To answer and own question and have found the solution, I am able to access my local network while away from home using Cloudflared + Warp mobile app AND block ads. While some may not like the idea of using a mobile vpn client app (Warp), I am ok with it since that was how I access my network using the ios native vpn before.
I followed this guide to access my local network. Once enabled, I am able to use the browser and access all my local network. If you have Termius app on mobile or similar, you can also connect to your server. While the first is great, I wanted a way to block ads on my mobile device. The solution to that is from this guide.
Hello there! I have been using this add-on for a while, but I am looking to enable https locally. It appears https locally is required for the microphone component of Assist to work (Microphone in chrome dont work with Assist).
Is there a way for me to download the origin certificate and private key into home assistant to enable https?
I’m also interested in this as I have a Teltonika tracker on order.
If you haven’t already, you need to enable the protocol for your tracker in the traccar.xml config file:
If already done, have you tried a new subdomain pointing to port 5023 for your tracker devices? E.g. in your additional hosts section in the cloudlfared addon:
To answer my own question - this didn’t work. Couldn’t get data flowing no matter which port I used in the tracker. In the end, had to set a subdomain to point to my fixed IP and open up the port on my router.
Hello everyone. I have installed the addon today and apparently it does not start; the indicator light stays red, however I seamlessly connect from outside and inside my network to my Home Assistan instance using the tunnel created in Cloudflare. These are the addon logs.
Can you help me with this? Thank you.
Add-on: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
Add-on version: 4.1.5
You are running the latest version of this add-on.
System: Home Assistant OS 10.1 (amd64 / generic-x86-64)
Home Assistant Core: 2023.5.3
Home Assistant Supervisor: 2023.04.1
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
[07:31:50] INFO: Checking add-on config…
[07:31:50] INFO: Checking for existing certificate…
[07:31:50] NOTICE: No certificate found
[07:31:50] INFO: Creating new certificate…
[07:31:50] NOTICE:
[07:31:50] NOTICE: Please follow the Cloudflare Auth-Steps:
[07:31:50] NOTICE:
Please open the following URL and log in with your Cloudflare account: https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D
Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
[07:32:14] INFO: Authentication successfull, moving auth file to the ‘/data’ folder
[07:32:14] INFO: Checking for existing certificate…
[07:32:14] INFO: Existing certificate found
[07:32:14] INFO: Checking for existing tunnel…
[07:32:14] NOTICE: No tunnel file found
[07:32:14] INFO: Creating new tunnel…
Tunnel credentials written to /data/tunnel.json. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel homeassistant with id xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
[07:32:15] INFO: Checking for existing tunnel…
[07:32:15] INFO: Existing tunnel with ID xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx found
[07:32:15] INFO: Checking if existing tunnel matches name given in config
[07:32:15] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[07:32:15] INFO: Creating config file…
[07:32:16] INFO: Validating config file…
Validating rules from /tmp/config.json
OK
[07:32:16] INFO: Creating DNS entry mydominio.space…
2023-05-16T12:32:17Z INF Added CNAME mydominio.space which will route to this tunnel tunnelID=xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
[07:32:17] INFO: Finished setting up the Cloudflare Tunnel
[07:32:17] INFO: Connecting Cloudflare Tunnel…
2023-05-16T12:32:17Z INF Starting tunnel tunnelID=xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
2023-05-16T12:32:17Z INF Version 2023.5.0
2023-05-16T12:32:17Z INF GOOS: linux, GOVersion: go1.19.6, GoArch: amd64
2023-05-16T12:32:17Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-05-16T12:32:17Z INF Generated Connector ID: xxxxxxxx-4f9a-44a7-848e-xxxxxxxxxx
2023-05-16T12:32:17Z INF Initial protocol quic
2023-05-16T12:32:17Z INF ICMP proxy will use 172.30.33.11 as source for IPv4
2023-05-16T12:32:17Z INF ICMP proxy will use :: as source for IPv6
2023-05-16T12:32:17Z INF Starting metrics server on [::]:36500/metrics
2023-05-16T12:32:18Z INF Registered tunnel connection connIndex=0 connection=c75d2cc8-5d9a-4aa6-a8e6-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=IAD protocol=quic
2023-05-16T12:32:18Z INF Registered tunnel connection connIndex=1 connection=518b5010-f61c-4f81-a9f4-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=MIA protocol=quic
2023-05-16T12:32:19Z INF Registered tunnel connection connIndex=2 connection=937d95a7-bd62-4a7b-aed2-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=IAD protocol=quic
2023-05-16T12:32:20Z INF Registered tunnel connection connIndex=3 connection=fa86c2ad-8d7e-4470-9133-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=MIA protocol=quic
Does anybody have a write-up about how to use this plugin with nginx-proxy-manager? I’ve successfully created a tunnel, and can access my Home Assistant instance, but how do I connect it all together?
This may have been answered above but I can’t find it in such a long thread. I was happily using cloudflared using a free domain from freenom but they went belly up so I’ve finally got round to getting myself a domain. I’ve tried to set up using the new domain (I’ve called it subdomain.domain.tl below) but I get the following error. I’m guessing it’s still trying to use the old credentials from the previous domain, if so how do I clear them and get it to use my new domain? Thanks
Add-on version: 4.1.9
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (aarch64 / raspberrypi4-64)
Home Assistant Core: 2023.6.3
Home Assistant Supervisor: 2023.06.4
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[09:44:27] INFO: Checking add-on config...
[09:44:28] INFO: Checking for existing certificate...
[09:44:28] INFO: Existing certificate found
[09:44:28] INFO: Checking for existing tunnel...
[09:44:28] INFO: Existing tunnel with ID ***deleted*** found
[09:44:28] INFO: Checking if existing tunnel matches name given in config
[09:44:30] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[09:44:30] INFO: Creating config file...
[09:44:32] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[09:44:32] INFO: Creating DNS entry subdomain.domain.tl...
Failed to add route: code: 10000, reason: Authentication error
[09:44:33] FATAL: Failed to create DNS entry subdomain.mydomain.tl.
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
Hello everyone, I had installed the addon and everything worked perfectly.
Then, when I moved whole installation to a new place with a new router, the external site stopped working, and now throws “DNS_PROBE_POSSIBLE”.
I removed the addon, the tunnel and the DNS registery and reinstalled everything with the “manual” tunnel installation and the “managed” tunnel installation, and it still throws “DNS_PROBE_POSSIBLE”.
Do you have any idea ?
-----------------------------------------------------------
Add-on: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
Add-on version: 4.1.9
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (aarch64 / raspberrypi3-64)
Home Assistant Core: 2023.7.1
Home Assistant Supervisor: 2023.07.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[23:58:28] INFO: Checking add-on config...
[23:58:31] INFO: Checking for existing certificate...
[23:58:31] INFO: Existing certificate found
[23:58:31] INFO: Checking for existing tunnel...
[23:58:32] INFO: Existing tunnel with ID 9cab9505-4c02-41fd-86f0-xxxxxxxx found
[23:58:32] INFO: Checking if existing tunnel matches name given in config
2023-07-11T21:58:33Z WRN Your version 2023.6.1 is outdated. We recommend upgrading it to 2023.7.0
[23:58:33] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[23:58:33] INFO: Creating config file...
[23:58:39] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[23:58:40] INFO: Creating DNS entry example.com...
2023-07-11T21:58:42Z INF Added CNAME example.com which will route to this tunnel tunnelID=9cab9505-4c02-41fd-86f0-xxxxxxxx
[23:58:42] INFO: Finished setting up the Cloudflare Tunnel
[23:58:44] INFO: Connecting Cloudflare Tunnel...
2023-07-11T21:58:44Z INF Starting tunnel tunnelID=9cab9505-4c02-41fd-86f0-xxxxxxxxx
2023-07-11T21:58:44Z INF Version 2023.6.1
2023-07-11T21:58:44Z INF GOOS: linux, GOVersion: go1.19.6, GoArch: arm64
2023-07-11T21:58:44Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-07-11T21:58:44Z INF Generated Connector ID: cf7b9de6-0bef-46ef-xxxxxxxxx
2023-07-11T21:58:44Z INF Initial protocol quic
2023-07-11T21:58:44Z INF ICMP proxy will use 172.30.33.0 as source for IPv4
2023-07-11T21:58:44Z INF ICMP proxy will use :: as source for IPv6
2023-07-11T21:58:44Z WRN Your version 2023.6.1 is outdated. We recommend upgrading it to 2023.7.0
2023-07-11T21:58:44Z INF Starting metrics server on [::]:36500/metrics
2023-07-11T21:58:45Z INF Registered tunnel connection connIndex=0 connection=6da807d4-3105-466e-81f5-xxxxxxxxxx event=0 ip=198.41.192.xx location=FRA protocol=quic
2023-07-11T21:58:45Z INF Registered tunnel connection connIndex=1 connection=bd37ec59-1708-40b7-829c-xxxxxxxxxxx event=0 ip=198.41.200.xx location=MRS protocol=quic
2023-07-11T21:58:46Z INF Registered tunnel connection connIndex=2 connection=b0185ac8-abbd-4353-98f8-xxxxxxxxxxxx event=0 ip=198.41.192.xxx location=FRA protocol=quic
2023-07-11T21:58:47Z INF Registered tunnel connection connIndex=3 connection=3e18b97d-fad9-4759-9975-xxxxxx event=0 ip=198.41.200.xx location=MRS protocol=quic
2023-07-12T03:45:31Z INF Unregistered tunnel connection connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z INF Retrying connection in up to 1s connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:33Z INF Registered tunnel connection connIndex=0 connection=7699129f-485b-40b2-8cab-xxxxxxxxxxxxx event=0 ip=198.41.192.x location=FRA protocol=quic
/config/configuration.yaml
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
# Text-to-speech
tts:
- platform: google_translate
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
I’ve been using this add on for a while now, and have just noticed that traffic can be quite slow through the tunnel. In particular, I run frigate and when I stream recordings back from the HA web interface they are very slow compared to a direct connection through my internal LAN. I know that cloudflare doesn’t like you streaming through a tunnel, so perhaps not suprising.
So…is there a way to redirect internal LAN requests directly rather than via the tunnel, whilst still using the domain? My first thought was to use Pihole to catch internal DNS requests and route them directly, but of course that only works to an IP, and not a specific port. So I can catch requests to ha.mydomain.com and send them to the IP of my HA server, but only to port 80 and not to port 8123 specifically.
Is there a way to do this? An internal proxy that takes requests to port 80 on my HA server and redirects them to 8123?
I tried this yesterday (using pihole). Worked well for other servers on my network, but wouldn’t connect to HA for some reason. I can get HA to respond on port 80 using a reverse proxy (direct IP), but the pihole local DNS doesn’t work - refuses to connect. Not sure why…
Hello guys,
I have a problem with my ha and remote connect via cloudflared.
Overall, recently everything was good and it worked seamlessly. One day, without my interference I lost remote HA notifications which was send via connect iOS app and domain with cloudflared.
In app I’m getting error: NSURLErrorDomain -1003, in browser DNS_PROBE_FINISHED_NXDOMAIN.
There are Cloudflared addon logs:
-----------------------------------------------------------
Add-on: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
Add-on version: 4.2.1
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (amd64 / qemux86-64)
Home Assistant Core: 2023.7.3
Home Assistant Supervisor: 2023.07.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[09:53:00] INFO: Using Cloudflare Remote Management Tunnel
[09:53:00] INFO: All add-on configuration options except tunnel_token will be ignored.
[09:53:00] INFO: Connecting Cloudflare Tunnel...
2023-07-22T07:53:00Z INF Starting tunnel tunnelID=XXX
2023-07-22T07:53:00Z INF Version 2023.7.1
2023-07-22T07:53:00Z INF GOOS: linux, GOVersion: go1.19.6, GoArch: amd64
2023-07-22T07:53:00Z INF Settings: map[loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true token:*****]
2023-07-22T07:53:00Z INF Generated Connector ID: XXX
2023-07-22T07:53:00Z INF Initial protocol quic
2023-07-22T07:53:00Z INF ICMP proxy will use 172.30.33.5 as source for IPv4
2023-07-22T07:53:00Z INF ICMP proxy will use :: as source for IPv6
2023-07-22T07:53:00Z INF Starting metrics server on [::]:36500/metrics
2023-07-22T07:53:01Z INF Registered tunnel connection connIndex=0 connection=cbc2e362-1692-4472-b9fc-xxx event=0 ip=198.41.192.227 location=FRA protocol=quic
2023-07-22T07:53:01Z INF Registered tunnel connection connIndex=1 connection=4c89b9f5-7b70-488f-a95d-xxx event=0 ip=198.41.200.43 location=WAW protocol=quic
2023-07-22T07:53:02Z INF Registered tunnel connection connIndex=2 connection=68891634-7da9-4482-91de-xxx event=0 ip=198.41.200.233 location=WAW protocol=quic
2023-07-22T07:53:02Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"XXX\",\"originRequest\":{},\"service\":\"http://homeassistant.local:8123\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=10
2023-07-22T07:53:03Z INF Registered tunnel connection connIndex=3 connection=78cdba62-fc8d-4479-9155-xxx event=0 ip=198.41.192.37 location=FRA protocol=quic
2023-07-22T08:18:15Z INF Unregistered tunnel connection connIndex=1 event=0 ip=198.41.200.43
2023-07-22T08:18:15Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=1 event=0 ip=198.41.200.43
2023-07-22T08:18:15Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=1 event=0 ip=198.41.200.43
2023-07-22T08:18:15Z INF Retrying connection in up to 1s connIndex=1 event=0 ip=198.41.200.43
2023-07-22T08:18:15Z INF Unregistered tunnel connection connIndex=3 event=0 ip=198.41.192.37
2023-07-22T08:18:15Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=3 event=0 ip=198.41.192.37
2023-07-22T08:18:15Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=3 event=0 ip=198.41.192.37
2023-07-22T08:18:15Z INF Retrying connection in up to 1s connIndex=3 event=0 ip=198.41.192.37
2023-07-22T08:18:15Z INF Unregistered tunnel connection connIndex=2 event=0 ip=198.41.200.233
2023-07-22T08:18:15Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=2 event=0 ip=198.41.200.233
2023-07-22T08:18:15Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=2 event=0 ip=198.41.200.233
2023-07-22T08:18:15Z INF Retrying connection in up to 1s connIndex=2 event=0 ip=198.41.200.233
2023-07-22T08:18:15Z INF Unregistered tunnel connection connIndex=0 event=0 ip=198.41.192.227
2023-07-22T08:18:15Z ERR Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.227
2023-07-22T08:18:15Z ERR Serve tunnel error error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.227
2023-07-22T08:18:15Z INF Retrying connection in up to 1s connIndex=0 event=0 ip=198.41.192.227
2023-07-22T08:18:16Z ERR Connection terminated error="timeout: no recent network activity" connIndex=1
2023-07-22T08:18:16Z ERR Connection terminated error="timeout: no recent network activity" connIndex=2
2023-07-22T08:18:17Z ERR Connection terminated error="timeout: no recent network activity" connIndex=3
2023-07-22T08:18:17Z INF Registered tunnel connection connIndex=1 connection=edbde6bb-f889-405d-b515-xxx event=0 ip=198.41.200.13 location=WAW protocol=quic
2023-07-22T08:18:18Z INF Registered tunnel connection connIndex=0 connection=05d79cf0-f94b-454f-ada9-xxx event=0 ip=198.41.192.47 location=FRA protocol=quic
2023-07-22T08:18:29Z INF Registered tunnel connection connIndex=3 connection=b2ca6847-6fb3-44d2-a23d-xxxevent=0 ip=198.41.192.7 location=FRA protocol=quic
2023-07-22T08:18:29Z INF Registered tunnel connection connIndex=2 connection=d659572e-6cf0-41c3-96c0-xxx event=0 ip=198.41.200.33 location=WAW protocol=quic
In cloudflare tunnel seems to be healthy, domain DNS is correct.
Tried to regenerate token in cloudflare, change subdomain, reset host, ha, nothing helped.
Where I can search a problem? I don’t have idea what I can even do more.
