Securing Home Assistant with Cloudflare

Tags: #<Tag:0x00007f32861e4398>

Cloudflare provides a free CDN (content delivery network) that can sit in-front of your Home Assistant installation. It provides a free and automatically renewed SSL certificate on a custom domain, DDoS protection and a firewall you can protect your Home Assistant with.

I wrote a detailed guide on setting it up for a Home Assistant installation.

Hopefully its useful to you!

7 Likes

you could also use cloudflare access which is also free up to 5 user to harden your hass more on top what you already have done.

https://developers.cloudflare.com/access/

Matt, thanks for the guide, that was really clear to follow. I hit a persistent snag, in that I get a 522 (Host) Error from CloudFlare via my HASS OS but figured out that my config wasn’t free of errors. Testing with the internal and external IP (something you had mentioned which bypasses CloudFlare obviously) helped me narrow down the root cause. I’m now very happy to have secure external access to my HA dashboards for the first time. A bonus that CloudFlare has a free tier that covers the implementation. Thanks again!

The path for my installation is: User - CloudFlare - CPE Router - Unifi SG - Cisco 3650 - Hass OS

Good write up. Last thing on my list is to set up a firewall rule on my pf sense box to only accept traffic from cloudflare.

@MattHodge is this still accurate? I ran in to some issues when I followed the guide. Maybe I was too impatient for Cloudflare to cache… Just checking. I’m using Nabu Casa for now, but will try to migrate to my own domain again soon.

Just set up a cloudflare IP alias on pfsense to only allow traffic through their proxies. I ended up just using pfsense for all the firewalling, geoIP blocking, and reverse proxy with SSL termination. I followed your basic flow though. Good stuff. Thanks for sharing!