New Add-On: Cloudflared

weemaba999 · June 14, 2022, 2:59pm

Hi Tobias,

Just a small question. When and where do you define your subdomains. I managed to create and register a domain xxxxxxxxx.ml and connected it on cloudflare using the dns-servers of cloudflare in freenom domain management. Now I want to create ha.xxxxxxxxx.ml so I can use the subdomain to connect to my homeassistant before I install the cloudflare add-on.
Do I need to create the subdomain in Freenom ? Already or will this be done by the add-on ?

Thanks !

Bart

weemaba999 · June 15, 2022, 8:28am

URGENT

Hi all,

I was able to setup the domain name, link to cloudflare, adjust settings and connect remotely to my home-assistance (yeah )

BUT : Since the activation of the domain name and the installation of the cloudflare add-on in HomeAssistant, my network router is detecting bulk downstream from my home assistant. Instead of a consistant 30MB downstream traffic, it continuously has - since the activation of cloudflare - a downstream of +700MB !!!
It has impact on experience of the network & bandwith… anyone ANY clue were to look ? Or is this normal or is it caching, or…

Any help would be appreciated !

Thanks a lot in advance,

Kr,

Bart

brenner-tobias · June 17, 2022, 8:44pm

HI Bart,

this is strange, I do not see anything like that in my router, so this should not be the case / is not normal.

Is anyone else experiencing this? Can you elaborate a little bit more on the type of data or maybe share have a look at the add-on logs in case there is anything interesting? Maybe also set the log-level to debug to check.

Best
Tobias

dudeman · June 18, 2022, 8:46am

I am running homeassistant in virtualbox. Can I install the cloudflare tunnel to host machine and not to the virtualmachine? Virtualmachine has bridge network with host.

djacid · June 18, 2022, 5:42pm

Hello, for some reason it’s not working for me. From the logs I get this:

“http://homeassistant:8123”},{“service”:“http_status:404”}],“warp-routing”:{“enabled”:false}}" version=5
is this normal?

djacid · June 18, 2022, 5:48pm

And these:

2022-06-18T17:47:36Z INF Unregistered tunnel connection connIndex=2
2022-06-18T17:47:36Z WRN Failed to serve quic connection error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=2
2022-06-18T17:47:36Z WRN Serve tunnel error error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=2
2022-06-18T17:47:36Z INF Retrying connection in up to 1s seconds connIndex=2
2022-06-18T17:47:36Z INF Unregistered tunnel connection connIndex=3
2022-06-18T17:47:36Z WRN Failed to serve quic connection error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=3
2022-06-18T17:47:36Z WRN Serve tunnel error error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=3
2022-06-18T17:47:36Z INF Retrying connection in up to 1s seconds connIndex=3

eriol · June 19, 2022, 11:25am

hi. thanks for the add-on. Works really nice. I have the app working with warp and zero trust, so only my mobile can connect to the tunnel. [edit: this is just some info on how useful I find it, nothing to do with the problem].

However, I have found a problem. When I restar my router and I am assigned a new IP by my ISP, the add-on cannot connect to the tunnel, because it finds a tunnel with the same name (which is the original tunnel, that, for some reason, the add-on cannot identify as the same tunnel).
The log says:

2022.6.2
failed to create tunnel: Create Tunnel API call failed: tunnel with name already exists
[13:16:48] FATAL: Failed to create tunnel.
Please check the Cloudflare Teams Dashboard for an existing tunnel with the name homeassistant and delete it:
https://dash.teams.cloudflare.com/ Access / Tunnels

I think the problem is that the add-on (or cloudflared, I’m not sure), thinks it is a different tunnel, probably because the different IP address.

Can anyone help me with this?
[edit: obviously I solve temporarily the problem by deleting the tunnel in cloudflare and restarting the add-on. I am asking for a more permanent solution that doesn’t imply deleting the tunnel each time my router restarts]
Thank you in advance.

ritzHA · June 19, 2022, 7:34pm

Great Add-on Tobias. I was struggling recently with duckdns. The cloudflared worked like a charms. Thanks for sharing the add-on

yousaf465 · June 20, 2022, 8:31am

How do access additional add-on pages with their own WebUI, e.g WebRTC uses 8083 port and can be accessed locally on 192.168.1.200:8083, how do I access it with cloudflare on my domain as xxxxx.tk:8083 ?

brenner-tobias · June 22, 2022, 7:33pm

You can configure Additional hosts, which are basically new subdomains that are forwarded so some internal IPs:Ports in your network. Have a look at this documentation section and let me know if you have problems.

brenner-tobias · June 22, 2022, 7:36pm

Unfortunately, I cannot reproduce this. The IP of your home internet connection does not matter, the details and the token / key of the tunnel are stored within the add-on. This feels more like a problem in the add-on itself as it is not properly storing the tunnel credentials.

Can you have a look at the issues of the add-on on GitHub and elaborate ther or raise a new one if none is fittin?

brenner-tobias · June 22, 2022, 7:39pm

Sure, you can just install cloudflared the “normal” way on your host and then run it as a service or as a docker container. In this case, you do not need the add-on but follow the standard tunnel guide.

brenner-tobias · June 22, 2022, 7:41pm

this sounds strange. Can you please do a complete re-install and strictly follow the documentation? If this does not help, please raise an issue on GitHub.

csphoon · June 24, 2022, 2:41am

I have exactly this issue as well. Did a fresh OS+HA installation, I still get the same error in the log as above.

My setup
Operating System : Ubuntu 22.04 LTS
Docker version : 20.10.17
HA Core : core-2022.6.6

Any help is appreciated.
p/s : I have added domain & tunnel name in the cloudflared configuration.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
curl: (7) Couldn’t connect to server
[10:35:13] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
curl: (7) Couldn’t connect to server
[10:35:13] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[10:35:14] INFO: Checking Add-on config…
[10:35:14] FATAL: ‘external_hostname’ is empty, please enter a valid String
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

elcajon · June 24, 2022, 8:15am

The installation of HA-supervised on Ubuntu is not supported. Therefore not everything is working as expected.

github.com

home-assistant/architecture/blob/d1639d2c8b1ac697aa95d2177d1db2cac0cf2f97/adr/0014-home-assistant-supervised.md#supported-operating-system-system-dependencies-and-versions

# 0014. Installation method: Home Assistant Supervised

Date: 2020-06-03

## Status

Accepted

## Context

Define a supported installation method as per [ADR-0012](https://github.com/home-assistant/architecture/blob/master/adr/0012-define-supported-installation-method.md).

## Decision

This installation method provides the full Home Assistant experience on a regular operating system. This means, all components from the Home Assistant method are used, except for the Home Assistant Operating System. This system will run the Home Assistant Supervisor. The Supervisor is not just an application, it is a full appliance that manages the whole system. It will clean up, repair or reset settings to default if they no longer match expected values.

By not using the Home Assistant Operating System, the user is responsible for making sure that all required components are installed and maintained. Required components and their versions will change over time. Home Assistant Supervised is provided as-is as a foundation for community supported do-it-yourself solutions. We only accept bug reports for issues that have been reproduced on a freshly installed, fully updated Debian with no additional packages.

This method is considered advanced and should only be used if one is an expert in managing a Linux operating system, Docker and networking.

This file has been truncated. show original

yousaf465 · June 26, 2022, 4:15am

facing this in logs even though I don’t see any update

2022-06-26T04:02:09Z WRN Your version 2022.6.1 is outdated. We recommend upgrading it to 2022.6.3

ferbulous · June 26, 2022, 2:47pm

Hi, thanks for this addon.
I installed it after following tutorial from this channel

My only issue is I can’t access my homeassistant with secure https, it just brings me an error page

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
-----------------------------------------------------------
 Add-on: Cloudflared
 Use a Cloudflared tunnel (formerly Argo Tunnel) to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
 Add-on version: 2.0.3
 You are running the latest version of this add-on.
 System: Raspbian GNU/Linux 11 (bullseye)  (armv7 / raspberrypi4)
 Home Assistant Core: 2022.6.6
 Home Assistant Supervisor: 2022.05.3
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[22:52:19] INFO: Checking Add-on config...
[22:52:21] INFO: Checking for existing certificate...
[22:52:21] INFO: Existing certificate found
[22:52:21] INFO: Checking for existing tunnel...
[22:52:21] INFO: Existing tunnel with ID my-tunnel-id found
[22:52:21] INFO: Checking if existing tunnel matches name given in config
[22:52:22] INFO: Existing Cloudflare tunnnel name matches config, proceeding with existing tunnel file
[22:52:22] INFO: Creating config file...
[22:52:24] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[22:52:24] INFO: Creating new DNS entry sulihassio.ml...
2022-06-26T14:52:25Z INF myhassdomain is already configured to route to your tunnel tunnelID=my-tunnel-id
[22:52:26] INFO: Finished setting-up the Cloudflare tunnel
s6-rc: info: service init-cloudflared-config successfully started
s6-rc: info: service cloudflared: starting
s6-rc: info: service cloudflared successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
[22:52:26] INFO: Connecting Cloudflared Tunnel...
2022-06-26T14:52:26Z INF Starting tunnel tunnelID=my-tunnel-id
2022-06-26T14:52:26Z INF Version 2022.6.3
2022-06-26T14:52:26Z INF GOOS: linux, GOVersion: go1.17.10, GoArch: arm
2022-06-26T14:52:26Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info no-autoupdate:true origincert:/data/cert.pem]
2022-06-26T14:52:26Z INF Generated Connector ID: 138c25d4-e56f-4ea3-8c75-f835b1327806
2022-06-26T14:52:27Z INF Initial protocol quic
2022-06-26T14:52:27Z INF Starting metrics server on 127.0.0.1:46857/metrics
2022/06/26 22:52:27 failed to sufficiently increase receive buffer size (was: 176 kiB, wanted: 2048 kiB, got: 352 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022-06-26T14:52:28Z INF Connection 7ce8aad0-6eb1-47ac-a2dc-b5ca7d54e069 registered connIndex=0 ip=198.41.200.233 location=SIN
2022-06-26T14:52:28Z INF Connection f7d1ef6b-02fe-4aa0-8477-45841b8ca93b registered connIndex=1 ip=198.41.192.107 location=KUL
2022-06-26T14:52:30Z INF Connection db7571a2-cdf6-4517-9456-467e7443d6e8 registered connIndex=2 ip=198.41.200.113 location=SIN
2022-06-26T14:52:31Z INF Connection 858c3687-b8d5-41f2-ba4d-2eca28a00e2e registered connIndex=3 ip=198.41.192.47 location=KUL

Could there be anything else I’m missing to get that part working?

eriol · June 26, 2022, 7:57pm

You have to activate SSL in cloudflare and remove duckdns and any other SSL add-on from home assistant. cloudflared manages the SSL and the certificates

fokcuk · June 28, 2022, 8:32am

How do I uninstall and get the cloudflare back to how it was? Tunnel did not work and now I cannot get to my HA via internet =(
OK, found it on CF DNS settings. Maybe you should add on your doco how to revert things back

drthanwho · July 2, 2022, 11:21am

This is quite powerful but was wondering how can you limit the access. For example if I want to expose a service to a subdomain if that service has no login credentials it’s not safe at all. As anyone that might find the subdomain and domain name would just be able to get to it.

With normal DNS records to a subdomain (so simple A record) I can add Zero Trust on top of it and have Cloudflare ask for authentication before proceeding to that subdomain. But if I try the same for the subdomain defined by the tunnel/addon it’s just ignored completely like it’s not there.