New Add-On: Cloudflared

Let’s Encrypt supports many popular DNS providers:

You can also set up DNS authentication manually by using a TXT record provided during setup.


@brenner-tobias, this is a great addon! It took my longer-than-expected to set everything up but overall seems to be working out of the box, especially when using remote tunneling. I much prefer this setup than having my Home Assistant instance exposed, even with a randomized port. While I’m sure that Home Assistant does their share of pentests, having an additional layer of security is great.

1 Like

Thanks for raising this. Do you mind opening an issue for that on GitHub to continue the discussion there? Please also include the add-on logs.

Generally speaking: The add-on should always use the in the documentation specified tunnel name. So if you change that without re-installing the add-on, it should produce an error:

Existing Cloudflare Tunnel name does not match add-on config
Align add-on configuration to match existing tunnel credential file
or re-install the add-on.

I actually fixed it.

I think you just need to give cludflare some time to purge the tunnel on their end.

Wait a few minutes before recreating the new tunnel.


1 Like

One more thing,

Ive noticed when using my custom domain name, when using this in the app as the external URL, it always redirects to use the web browser instead of the application.

Any way to resolve this or am I doing something wrong?


No. It is not possible.
It is discussed in this thread, but it has to be implemented by the app developers:

You can delete app data, and in the set up process, you can log in in cloudflare access, but when session expires, you are at the beginning.

You can also use warp access in order to bypass the need for CF access, but in my experience, warp makes navigation slower and loses connection frequently when moving.

Well, had the very same problem a week or so ago, but could not get any help (see my post a bit further above) so I had to figure it out myself :slight_smile:
Investigating this problem led me to realize two things:

  1. it’s a much better option to run the original cloudflare “app” in a docker container and not as a hass plugin (obviously, if you have a home server that is)
  2. running it without a ZT application (preferably a TOTP like Google or Github for an ease of access) is not really as secure as others might make you think - although none of the ports are open but your hass instance is…

Anyway, the solution to your (and many others’) problem is to delete the original tunnel from two different locations:
a) main cloudflare account / domain / DNS (as a CNAME record)
b) zero trust dashboard / access / tunnels

And then you’re golden - hope this helps others as well not to go mad for days like me :wink:

So you mean installing cloudflared as per the recommended steps when setting up the tunnel, in our cases would probably be docker?

What will this achieve? Also do we need to configure any static routing etc?

​I am a hass newbie but after two or three weeks of intensive testing I realized if I’d like to implement everything I want to work with HA then it’s gonna be a very complicated install with a shitload of addons (I use traccar, adguard, media server, etc) and much better if I install these in a separate container (easier update / better organization / better backup and restore options, etc) and then integrate only the data or the services these apps are offering into hass.

I know that using a raspberry pi is cool and trendy but in my opinion they are way too expensive but more to the point they are very much useless as you will outgrow them in a flash and have many limitations if you’d like to run a “proper” hass instance (come on haters!! :wink: ) And if you use a “one liter class” desktop PC then you are still in a 10-15W range but your possibilities are way beyond the raspberry pi with 32GB RAM, nvme and SSD drives, BT and so on…

Edit: apologies, this meant to be a reply to @deanfourie’s post

1 Like

Love this. Was able to get it up and running very quickly. Have you considered adding some sensors to HA for the tunnel? I’m thinking Service Health, Uptime, maybe some usage metrics?

Can this add-on be used with Home Assistant Supervised Installation ?
Kindly reply

Yes! I am using on supervised

How to install kindly guide

All instructions are here

Sorry my bad… I am using HomeAssistant with CORE installation method. Can cloudflared with used with CORE installation method ?

“Core” and “Supervised” HA installations are no longer recommended. Switch to Home Assistant OS or the Docker container to avoid issues (more info).

“Core” also does not have the add-on store. So you can’t easily install any add-ons, let alone this one.

1 Like

Yea go away from core.

Install a stock debain image, then install docker and install ha in docker is your best bet.

I’ve just started testing Cloudflared with success. As Cloudflare DNS is used now for my domain I need to move my dyndns over to them as well (as I like to have the option to use VPN for other tasks).

I’m using Namecheap/FreeDNS today which was easily configured on my Unifi USG. Though, the USG doesn’t have any option for Cloudflare so I need to find another way.

Any suggestions?

As always I suggest to check if you really need an additional VPN, since you can use the Cloudflare tunnel to route private networks, using Warp on your clients, so I suggest to have a look at the documentation :wink:

Anyways regarding your problem: You can very simply use the HA Cloudflare Integration to update your Cloudflare DNS entries for the VPN domain.

Hi there and thanks for this addon, I’m loving it so far and everything seems to work apart from the web ui of the other addons. I can of course access them locally or create a different subdomain altogether but just wondering how I can make the button that says “open web ui” actually point to the web ui. Thanks!