I’m building out my HA environment, having moved from Homebridge on a Raspberry Pi to a Mini-PC with Proxmox and a series of VM/containers.
My immediate challenge is setting up external access for two use cases:
- Access to NA, Proxmox and other VMs from outside my NATed network
- EASY, wife-proof, access to devices, automations and location (think home/away data)
I’ve completed and chosen Cloudflare as the means to accomplish #1. This is setup and working well. I employ an email inclusion list that sends an OTP to allow access to the Cloudflare tunnel, which connects via a Cloudflared container running on my Mini-PC. Works great!
My challenge is with respect to #2 above. And perhaps I’m overthinking/trying to do too much here. At first I approached this to use the HA Companion App on iOS (we are a 100% Apple family for now). For the life of me, this is a hot mess; I can’t seem to have two factor for access via my tunnel and actually get the Companion App to login in/authenticate. (I also broke ALL access to HA, and had to use the CLI in Proxmox to edit configuration.yaml and restart the HA VM – I basically locked my keys in the car 
)
Knowing when folks are home and exposing access to some devices/automations was also on my list. Is the Companion App the way folks set home/away status for family members? Or do I ditch the Companion App altogether and use HomeKit/Apple Home to expose devices/automation as well as Apple’s ability to help determine family member’s location?
How have others approached/set this up? If there’s a standard/easy way, please share links – I’m relatively self-service here.
That said, if there’s one thing I could use a set of brains on… How should I approach the http: tag in configuration.yaml? What should be set under the trusted_proxies: section – as it relates to the Cloudflare tunnel and perhaps, external access – has me stumped. LOL.