OK. That’s what I thought; thanks for the confirmation.
I got this add-on all in all working with my main domain, thanks!
As so far I am using NGINX proxy manager for everything, I wanted to continue to do that. The add-on offers an option for a catch-all of everything else, which I have activated in the config.
As the help says
Note: As with
catch_all_service, this will still route your definedexternal_hostnameto Home Assistant as well as any potentialadditional_hoststo where you defined in the config. Any other incoming traffic will be routed to Nginx Proxy Manager.In order to route hostnames through the tunnel, you have to create individual CNAME records in Cloudflare for all of them, pointing to your
external_hostnameor directly to the tunnel URL that you can get from the CNAME entry ofexternal_hostname.
So in the Cloudflare Dashboard I added a CNAME entry for a subdomain (“bw” in this example), pointing to the main domain (for which the last CNAME entry is there and which does lead to home assistant), but when calling this subdomain in the browser it does still just bring my to a default page of my hoster.
I know that this might not be directly related to your add-on but rather to cloudflare settings, but maybe still someone here can give me a clue of what I did wrong and need to correct.
So far I was usind duckdns, there I did not even have to specify the subdomains anywhere, just tell NGINX proxy manager where to forward it to.
I assume the problem is that the A records point to the IP that my hoster assigned to my domain, but I thought that this would be caught up by by cloudflare?!
EDIT:
Ah, I think I got it. the CNAME entry for the subdomain must not have the domain name as content, but the cryptic ID that cloudflare itself gave the CNAME entry of the main domain. That way it seems to work! I still keep that as information for others that are as clueless as I was 
Hi, I tried the integration today and at first was disappointed because my installation did not start up as it should. I thought I forgot to turn the auto start and watchdog on. But I hadn’t…
However after starting the add-on from the cli I was up and running.
Until now… I get th error “Error 1033”.
Manually starting the add-on wasn’t a solution this time. And I’m baffled as to what to do now…
Anyone know this error and what I did, or even better; what I can do to work it out?
I’m running a RPI, I don’t really know if and what logs you’d need?
Thank you in advance!!
Dries
Edit:
My installation seems to have pulled itself through, but is now very slow, and getting into the add-ons page is still a waiting game…
Maybe I’m having a problem on another level?
Edit 2:
I’m suspecting that my SD-card is done for… But I’f anyone could help me how to save anything from my setup… I can still get into the logs, but anything like the file editor, or visual studio, or the backup window just remains a black window…
Hi Tobias,
Love the addon - I’m trying to get the pihole /admin page to pass which I had to funkily pass to caddy to get working - is there something similar in cloudflared that can enable a page pulling up a directory below the ip address and port?
I’m also trying to get a minecraft pocket edition server to connect and no matter what I do the server does not see the server although other external methods are currently working through port forwarding (which I want to move away from), is there any tips when the app requires an address and port to be entered and could that be messing with cloudflares ability to direct the request into the addon?
Thank you,
Daniel
Glad that you like the add-on. I am happy to give you my thoughts:
-
pihole: Unfortunately, adding subfolders rewrites is currently not supported, though there is some work being done under my raised issue and even a PR. Not sure when this will be fully implemented though. Having that said, you can certainly just add the page in a normal way and then enter the directory in your URL in the browser, which should work fine.
-
minecraft server: This will most certainly not work with the traditional tunnel, since the Cloudflare Proxy is focused on http (like) requests. You can find a list of other services and a documentation here. It might work with an arbitrary TCP service but I don’t think it will and I also do not have any experience with that. One other solution, which you would have to pay for, would be to use Cloudflare Spectrum but here I also do not have experience. I guess that in the end you will have to open a port for your minecraft server anyways. So my suggestion for that would be to use the Cloudflare Integration to update the IP of a specific subdomain for your server (like DynDNS) and then forward this port from your router directly to the server without HA being involved whatsoever.
I hope this helps
Hi Tobias,
many thanks for proving this addon. I’ve been using it for a while now and it works great. There is something where I’m not sure about the relation or how it’s supposed to work together.
Many other addon ask for certificate like shown in the screenshot below.
Could you explain if those cert’s are still need using the addon? Do I still need to use the Let’s Encrypt addon? It would be great if someone could bring some light into this and how it is related to each other. 
Thank you.
Br. JaDDeL
Hi Tobias,
Your solution for pihole is spot on and works like a charm - thanks! I found a workable solution for minecraft following this tutorial here, although I believe it still requires a port forward rule - any idea how to get around this?: Cloudflare DNS Setup for Minecraft Servers & Websites - YouTube.
It looks like playit.gg is an install and tunnel out protocol for playing minecraft without port forwarding…do you think that this is robust enough to handle the job without opening up to threats? I know that you are now downloading a piece of software to the server as well, unfortunately!
Thank you,
Daniel
Hi Tobias,
Side questions - does this work in your addon ( - service: http_status:404) as an option to redirect traffic to server error message? Also, can you make the base url not direct to home assistant but instead make a subdirectory be channeled only to HA’s login screen? I’m sure that there are nuances of details that I’m missing, but would appreciate your thoughts on these questions!
Thank you,
Daniel
Hi JaDDeL,
there is no need for any certificates or to use Let’s Encrypt. The connection from the clients to HA is encrypted by the Cloudflare Proxy Server, while the tunnel itself from the proxy to your HA is also encrypted. So if you do not have very specific requirements, than you should be good to go. If you do need certificates for some reason, you can get origin certificates from Cloudflare, but this is rarely needed.
Regarding the error message: Yes, this works using two different ways: You either simply use the catch_all_service option, which as the name suggests catches all not matched ingress connections (in the Cloudflare config itself it is translated to exactly what you are describing - service: $catch_all_service. The other option would be to use a Cloudflare Remote Managed tunnel and than define the ingress rules completely flexible in the Cloudflare Dashboard
Regarding the forwarding, it is possible, yes. You would have to use the path option to match the traffic.
Since this is an advaced configuration, you would need to migrate to a Cloudflare Remote Managed tunnel and then define the ingress rules completely flexible in the Cloudflare Dashboard.
yes, the tutorial looks fine, what you need to add though is the Cloudflare integration on you HA and automatically update the “base-url” with the IP (since I guess you do not have a static ip at home).
Regarding that playit.gg service, I cannot tell you much. It looks as pretty much the same setup as with our Cloudflare proxy and tunnel for Minecraft, so fine. Of course, you have to install a client on your server in order to connect to the proxy, but this is not generally a problem. I cannot say much more than that, so you have to test it. In the end, you can either trust the proxy service or expose a port (which is also not too bad, if you change to another Port than the standard as also shown in the video).
To be completely frank, my suggestion would be to go with a proper online Minecraft server. There are many very cheep or even free options and I would rather invest a couple of $ a month and be done with it. But that’s just my perspective 
Hi Tobias,
When I tried to put in something similar, it says that hostname is mandatory to enter into the config page, is there a way around this or proper way to do this reference for a - service call?
Thank you,
Daniel
Hi Daniel,
the field “external_hostname” used to be mandatory, but we changed it in release 3.1.0 six days ago. You have to add the additional_hosts array, a catch_all_service or the nginx_proxy_manager option or simply set-up the tunnel as a remote managed tunnel.
If this is not working for some way, please create an issue in GitHub and I will be happy to have a look at the problems.
Hi Tobias,
This was exactly what I was looking for! thank you, so much!!
Best,
Daniel
1 Like
I use my domain for many different stuff, including mails. But I would like to use subdomain with cloudflare with HA.
If I understand correcty I need to change nameservers to use CloudFlare nameservers instead of domain registrars service that I am already using? That means I have to manually reenter all dns records somewhere into Cloudflare? I am not sure about it, especially I can not afford having website or mails ureachable inbetween
1 Like
Hi Andrej,
you are right, you have to move your name servers to Cloudflare. The good thing is, that Cloudflare does a very good job at migrating this: Once you enter your domain in Cloudflare, they automatically detect your current DNS settings and add them. So all you have to do, is run through that process and than check your DNS entries before changing the name servers in your registrar.
Best
Tobias
1 Like
FYI
You’re right but you’re wrong. I’ve used Cloudflare for years and yes, they are VERY good but they have no control over how long it to takes to populate the root DNS servers nor any other sub servers. So there is a chance that access to your websites may not available from everywhere and the same thing goes for emails. I believe they have a disclaimer that states that updates are not immediate.
5310
1 Like
@5310 while you’re right that they don’t have any control over DNS propagation, if you duplicate all the records (and change nothing about them) it is unlikely that services will go down.
However you could have a short SSL mismatch.
1 Like
completely agree with both of you @Pippyn and @5310 thanks for that remark. It is not guaranteed and if you really have a super critical service, you might want to look into that in more detail. For almost all personal use-cases, even including email, this is most certainly not an issue from my perspective.
1 Like
I transitioned yesterday from using Nginx Proxy Manager to Cloudflared and I have a small issue to resolve. It seems it’s not exactly issue with Cloudflared, but maybe someone will have some hints here.
After switching everything works fine except Zigbee2MQTT panel when accessed via external URL on Chrome browser and chrome-based browsers (HA Android App).
My setup is HassOS on generic Linux, latest version of Z2M. I can access any other addon without any issue from external URL. When I open WebUI for Z2M all I can see is a blank page.
What I’ve tried so far:
- Refreshing with Shift+F5 - blank
- Clearing browser cache - still blank
- Accessing via incognito mode - still blank
- Restarting Z2M - it shows cloudflare version of 502: bad gateway screen for a while, and then after Z2M starts blank again
- Accessing from Firefox - surprisingly it worked, but I have no idea why.
- Even tried to troubleshoot via Chrome dev mode, I tried to compare response via local and externall adress. It seems browser is getting both HTML file and JS for the page, and they are not empty.
Did anybody encounter this kind of issue and have a solution?
1 Like