Thanks for a great job. Thanks to you, I made a tunnel in a few moments. Good job @brenner-tobias !!!
Initially everything was just fine, no probs with Android or IOS Apps, but a month later, when I had to reauthenticate with cloudflare, iPad is unable to connect.
IOS App Log;
2022-04-09 9:12:02.047 am [Info] [main] [OnboardingAuth.swift:153] configuredAPI(instance:code:) >
2022-04-09 9:12:02.397 am [Info] [main] [OnboardingAuth.swift:80] performPreSteps(checkPoint:authDetails:sender:) > beforeAuth
2022-04-09 9:12:02.397 am [Verbose] [main] [OnboardingAuthStepConnectivity.swift:20] perform(point:) >
2022-04-09 9:12:02.566 am [Verbose] [main] [OnboardingAuthStepConnectivity.swift:28] perform(point:) > NSURLAuthenticationMethodServerTrust
2022-04-09 9:12:02.771 am [Verbose] [main] [OnboardingAuthStepConnectivity.swift:28] perform(point:) > NSURLAuthenticationMethodServerTrust
2022-04-09 9:12:02.871 am [Info] [main] [OnboardingAuthStepConnectivity.swift:53] perform(point:) > success(Optional(28423 bytes))
2022-04-09 9:12:02.871 am [Info] [main] [OnboardingAuth.swift:70] perform(checkPoint:checks:) > OnboardingAuthStepConnectivity: fulfilled()
2022-04-09 9:12:02.872 am [Verbose] [main] [OnboardingAuthLogin.swift:21] open(authDetails:sender:) > https://ha.lunarpod.net/auth/authorize?response_type=code&client_id=https://home-assistant.io/iOS&redirect_uri=homeassistant://auth-callback
2022-04-09 9:13:04.209 am [Info] [main] [OnboardingAuth.swift:153] configuredAPI(instance:code:) >
2022-04-09 9:13:05.350 am [Info] [main] [Bonjour.swift:34] stop() >
2022-04-09 9:13:40.865 am [Verbose] [main] [XCGLogger+Export.swift:17] export(from:sender:openURLHandler:) > Logs directory is: file:///private/var/mobile/Containers/Shared/AppGroup/DD1294FD-BB99-4A71-BC31-80A9F8D46780/logs/
2022-04-09 9:13:40.866 am [Debug] [main] [XCGLogger+Export.swift:32] export(from:sender:openURLHandler:) > Exporting logs as filename 2022-04-09_09.13.40+0100.logs.zip
Tried uninstalling and reinstalling app from scratch, still same. Android reauthenticated just fine and browser is fine also.
Not sure where to go with this now, having to use browser on ipad, but thats no good as it doesn’t have all the device sensors.
Amanda
Created IOS Bug report, please feel free to add comments to help get traction.
So the bug has been closed on GitHub…
The app does not support talking to apps other than Home Assistant and any cookies or other session information set during login is not preserved
Shame as it’s absolutely fine on Android.
Anyone else got anywhere with iOS after a cloudflare auth refresh?
this is really strange. For me on iOS, it is working fine with Cloudflare Auth using Github. From time to time, I have to restart the app after authenticating with Github, but since I have set the session time to one month, it is not really a problem.
Sorry for not being able to help you any further with this…
This is an awesome add-on, thank you so much for writing it. I’ve been strugging to get the Synology reverse proxy to work with Home Assistant and a dev Alexa smart home skill. With your add-on it just works!
Question, does your add-on also update the IP for the DNS record on a regular cadence or should I also install the cloudflare add-on?
Thanks!
Cool add-on, took me 5 mins to setup 
and works
1 Like
Great that the Add-on is working for you. Regarding DNS records: The beauty of the cloudflare tunnel is that there is no need to update DNS records to any sort of IP. The records of your needed subdomains should be CNAME records pointing to your tunnel. There should be no record with your personal IP. That way, you get more privacy and can also close all HA-specific ports on your router.
Let me know if you have any additional questions.
First of all thanks for this great add-on!
I’m currently using the wired NIC of my Pi to connect Home Assistant to my network. To add support for the Huawei Solar integration, I’ll need to connect the WiFi of the Pi directly to the access point of my Huawei inverter to fetch data. So I’ll have two active network connections but one without a gateway/internet access. Just wondering if Cloudflared is smart enough to find its way with this setup?
/edit: Running the above setup now and it’s all working fine without any issue 
This was surprisingly one of the easiest remote setups I’ve done and completely replaced my NPM setup. No more open ports! Great work!
This seems to break my Adguard DNS rewrites though. Is there a way to have my domain name (homeassistant.domain.com) rewrite to my local server (192.168.X.X) so the tunnel isn’t used on my local network?
does it allow https connection behind CGNAT?
Just installed and configured, worked like a charm
Thanks for this great add-in !
I was wondering if someone did some additional hardening, e.g. geo-ip blocking or the WAF functionality ?
Yup, added two rules for geo blocking, in my case Belgium. Guessing the second one is actually enough to make it work:
Allow - Is BE (Country)
Block - Not BE (Country)
Could be that you need to add an additional rule on IP/range for integrating 3rd party stuff like Google Assistant or Spotify. The firewall event log will help out if that’s the case.
1 Like
mine is having the same issue, used to work, now doesnt damn.
Hmmm, still haven’t got it working again. Android app fine, IOS App fails with ‘ObjectMapper failed to serialise response’ problem after Cloudflare auth.
Mhm this is strange, again for me it is working fine with the iOS app. One thing that comes to my mind might be the standard browser that you have defined in your device.
I am using Safari, and it looks like the app is using whatever standard browser you have under the hood (if I start my HA app, I can see the Safari icon in my MacBook as being used on my iPhone). So maybe other browsers do generate those problems?
Tried again today with email and pin and works, so must have be something wrong with my google auth. Works fine in browser but a little finicky in app.
Looking for some advice here, I’ve setup the domain, cloudflare and add ons instructions. I can see the handshake with the subdomain entries being created in the DNS records and the tunnel being created. When accessing the sub domain, I’m prompted to login into Cloudflare Access - once I authenticate with the pin code, I get a 400 Bad request page. This is consistent on more than one device. Can you think where I might have gone wrong?
Update: I’ve added a new application mapped to my nodered port. This works fine…investigation continues Just seems to be the Home Assistant application…
Hi, looks like you missed the part where you have to tell HA to accept requests from the Cloudflared tunnel (see first section of the initial set-up guide or use this direct link to the section explaining what to add in the configuration.yaml).
Kindly let me know if this helped.
1 Like
Thanks for the prompt response, yes I added the http section to the configuration.yaml and put ALL the public cloudflare IPs. I have been caught at work by only maintaining a single one and it caused a never ending goose chase for our network team…GUESS WHAT - this muppet didn’t reference back to your intructions to make sure the listed IP was within their larger list. Really appologise, your instructions are crystal clear. I have dabbled with Cloudflare for WAF and caching but really impressed with their Zero Trust offering considering its a bonus feature on a free account. Appreciate the effort to make this so easy!
1 Like