New Add-On: Cloudflared

Has anyone had luck creating a host in the cloudflare tunnel for a hikvision NVR?

I’ve set it up, and can log in using the domain on a browser
Though having no success viewing the live feeds through the IVMS-4500 hikvision app

I’m not sure if my issue is related, if it is not I will creeate a new topic either here or in github.

I have Cloudflare set up and working perfectly. I can access my HA dashboard using the external subdomain.domain:8443 I have created. I can also access from my Laptop at the IP_address:8443 normally still. Unfortunately, something is broken in the HA Android app related to the local IP address. See below:

  1. WIFI off, 4g only.
  • Local IP doesn’t work (as expected)
  • Domain works (as expected)
  1. Wifi on, 4g on.
    -App works, but unsure whether using WIFI or 4G
  2. Wifi on (no internet, local only), 4g Off
    • “Unable to connect to Home Assistant” error.
      -It seems that the local address does not work with the android app for some reason.

Any suggestions?

I wanted to give this a try as an alternative to Let’s Encrypt & DuckDNS. I have an existing domain that I decided to try to use and added the Cloudflare nameservers over at GoDaddy. I got the confirmation message from Cloudflare that it was added. With the old LE and DDNS add-ons deleted, I started the Cloudflared add-on and, pulling in the URL from the log, then signed into my Cloudflare account.

I got an error in the log:

Failed to add route: code: 1003, reason: An A, AAAA, or CNAME record with that host already exists.
[10:05:26] FATAL: Failed to create DNS entry MYDOMAIN.com.
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service init-log-level: stopping
s6-rc: info: service init-log-level successfully stopped
s6-rc: info: service init-banner: stopping
s6-rc: info: service init-banner successfully stopped
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

What am I doing wrong with my existing domain, do you think? Should I just get a free one through freenom? I thought it would be better to use my paid domain because I won’t have to worry about it expiring.

Thanks!

EDIT: Uh oh… so, I went ahead and signed up for a freenom.com domain and followed the setup again… and got the same error in the logs with a completely different domain. So I’m doing something incorrectly.

I can connect to my local IP via Companion App and browser. I am running AdGuard at the network level.

EDIT 2: I was able to connect to my freenom domain by uninstalling & reinstalling the add-on, then reconfiguring. Then I had to delete the existing tunnel in Cloudflare to get it to work. Alternatively, I guess I could have specified a different Cloudflare Tunnel Name, but I wanted to keep what I had.

I’m still interested to know how to get around my initial error with my first domain. I’d rather use that if possible.

I was looking for the settings within Cloudflare and not the add-on. With your help I got it working. Thanks so much for your help and for your patience with a newbie.

This feels like a Coudflare DNS problem. If possible, you should delete all DNS records for the (sub)domain you want to use. After that is done, reinstall the Add-On and try again with a clean set-Up

See my edits… I got it working with the freenom domain by deleting the add-on and re-installing. Thanks! Unless you’re talking about the use of my own domain? In any case, I haven’t tried anything since getting it going with freenom. It’d be really helpful to know how to configure with a subdomain on my existing domain registered with GoDaddy…!

As an example… I have no idea what IP address to redirect the subdomain to.

yes, I was talking about your existing domain. What you have to do:

  1. Move Domain to Cloudflare (see explanation here, might already be done?)
  2. Install add-on in HA. Configure the subdomain "e.g. “home.example.com” as “external_hostname” and run the add-on. Configure it according to the documentation.

If there are any errors, I am happy to help.

I just got it running. It was super easy… I thought I had to configure the subdomain at Cloudflare. I just uninstalled and reinstalled the add-on, and it worked. And I’m a complete idiot when it comes to domains.

Thanks!

1 Like

I have problem start,

logs:

0x000000c00018b828: 0x0000000000000000 0x0000000000000002
0x000000c00018b838: 0x0000000000000001 0x0000000000000001
0x000000c00018b848: 0x0000000000000001 0x000000c00011ebe0
0x000000c00018b858: 0x000000c000183420 0x000000c000110cc0
0x000000c00018b868: 0x000000c00010cd30 0x0000000000000000
0x000000c00018b878: 0x000000c000180a80 0x000000c00018b8f8
0x000000c00018b888: 0x0000000000788e91 <regexp.MustCompile+0x0000000000000031> 0x00000000011cb4dc
0x000000c00018b898: 0x0000000000000060 0x0000000000000007
0x000000c00018b8a8: 0x0000000000000000 0x0000000000000000
0x000000c00018b8b8: 0x0000000000403b85 <runtime.strhashFallback+0x0000000000000025> 0x000000c000145900
0x000000c00018b8c8: 0x000000000040ebae <runtime.makeBucketArray+0x000000000000018e> 0x0000000000000110
0x000000c00018b8d8: 0x000000c000145948 0x0000000000413777 <runtime.mapassign_faststr+0x0000000000000077>
0x000000c00018b8e8: 0x0000000000000002 0x0000000001108340
0x000000c00018b8f8: 0x000000c00018b980 0x00000000007a2bd8 <github.com/russross/blackfriday/v2.init+0x0000000000000058>
0x000000c00018b908: <0x00000000011cb4dc 0x0000000000000060
0x000000c00018b918: 0x0000000000000008 0x00007f0a625215b8
0x000000c00018b928: 0x000000000000000c 0x0000000000000004
0x000000c00018b938: 0x000000c000110c30 0x000000c00010e820
0x000000c00018b948: 0x000000c000145980 0x000000000075e739 <text/template/parse.init+0x00000000000001d9>
0x000000c00018b958: 0x0000000000feb060 0x000000c000110c30
0x000000c00018b968: 0x000000000116e3c9 0x0000000001afa8d8
0x000000c00018b978: 0x000000c000110c30 0x000000c000145ab0
0x000000c00018b988: 0x0000000000449a06 <runtime.doInit+0x0000000000000126> 0x0000000001afa880
0x000000c00018b998: 0x0000000000203000 0x000000c000118240
0x000000c00018b9a8: 0x0000000000000120 0x000000c000145a28
0x000000c00018b9b8: 0x0000000000000000 0x000000000000000a
0x000000c00018b9c8: 0x0000000000000000 0x0000000000000007
0x000000c00018b9d8: 0x0000000000000000 0x0000000000000000
0x000000c00018b9e8: 0x00007f0a3aedad50 0x0000000000000008
0x000000c00018b9f8: 0x00007f0a625215b8 0x0000000000000010
0x000000c00018ba08: 0x0000000001b7c940
github.com/russross/blackfriday/v2.init()
?:0 +0x58 fp=0xc00018b90f sp=0xc00018b908 pc=0x7a2bd8
goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
/usr/local/go/src/runtime/proc.go:363 +0xd6 fp=0xc000064fb0 sp=0xc000064f90 pc=0x43ca16
runtime.goparkunlock(…)
/usr/local/go/src/runtime/proc.go:369
runtime.forcegchelper()
/usr/local/go/src/runtime/proc.go:302 +0xad fp=0xc000064fe0 sp=0xc000064fb0 pc=0x43c8ad
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000064fe8 sp=0xc000064fe0 pc=0x46e121
created by runtime.init.6
/usr/local/go/src/runtime/proc.go:290 +0x25
goroutine 3 [GC sweep wait]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
/usr/local/go/src/runtime/proc.go:363 +0xd6 fp=0xc000065790 sp=0xc000065770 pc=0x43ca16
runtime.goparkunlock(…)
/usr/local/go/src/runtime/proc.go:369
runtime.bgsweep(0x0?)
/usr/local/go/src/runtime/mgcsweep.go:278 +0x8e fp=0xc0000657c8 sp=0xc000065790 pc=0x42718e
runtime.gcenable.func1()
/usr/local/go/src/runtime/mgc.go:178 +0x26 fp=0xc0000657e0 sp=0xc0000657c8 pc=0x41be46
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc0000657e8 sp=0xc0000657e0 pc=0x46e121
created by runtime.gcenable
/usr/local/go/src/runtime/mgc.go:178 +0x6b
goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc00007a000?, 0x1384bd0?, 0x1?, 0x0?, 0x0?)
/usr/local/go/src/runtime/proc.go:363 +0xd6 fp=0xc000065f70 sp=0xc000065f50 pc=0x43ca16
runtime.goparkunlock(…)
/usr/local/go/src/runtime/proc.go:369
runtime.(*scavengerState).park(0x1b7baa0)
/usr/local/go/src/runtime/mgcscavenge.go:389 +0x53 fp=0xc000065fa0 sp=0xc000065f70 pc=0x425233
runtime.bgscavenge(0x0?)
/usr/local/go/src/runtime/mgcscavenge.go:617 +0x45 fp=0xc000065fc8 sp=0xc000065fa0 pc=0x425805
runtime.gcenable.func2()
/usr/local/go/src/runtime/mgc.go:179 +0x26 fp=0xc000065fe0 sp=0xc000065fc8 pc=0x41bde6
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000065fe8 sp=0xc000065fe0 pc=0x46e121
created by runtime.gcenable
/usr/local/go/src/runtime/mgc.go:179 +0xaa
goroutine 17 [finalizer wait]:
runtime.gopark(0x0?, 0xc000064670?, 0xab?, 0x74?, 0xc000064770?)
/usr/local/go/src/runtime/proc.go:363 +0xd6 fp=0xc000064628 sp=0xc000064608 pc=0x43ca16
runtime.goparkunlock(…)
/usr/local/go/src/runtime/proc.go:369
runtime.runfinq()
/usr/local/go/src/runtime/mfinal.go:180 +0x10f fp=0xc0000647e0 sp=0xc000064628 pc=0x41af4f
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc0000647e8 sp=0xc0000647e0 pc=0x46e121
created by runtime.createfing
/usr/local/go/src/runtime/mfinal.go:157 +0x45
s6-rc: warning: unable to start service init-cloudflared-config: command exited 2
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service init-log-level: stopping
s6-rc: info: service init-log-level successfully stopped
s6-rc: info: service init-banner: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service init-banner successfully stopped
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

After using this add-on successfully for a while, just now I noticed that it does not automatically route to https. I I just type in my domain name, it opens with http. So currently I would need to put manually https into the URL.
Neither in cloudflare nor in the add-on config I find an option to change that. Is there a way to force https?
My subdomains go to NPM first, where there is a dedicated option to force SSL.

You can enable that in Cloudflare.

2 Likes

Can you please update to the newest HA and Cloudflared Add-On Version and open an issue in GitHub if the problem persists?

Sorry for the noob question but do I need an own domain for this to work? I already have a subdomain from freedns.afraid.org pointing to my public ip but I suppose that will not work?

I tried to register one with freenom.com a couple of days ago but nothing happens and when I search now all free domains says “not available”

Is it possible to set this up so that HA is accessible via subdirectory? e.g. https://home.mydomain.com/67b12136-0902-42d2-a073-2a00dd2615a2/?
The reason I want to do it is to keep the url secret (the domain is not really secret, as it’ll potentially leak via DNS queries, but the subdomain is since path is encrypted via HTTPS).
I’ve configured the Tunnel in CouldFlare Zero Trust portal to point to a subdirectory (under Public Hostname), so now HA is not accessible at my domain at /, but if I try to open the subdirectory I get 404: Not Found in the browser (I think this is HA responding).
Am I missing something?

1 Like

Fab add on, thank you. I have it going but it’s odd in that HA MFA fails when using the tunnel.

I get sign in prompt, HA log shows failed login attempts so it must be connecting. Also if connect locally the MFA works.

If I turn MFA off, all is OK with the cloudflared addon.

But as I turn MFA on, I just get I to a loop when attempting to log in via CF as image below.

Update: Discovred works with MFA from my desktop PC, but not from my iPhone, safari.

Any thoughts?

Is there some problem with installing the addon recently, maybe with newest HA version?
I have the HA core updated to the latest 2022.12.7
I went to addons and added your repository, but the extension doesn’t appear in the store:

Any ideas why?

Just to let you know… I did nothing since the post yesterday, but the problem has disappeared.
Just a blind guess: yesterday the plugin was not available right after installing the latest HA update. Did it have to go through some CI cycle or something?

I believe I’ve followed the instructions correct but I can’t get past this:

[15:15:39] INFO: Creating new tunnel...
/etc/s6-overlay/scripts/cloudflared-config.sh: line 146: CLOUDFLARED_LOG: unbound variable
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.

Any idea what is happening?
Added my domain to cloudflare, added cloudflare nameservers to registar, added code in configuration.yaml as described.
I did get the url from the log to authorize in cloudflare but then it just crashes.

Having the same problem after the last update 4.0.6.

This issue has been fixed in the meantime. Try to update to 4.0.7.
Sorry for the circumstances.

1 Like