You’re filling in the additional host instead of the External Home Assistant Hostname.
Thanks for the reply I don not know what the External Home Assistant Hostname is?
I guess that will be the one you filled in at additional host. Check the video again, the fields are the other way around compared to you’re screenshot.
Yep that was the solution, thnx!!!
So I have tried to read up but im not sure if Im missing something.
So I have an external domain and I have gotten cloudflared setup, but right now I need to log into cloudflare and as someone pointed out it is not working with the app to use google.
So im now wondering if I should remove that cloudflare authorization part, but is there other ways to prevent others to access my domain? Or do people solely rely on the homeassistant login?
Also I have noticed when I connect through the app remotly then my location is as im at home so none of my automations work anymore 
(Used to have nabu casa but wanted to try without for a while)
Thanks!
Google works, just only when setting up the app. after that, when session expires you have to clean data on the app and reset again.
However, I have just recently found a solution in a GitHub thread: use mtls client certificate to authenticate:
- create a specific subdomain just for access with the app. eg myha-mtls.mydomain.com
- Create tunnel within cloudflared add-on. Check that you can access
- In cloudflare dashboard (not zero trust), go to SSL/TLS > client certificates. Activate mtls in your new subdomain. Then create a client certificate and install it in your mobile phone (and in all the phones you pretend to access your HA with).
- when you create your certificate it suggests to create a WAF firewall rule. Create it. If it is not suggested, go to WAF section in cloudflare dashboard and create a rule. The rule is: if path is your subdomain and certificate is not present, then block
That’s all. You don’t have to create an application nor access policies in zero trust, as authentication is checked via certificate to the whole subdomain.
You should keep your previous subdomain with zero trust Access policy in case you need to acces with the browser or in a pc with not certificate.
Im not sure if that would work. Im using a work phone and there is already a certificate installed on it. Also i struggled following the instruction with the subdomain as I have pointed my domain to cloudflare so I kind of need to setup the subdomain from zero trust?
Is there really no other way? I guess this was done on purpose for people to support nabu casa…
the subdomain is configured in cloudflare dashboard. outside zero trust. You had to do it for your main subdomain for cloudflared.
You can have more than one client certificate.
When setting up the HA app first time, as server asks for certificate, HA app will ask which certificate you want to use, so you can select the one from cloudflare.
I had to reauthenticate each month, and since I changed to mtls, it works fine.
At the beginning it seams complicated but it is really easy.
I was using this addon for quite a while but recently I noticed huge bandwidth draws on my network. I narrowed it down to homeassistant, but didn’t have a good way to narrow it down farther. I started turning off addons one by one and the bandwidth drain stopped when I stopped the cloudflared addon. Conceptually it makes sense that the addon might have high data usage given everything tunnels through to cloudflare, but I would think that traffic is only moving when a client is visiting from one of the domains configured for the tunnel. In my case I closed all clients and was only accessing homeassistant from the local IP but still seeing huge bandwidth draws (30 Mbps upload from my homeassistant server). I do not have video feeds or really much in my home assistant instance aside from a handful of door and window sensors and a few addons.
After analyzing my network further, I noticed a pattern where homeassistant data would spike to this level every few days for about a day. I can’t imagine what is using that amount of bandwidth but I will no longer be using cloudflare as I don’t really trust what this addon or cloudflare service is doing. I migrated to a self-managed VPN.
I really enjoyed the tunnel because it is much faster than my VPN but I don’t like the fact that it is seemingly using tons of data when I am not actually accessing the services myself.
Hi, another n00b here. Followed all the steps and got remote login working on my main domain (thanks! :)). Then decided that I would rather have the login page on a subdomain, so changed it to ha.domain.ext. It works like a charm there.
But my main https://domain.ext keeps defaulting to the Cloudflared authorisation link and failing. I somehow did manage to get my www.domain.ext to work normally again. I have gone over every setting in the add on, in Cloudflare and in my own domain settings but can’t figure this one out. Seems like https://domain.ext is still trying to route to the HA server.
Is this a tunnel thing (seeing the www-less in routing, but can’t change it)? Or a DNS/proxy thing? Any help would be appreciated. Thanks!
Edit: I finally got everything to work. I guess if you try doing something enough times it will eventually work.
Has anyone had success with accessing their HA tunnel through a SquareSpace domain? My FreeNom domain expired and now I can’t seem to get anything back up and running. It appears like the tunnel is active and healthy but when I go to my domain all I get is “address not found”. Thanks.
From this morning I’ve some issue too.
I can reach my home assistant but I get the error:
Unable to connect to Home Assistant.
Retrying in 60 seconds...
Cloudflare seems to work fine but I’ve checked freenom and I’ve nothing listes under “my domains”. Maybe it is expired?
I’ve tried to register another one but…
MPORTANT NOTICE: Because of technical issues the Freenom application for new registrations is temporarily out-of-order.
This is exactly why I went to SquareSpace for a domain. At least I know that they will be reliable.
1 Like
I gave up using freenom a while ago, because it would always fall over using a freenom domain. Get yourself a decent domain is the best answer I can think of.
Hi, is this possible to expose websocket for SmartThings using this addon? I have this addon set up and running for accessing my HA and it works great.
I have been trying to figure out how to implement what is described here:
Did you mean webhook ?
Just access the integration page externally using your domain and add the integration with ST.
The webhook shown should be the external one.
Yes, I meant webhook.
I accessed the HA from my smartphone using external address, it shows what looks like the proper external Callback URL address but after pasting my Access Token, there is an error:
SmartThings could not validate the webhook URL. Please ensure the webhook URL is reachable from the internet and try again.
Thanks for all your hard work. Great addon.
I want to remove additional hosts. I am following the help page but can’t work out where yaml file is saved - viz Remove additional_hosts option
??
I’ve added GitHub login self hosted application on clouflare, but how to I get HA app working? It now Unable to connect to Home Assistant error as it doesn’t recognise clouflare GitHub authentication…
If you go to the Configuration Tab of the add-on you can click on the three-dot menu button on the right side to find “Edit in YAML”. In the opening text editor, you have to add an empty array like this:
additional_hosts: []