Using Cloudflare's Argo Tunnels for Remote Access

Hey folks, here’s a guide I wrote up for using Cloudflare’s Argo Tunnels for remote access to your Home Assistant instance. If you’re looking for something other than port forwarding, VPN, or Nabu Casa - this might be worth considering.

I use this and Nabu Casa. Full guide on how to set it up using a test domain as an example. Argo Tunnels do cost $5 a month, but they can be used to tunnel other things as well, such as Proxmox, etc. Use it in conjunction with Cloudflare for Teams (I’ll write another guide later) and you’ll have your own authentication in front of it as well, using Gmail or other things.

3 Likes

They recently announced the availability of a free tier for Argo Tunnel. Can that be used with your guide?

1 Like

Thanks for posting that. I started writing the content before that announcement. I did try it recently, but the tunnels on the free one, for me at least, were still randomly-named with new names each time, and not UUID-based. So based on my testing - not quite yet.

However, I’d assume in the coming days or weeks, this will be fixed and then this can be used with no cost. I’ll try again early next week and update the content if that works.

1 Like

Please keep us updated. This sounds really interesting.

Just saw this. Argo is really great. Just spent the best part of a day updating my hassos Cloudflare plugin to support the new Named tunnel.

Awesome @latic, when will it be out with the updates on github?

You mentioned avoiding “Cloudflare for Team” authentication for remote access as the HA app wouldn’t know how to deal with that authentication. I assume the same would be true for any incoming API requests into your HA instance, for example Google Assistant manual setup.

I’m also using Cloudflare tunnels, together with Access as an extra layer of security. Everything is free now, so no worries about any costs.

There is indeed an issue with using the iOS app, but I disable Access when initialising the iOS app, and then I enable it once it’s working.

it just sucks that the iOS app can’t natively deal with it? Should be pretty simple to fix.

I don’t know. I don’t know the details of why it fails…

Hello. Thanks for the tutorial. Good job! HA works great but I’m having trouble connecting to Proxmox. I added lines to the config.yml file with a subdomain added in Cloudflare and IP Proxmox but unfortunately it doesn’t work. In Cloudflare, I added a new subdomain and assigned the same tunnel UUID to it. What may be the problem?

Does proxmox load but the login fails? Or is proxmox not loading entirely?

Hi, the guide solve getting promox working for me…thanks
The issue I have is home assistant does not work.

All I gets is a 400 : bad request on the website

I am running the free version of cloudflared.

My HA config has these line in it…

homeassistant:
  external_url: "https://ha.binky-lab.com"
  auth_providers:
    - type: homeassistant

Also.
Can you advise what the issue might be with running running cloudflared in the proxmox host OS. I am asking because you put it in VM and there must be a good reason I am missing.

1 Like

Ok adding this to the config solved the issue

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.10  #ip of PC making the proxy request

I am still interested in comments so I understand why running cloudflared directly in Proxmox is not such a great idea?

1 Like

I ran it as a VM inside Proxmox. I’m sure other options work well as well.

There should be way to access HA from native app on mobile. Yo can use Cloudflare warp as part of Access policy definition and make your mobile trusted device without additional auth as you will be auth in to the warp.

It works great. I just wonder if with the HA only tunnel you need to set up a firewall on the host machine itself? Currently, I have not set it because it only works in the local network.
Second question - I set up my cloudflare firewall to block IP from outside my country (not US). What IP range should I unblock for Google Assistant to work?

What else to set for HA security? 2FA already set

Made it up and running.

Solved my problem with nginx conection.

Problem> Anyone manage to expose extra ports over Cloudflare Tunnels ?

I am trying to install Google Assistant SDK but can’t finish the API call to the necessary ports.

You should be able to add another entry in the config file, something like:

ingress:
  - hostname: homeassistant.stringcheesefactory.com
    service: http://10.10.3.1:8123
  - hostname: service2.stringcheesefactory.com
    service: http://10.10.3.1:1234

The IP can be the same (to route to the same Home Assistant server), or something completely different… like a web server, etc.

Thanks, partially worked.

It seams that the addon tutorial is missing some steps.