At the moment, configuration for remotely accessing your home assistant installation requires that you either pay for Home Assistant Cloud or perform a rather complex setup to get a domain name, a SSL certificate, and forward ports from your home router to your home assistant installation.
Some of you might be unable to forward ports, or don’t want to mess with the complexities of things like DuckDNS and LetsEncrypt for certs.
This guide is designed to describe how you can use a free service offered by cloudflare to get your home assistant installation online.
What is try.cloudflare.com
It is a completely free service (doesn’t even require an account) that allows you to create a tunnel from a service (in our case Home Assistant) running on your home network to a randomly generated domain name provided by Cloudflare. The service is completely free to use, but it does not have guaranteed uptime and is often used to test new features. However, in my testing it has been rock solid and I’ve had zero issues.
Feel free to checkout the Cloudflare blog post for more info on how it works: https://blog.cloudflare.com/a-free-argo-tunnel-for-your-next-project/
The major advantage is that you do not need to open ports on your firewall or have a public IP address from your ISP. This allows your to with a single command get remote access to your home assistant installation regardless of how you get internet.
Each time the add-on starts you will get a new URL from Cloudflare, at the moment this is unavoidable, so please be aware that you may need to update the URL you use each time the add-on restarts.
I’ve created an add-on which you can add to Home Assistant OS at the link above. You’ll need to install it (for now installation make take a while as it does local builds).
- Read Installing third party add-ons. Repository URL can be found at try.cloudflare.com addon
- Click on the
- Once installed configure the URL in to point to your local HTTP URL for Home Assistant, e.g.,
- Start the add-on
- Go to the
Logsand you should see a URL for
try.cloudflare.com. That will be your new External URL to access Home Assistant.
- Try to connect and log in using the External URL. It should not work - see next step
- Starting HA 2021.7, you need to configure reverse proxy by adding the following lines in your
http: use_x_forwarded_for: true trusted_proxies: - xxx.xxx.xxx.xxxx
xxx.xxx.xxx.xxxxwith the IP Address that are being blocked by Home Assistant - this can be found by looking at
Configuration --> Logs
- Restart Home Assistant through
Configuration --> Server Control --> Restart (Server Management)
- Try to use the External URL to connect to Home Assistant - now it should work!
This is entirely dependent on your installation method, but regardless of your how you have Home Assistant installed you’ll need to download the cloudflared binary.
- Download the latest cloudflared binary for your system. (You can even run it on your computer)
- Once downloaded you’ll need to open your command line or terminal on your computer.
- You’ll navigate to the folder from your download of cloudflared.
- Run the command
./cloudflared tunnel --url http://<home assistant local ip>:8123
- Wait for the cloudflared app to give you a domain name.
- Access your home assistant installation by going to that URL.
Note: you’ll need to keep the cloudflared app running in the background to keep things operational.
Since home assistant using this method will be running and backed by Cloudflare there are some protections they provide out of the box that will already be better than just raw port forwarding. However, is is strongly recommended to enable IP banning in your home assistant installation for failed login attempts to ensure things are kept secure, see: HTTP - Home Assistant for more info on how to setup a login attempt threshold and enable IP banning.