New Add-On: Cloudflared

Has anyone had luck creating a host in the cloudflare tunnel for a hikvision NVR?

I’ve set it up, and can log in using the domain on a browser
Though having no success viewing the live feeds through the IVMS-4500 hikvision app

I’m not sure if my issue is related, if it is not I will creeate a new topic either here or in github.

I have Cloudflare set up and working perfectly. I can access my HA dashboard using the external subdomain.domain:8443 I have created. I can also access from my Laptop at the IP_address:8443 normally still. Unfortunately, something is broken in the HA Android app related to the local IP address. See below:

1. WIFI off, 4g only.

• Local IP doesn’t work (as expected)
• Domain works (as expected)

2. Wifi on, 4g on.
   -App works, but unsure whether using WIFI or 4G
3. Wifi on (no internet, local only), 4g Off
   • “Unable to connect to Home Assistant” error.
     -It seems that the local address does not work with the android app for some reason.

Any suggestions?

I wanted to give this a try as an alternative to Let’s Encrypt & DuckDNS. I have an existing domain that I decided to try to use and added the Cloudflare nameservers over at GoDaddy. I got the confirmation message from Cloudflare that it was added. With the old LE and DDNS add-ons deleted, I started the Cloudflared add-on and, pulling in the URL from the log, then signed into my Cloudflare account.

I got an error in the log:

Failed to add route: code: 1003, reason: An A, AAAA, or CNAME record with that host already exists.
[10:05:26] FATAL: Failed to create DNS entry MYDOMAIN.com.
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service init-log-level: stopping
s6-rc: info: service init-log-level successfully stopped
s6-rc: info: service init-banner: stopping
s6-rc: info: service init-banner successfully stopped
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

What am I doing wrong with my existing domain, do you think? Should I just get a free one through freenom? I thought it would be better to use my paid domain because I won’t have to worry about it expiring.

Thanks!

EDIT: Uh oh… so, I went ahead and signed up for a freenom.com domain and followed the setup again… and got the same error in the logs with a completely different domain. So I’m doing something incorrectly.

I can connect to my local IP via Companion App and browser. I am running AdGuard at the network level.

EDIT 2: I was able to connect to my freenom domain by uninstalling & reinstalling the add-on, then reconfiguring. Then I had to delete the existing tunnel in Cloudflare to get it to work. Alternatively, I guess I could have specified a different Cloudflare Tunnel Name, but I wanted to keep what I had.

I’m still interested to know how to get around my initial error with my first domain. I’d rather use that if possible.

I was looking for the settings within Cloudflare and not the add-on. With your help I got it working. Thanks so much for your help and for your patience with a newbie.

This feels like a Coudflare DNS problem. If possible, you should delete all DNS records for the (sub)domain you want to use. After that is done, reinstall the Add-On and try again with a clean set-Up

See my edits… I got it working with the freenom domain by deleting the add-on and re-installing. Thanks! Unless you’re talking about the use of my own domain? In any case, I haven’t tried anything since getting it going with freenom. It’d be really helpful to know how to configure with a subdomain on my existing domain registered with GoDaddy…!

As an example… I have no idea what IP address to redirect the subdomain to.

yes, I was talking about your existing domain. What you have to do:

1. Move Domain to Cloudflare (see explanation here, might already be done?)
2. Install add-on in HA. Configure the subdomain "e.g. “home.example.com” as “external_hostname” and run the add-on. Configure it according to the documentation.

If there are any errors, I am happy to help.

I just got it running. It was super easy… I thought I had to configure the subdomain at Cloudflare. I just uninstalled and reinstalled the add-on, and it worked. And I’m a complete idiot when it comes to domains.

Thanks!

I have problem start,

After using this add-on successfully for a while, just now I noticed that it does not automatically route to https. I I just type in my domain name, it opens with http. So currently I would need to put manually https into the URL.
Neither in cloudflare nor in the add-on config I find an option to change that. Is there a way to force https?
My subdomains go to NPM first, where there is a dedicated option to force SSL.

You can enable that in Cloudflare.

Can you please update to the newest HA and Cloudflared Add-On Version and open an issue in GitHub if the problem persists?

Sorry for the noob question but do I need an own domain for this to work? I already have a subdomain from freedns.afraid.org pointing to my public ip but I suppose that will not work?

I tried to register one with freenom.com a couple of days ago but nothing happens and when I search now all free domains says “not available”

Is it possible to set this up so that HA is accessible via subdirectory? e.g. https://home.mydomain.com/67b12136-0902-42d2-a073-2a00dd2615a2/?
The reason I want to do it is to keep the url secret (the domain is not really secret, as it’ll potentially leak via DNS queries, but the subdomain is since path is encrypted via HTTPS).
I’ve configured the Tunnel in CouldFlare Zero Trust portal to point to a subdirectory (under Public Hostname), so now HA is not accessible at my domain at /, but if I try to open the subdirectory I get 404: Not Found in the browser (I think this is HA responding).
Am I missing something?

Fab add on, thank you. I have it going but it’s odd in that HA MFA fails when using the tunnel.

I get sign in prompt, HA log shows failed login attempts so it must be connecting. Also if connect locally the MFA works.

If I turn MFA off, all is OK with the cloudflared addon.

But as I turn MFA on, I just get I to a loop when attempting to log in via CF as image below.

Update: Discovred works with MFA from my desktop PC, but not from my iPhone, safari.

Screenshot 2022-12-17 135014736×441 33.9 KB

Any thoughts?

Is there some problem with installing the addon recently, maybe with newest HA version?
I have the HA core updated to the latest 2022.12.7
I went to addons and added your repository, but the extension doesn’t appear in the store:

image901×473 18.5 KB

Any ideas why?

Just to let you know… I did nothing since the post yesterday, but the problem has disappeared.
Just a blind guess: yesterday the plugin was not available right after installing the latest HA update. Did it have to go through some CI cycle or something?

I believe I’ve followed the instructions correct but I can’t get past this:

[15:15:39] INFO: Creating new tunnel...
/etc/s6-overlay/scripts/cloudflared-config.sh: line 146: CLOUDFLARED_LOG: unbound variable
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.

Any idea what is happening?
Added my domain to cloudflare, added cloudflare nameservers to registar, added code in configuration.yaml as described.
I did get the url from the log to authorize in cloudflare but then it just crashes.

Having the same problem after the last update 4.0.6.

This issue has been fixed in the meantime. Try to update to 4.0.7.
Sorry for the circumstances.