Let me know if you get this working. I cant get it to work either.
Is there anyone out there who has navigated the Cloudflare documentation and can set out clear steps for adding password access?
I’ve installed the add-on using the remote setup method. Seems to be working. However, I am getting this constant warning msg. Normal?
2024-02-23T00:35:23Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=1 event=0 ip=xx.xx.xx.xx
2024-02-23T00:35:23Z INF Retrying connection in up to 1s connIndex=1 event=0 ip=xx.xx.xx.xx
2024-02-23T00:35:25Z WRN Connection terminated error="timeout: no recent network activity" connIndex=1
2024-02-23T00:35:29Z INF Registered tunnel connection connIndex=1 connection=2448fb89-10cf9c44e913 event=0 ip=xx.xx.xx.xx location=nrt08 protocol=quic
You can find everything very well documented in this section.
Simply adding a custom password does not work though, you have to connect some sort of Identity provider and use the credentials there, while I suggest to use GitHub, since this also works for the companion app on iOS.
This is normal, unfortunately, and the same for me, but as long as the connection always works and is stable, you are good.
1 Like
Hi all. I’m struggling for many months now to get the iOS / MacOS app up and running. Everything seems to be working fine within the app. But the only thing that isn’t working is the sensor update from the devices themselves. So location, etc won’t get updated. In the log file from the macOS app I see the following error:
2024-02-28 10:15:37.335 [Error] [main] [WebhookManager.swift:633] urlSession(_:task:didCompleteWithError:) > failed request to befd9876cbf04b2bafcd00a80028df64 for WebhookResponseLocation: Error Domain=NSCocoaErrorDomain Code=3840 "Invalid value around line 1, column 0." UserInfo={NSDebugDescription=Invalid value around line 1, column 0., NSJSONSerializationErrorIndex=0}
2024-02-28 10:15:37.335 [Error] [webhookmanager-data] [WebhookManager.swift:307] send(identifier:server:request:) > in-background non-background failed: Error Domain=NSCocoaErrorDomain Code=3840 "Invalid value around line 1, column 0." UserInfo={NSDebugDescription=Invalid value around line 1, column 0., NSJSONSerializationErrorIndex=0}
Something tells me that the web hooks are hitting an error page on Cloudflare, but I have no idea how and why. When I check in Cloudflare I don’t see any security events related to this error.
Any idea? Is it actually working for someone with iOS or macOS? Thanks!
Guy’s I need advice!
I want to switch back to tunnels, so i installed the cloudflared-addon - configured it with the link at first start (not in the cloudflare dashboard)
The tunnel is correcly visible under CF-Dashboard and shows healthy.
Logs from addon shows no errors ( i can provide if nessessary)
I can reach the URL from a browser and can see the login page from homeassistant. So far so good.
After trying to login, it just does not work. I see the Homeassistant Logo - error Unable to connect to Home Assistant. - and a 60 second timer with “retry” button.
In the Logs i can see getting
Login attempt or request with invalid authentication from ipv6adress (ipv6 adress). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36)
The same credentials work on Lan-ip login with no problems and the account has the permission to be logged in from remote. ( had a running nginx setup before - so that should not be the problem)
In the ha config i added:
http:
cors_allowed_origins:
- https://google.com
- https://www.home-assistant.io
- https://homeassistant.mydomain.de
ip_ban_enabled: true
login_attempts_threshold: 5
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
- 192.168.1.0/24
- 172.18.0.0/24
- 127.0.0.1
- ::1
Homeassistant is running in a VM with the IP 192.168.1.101 under an Unraid installation with the IP 192.168.1.100 if that is interesting.
Add-on version: 5.1.5
You are running the latest version of this add-on.
System: Home Assistant OS 12.0 (amd64 / qemux86-64)
Home Assistant Core: 2024.3.0
Home Assistant Supervisor: 2024.03.0
What am i missing here? Beeing thankful for any kind of help with that topic!!
Thanks in advance
flx
Hello Tobias, awesome add-on you made for the community. I have been using it for 2+ months now and it comes in handy when I am away from home.
Currently, I am trying to create a small web app and it would require the HA REST API through the domain I use for this add-on. When I test the API (https://xxxxxxxxx.xxx/api) on Postman with the bearer token, I get a successful message and even data when I use the /api/states.
However, when I try to load the web app on my local host, I keep getting CORS errors.
Sample of my code
const url = "https://xxxxxxxxx.xxx/api/states"; // API URL
const token = ""; // API Token
const method = "GET"; // Request method, change for what's needed
fetch(url, {
method,
mode: 'cors',
headers: {
'Access-Control-Allow-Origin':'*',
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE',
'Access-Control-Allow-Headers': '*',
'Content-Type': 'application/json',
"Authorization": `Bearer ${token}` // This is the important part, the auth header
}
}).then(res => console.log(res)).then(data => console.log(data)).catch(err => console.error(err)); // Do better handling here
Do you have an idea of what I should do? Any suggestion? Thanks
Hi! Love the add-on!
I do appear to have a small problem. When I go to my domain i either get a 502 bad gateway or it does load but then fails to load pages and when i refresh i get hit with a 502 again.
This is only sometimes, not continuously.
What can i do to fix this?
Thanks!
So it has been solved. I had to do some configurations on the Cloudflare Zero Trust dashboard. I created a self-hosted application, then added a policy that has the action of Service Auth.
Then this is the CORS settings.
I hope this helps someone.
Oh plus the code snippet.
const url = ""; // API URL
const token = ""; // API Token
const method = "GET";
fetch(url, {
method,
mode: "cors",
headers: {
"Content-Type": "application/json",
"Authorization": `Bearer ${token}` // This is the important part, the auth header
}
}).then(response => {return response.json()})
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
1 Like
Hello everyone!
Since I’ve been interested in HA, I’m always faced with the same problem when it comes to connecting remotely, whether via Nginx or the cloudflared module.
I can access my HA correctly, but as soon as I want to connect, I always get the same message over and over again: “Unable to connect to”, regardless of the browser, platform or application.
Anyway, do you have any idea where this could be coming from because I’m beginning to despair here.
Thanks !
Question about encryption:
Thanks for the Cloudfare addon, it is really great.
I came from duckdns.org, but the service was down for undefined amount of time.
So time to find an alternative. This is where this cloudfare addon comes in handy.
Duckdns was using letsencrypt, to make the httpS happen.
Now, using this addon, I had to remove the configuration:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Since those are not valid for the new URL.
I am happy with this, as now, when I use the app using the local IP address, it just works with http (in the browser no more need to go to advanced, and trust …). However my big concern now is, https is used for the domain <example.com> which is on cloudfare, so that is good, but what about the communication between my RPi and cloudfare, is that secure? And is that data transfer encrypted? (I’m not IT savvy, so maybe that is exactly what a ‘tunnel’ is doing?!?)
Can someone shine some light on this?
Thanks,
K.
Good question. Clic retry. Other option that works for me: close the app, and then open it again and retry.
In my opinion, it is as if it tried to keep the previous connection/session from my WiFi, but outside home. So when you click try again, it establishes a new connection and the it works.
Anyway, that is what I guess, but is tedious.
I believe this page on github:
has a link to this very page where I am writing this post, linkt to in the section “I have a question or need support”
However it links to
https://community.home-assistant.io/t/new-add-on-cloudflared/
which does not work, it should be
https://community.home-assistant.io/t/new-add-on-cloudflared/361637
instead.
1 Like
As I am connecting via this add-on I start here, although it might not have anything whatsoever to do with Cloudflared…
I have two computers connecting remotely via Cloudflared from the same office network, but only one of them succeeeds, the other get a login auth denial:
Login attempt or request with invalid authentication from 147.XXX.YYY.98 (147.XXX.YYY.98). See the log for details.
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP (documentation, issues)
First occurred: 14:07:14 (10 occurrences)
Last logged: 15:17:00
Login attempt or request with invalid authentication from 147.XXX.YYY.98 (147.XXX.YYY.98). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0)
How do I resolve the IP-ban, enabling the login from both computers?
Did you ever get this working? i’ve been trying for days and while I’m getting closer, not there yet. I’ve tried TLS1.2, turn off fight bot mode, etc…
How is everyone doing their SSL with this? I notice my instance suggests I don’t have an SSL despite one being provisioned at cloudflares end
Hi, i have tired on many test servers and get same error “ ERR Request failed error=“Incoming request ended abruptly: context canceled” “
How can i fix it? I just add on fresh HA server only cloudflared addon and text editor and get same error, is that my foult or there is global issue?
you have to use let’s encrypt add-on for server certificate. Then in cloudflared you can select strict policy in TLS/SSL, which means that the certificate is in your server so communication end to end is encrypted.
If you don’t do this, certificate is provided by cloudflare at cloudflare server, so communication is encrypted between client and cloudflare and then from cloudflare to your server (via tunnel), however cloudflare could view all your traffic.
Is there a good guide on how to do this?