ha via ip with http but does not work with https…
any way to make it work with https instead?

same error here… and “Page not found” when I surf to my newly created subdomain…

[11:42:27] WARNING: Connection unavailable, rechecking in 5 seconds.
[11:42:27] WARNING: Connection attempt 1/24 before restart.
2022-08-10T09:42:27Z INF Connection 44229a3e-d36e-43dc-998f-6696977f714c registered connIndex=0 ip=198.41.200.13 location=BRU
2022-08-10T09:42:28Z INF Connection 193775eb-281d-4461-b4ae-8a820442234a registered connIndex=1 ip=198.41.192.67 location=AMS
2022-08-10T09:42:29Z INF Connection 33bc967d-0195-4fa8-8c18-404190a61d8c registered connIndex=2 ip=198.41.200.193 location=BRU
2022-08-10T09:42:30Z INF Connection 22a6ea0e-a63b-4a5e-aaa3-256d1fabd384 registered connIndex=3 ip=198.41.192.227 location=AMS

I lost access to my ha this morning via this add-on. The add-on was not running and the logs showed retrying to connect errors, restarts, a health check and then eventually the shutdown.
Is this normal operation as it left my system inaccessible?
To resolve I just started the add-on.
I have the watchdog turned on for this add-on.

1 Like

May be the same root cause as https://github.com/brenner-tobias/addon-cloudflared/issues/141

1 Like

Maybe, I had the watchdog turned on and the add-on was still found to be stopped.

Anyone know how to access config for this add-on via CLI?
(have a remote instance I can only get to via CLI after gofing up tunnel API token setting)

I managed to uninstall and reinstall, but how to provide settings for addon via CLI?

Is it possible to run both the cloudflared add on for remote access via the tunnel and the cloudflared integration to update other dns records on the domain, not related to my ha instance?

Hi @marce14-git , can you explain step by step? I’m kind of a newbie here :slight_smile:

What do you mean by create a new application? And then create bypass ?

Thanks in advance

yeah u get 404 if you try to reach the site with a browser but the mobile app can now talk with Home Assistant and Siri does work like before.

  1. Just configure your cloudflare HA addon and cloudflare zero trust as in any of the guides provided with subdomain.domain.com (= HA external URL) and with the authentication method of your choice (google does not work on mobile though)

  2. add another application in cf zero trust with subdomain.domain.com/api and create a bypass policy for everyone or by country etc. - you dont have to change ANYTHING in the HA cloudflare addon config

  3. everything should work (at least on iOS for me)

2 Likes

application and bypass is all on the cloudflare zero trust homepage - its pretty self explanatory

1 Like

Hi Guys,
I was following this guide from YT as it seems simple and with all info:

Unfortunately I’m constantly getting error:

[11:17:41] WARNING: Connection unavailable, rechecking in 5 seconds.
[11:17:41] WARNING: Connection attempt 1/24 before restart.

@vandenbogerd @pifuvalentin
Guys,
Did You resolve this issue by anychance?

I have the same problem.

@shade.pl @bennettTBCASoft

Could you share some more details on the issue you experience?

The warning below isn’t a problem during startup phase of the add-on.

[11:17:41] WARNING: Connection unavailable, rechecking in 5 seconds.
[11:17:41] WARNING: Connection attempt 1/24 before restart.

Regarding the background of the message, there is a health check built into the add-on that restarts the tunnel if no connection to the tunnel can be established for 2 minutes (24 attempts with a 5 second pause). During the add-on start it can happen that the connection is not available for a short time because the healthcheck performs a check before the initial connection is established.

The health check is advantageous when the network connection drops during normal operation of the tunnel. Cloudflare only tries to reconnect a few times, after which the service simply continues to run without a connection being established. This is where the implemented healthcheck comes into play as a workaround to restart the service.

I also have this same issue of late. My external connection kept dropping every few minutes but my internal connection was fine. I have the same error in the logs as the many people above me.

I have disabled and uninstalled cloudflared and reinstalled it. Same issue.