Not Able to access using cloudflared

BUGBEAR · September 12, 2022, 10:02am

Hello

I recently switched my Internet service provider. Worst thing is they use CG-NAT and I am also not able to get static IPv4 to forward the port . Previously I was using cloudflared for haaska alexa integration. After switching ISP I am having very hard time accessing HA . Cloudflare keep dropping the connection sometimes it works and sometimes it does not and so does the Alexa.
Tried many things to get it working like my current ISP provide port forwarding over IPv6 , with duckdns and lets encrypt I got external access over ipv6 but haaska fails to connect , as far I know it does not work with ipv6
Also tried VPS to forward a port but that did not work out either.
I now finally installed the tailscale with subnet-routes in my home server . Connected tailscale to a VPS. Installed cloudflared in the VPS and routed it to use tailscale subnet route to use homeassistant. As homeassistnat I also added my radarr , sonarr and plex sub domain to the tunnel . All other sub domains are working but homeassistant is not accessible . When I was using cloudflared addon I used http trusted_proxies . I added my tailscale VPS IP and my home server tailscale IP to my trusted_proxies but I am still getting white blank page when I try to access HA.

This is my config.yaml for cloudflared

tunnel: 7b5d5ddb-f50f-477f-8bxx-xxxxxx
credentials-file: /root/.cloudflared/7b5d5ddb-f50f-477f-8bxx-xxxxxx.json

ingress:
  - hostname: myxxxxx.xx
    service: http://100.99.123.113:8123
  - hostname: radarr.mymyxxxxx.xx
    service: http://100.99.123.113:7878
  - hostname: sonarr.mymyxxxxx.xx
    service: http://100.99.123.113:8989
  - hostname: qbit.mymyxxxxx.xx
    service: http://100.99.123.113:8080
  - hostname: plex.myxxxxx.xx
    service: http://100.99.123.113:32400
  - service: http_status:404

This is my configuration.yml in homeassistant

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 100.106.103.33  #tailscale_VPS_IP
    - 100.99.123.113  #tailscale_homeserver_IP
    - 172.17.0.1
    - 172.30.32.1
    - 192.168.0.38
    - 192.168.0.111 #homeserver_IP
    - 198.xx.xx.xx. #VPS_IPv4

I do not understand what I am doing wrong , as the other domains are accessible that means cloudflared tunnel is working fine but only homeassistant is not accessible. Please help me with this

grandpa · December 18, 2023, 10:17am

Old topic, so I feel you already solved your problem.
I am writing just to share my own experience while moving already prepared home assistant to new location: tunnel definition in cloudFlare zero trust must have host definition matching IP address assigned by the router serving the HA via DHCP or static reservations (I do use static reserviations per MAC at router, DHCP configured on HA).
Without this detail, tunnel is reported being healthy by CloudFlare, but host does not react to external sessions.
I hope it is clear and may help others.