EVEN EASIER way to use Cloudflare Tunnels to access Home Assistant and remote network access.
Рет қаралды 53,795
Күн бұрынThis is a follow-up video to my Cloudflare Tunnels video. This time I'm using the Cloudflared Home Assistant Add-on to create and manage the tunnels. It makes it MUCH easier!
LINKS:
Cloudflared: github.com/brenner-tobias/add...
Cloudflared Repo: github.com/brenner-tobias/ha-...
Cloudflare Tunnel Vid: • SUPER EASY! Secure Rem...
Support this channel by becoming a member:
/ @mostlychris
Discord: / discord
If you would like to support me:
Buy me a beverage: ko-fi.com/mostlychris
Become a patron: / mostlychris
Products I reference in my videos (contains affiliate links)
www.mostlychris.com/my-smart-...
My Website: www.mostlychris.com
DISCLAIMER: Some of the links above take you to affiliate sites that may or may not pay a small commission to me. It doesn't increase the cost to you, but it does help support me in making these videos.
Want to send me something? Send it here!
Mostlychris
24165 IH-10 West
STE 217 Box 164
San Antonio, TX 78257
#HomeAssistant
#HomeAutomation
#SmartHome
#cloudflare
00:00 Intro
00:43 Cloudflared Overview
02:32 Prerequisites
03:42 Add Cloudflared Repository
04:40 Install Cloudflared Add-On
07:14 Verify Tunnel
08:16 Add Additional Hosts
10:11 Verify Additional Host
11:18 Securing Applications Overview
12:40 Set Trusted Proxy!!
15:25 Locally Managed Tunnel
16:13 Final Thoughts and Wrap
@edwestaurora Жыл бұрын
Thanks Chris! I have been running my HA setup with Cloudflare for a couple of months and I love it. So much easier and things are more stable now. I would recommend this setup for everyone on HA. Good job on the content.
@mostlychris Жыл бұрын
Thanks!
@rteune2416 5 ай бұрын
Awesome Chris, was using Nginx Proxy Manager but that was just an extra step that wasn't needed for my setup. This cloudflared setup seems so easy and no open ports on router. Thanks
@fixitman2174 Жыл бұрын
I'll stay with Nabu Casa for my primary access. If I have any issues, I'll set this up as an alternative. Thanks for the easy to follow instructions.
@mostlychris Жыл бұрын
Outstanding! Yeah, it's an alternative. I still support Nabu regardless of any other method I use. Keeps the lights on for future development.
@gerrishp22 Жыл бұрын
Great Video Chris. I am just dipping my toe in Cloudfare and this was a great start. Got caught on the 400: Bad Reguest - but quickly realized I had to enter the http: in my configuration.yaml
@mostlychris Жыл бұрын
Good catch! Thanks for watching.
@chucksw1 Жыл бұрын
Ahh good working now !! I was getting 400: Bad Request untill I added the config at the end of the video where you mentioned you must add the lines to the configuration.yaml file! Thanks so much!
@mostlychris Жыл бұрын
Good job. Yep, that proxy line is very important.
@davidsomething4867 Жыл бұрын
Thanks Chris. Was looking at Cloudflare tunnels as a separate server when stumbled on this video. I'm running in docker so had to add the IP address of the gateway of the docker to the config under the http section. Also I'm still running the default port 8123 so had to also add the host as an additional host adding this port. But yep it is all working fine now after doing those few things.
@mostlychris Жыл бұрын
Excellent. Congrats!
@davidsomething4867 Жыл бұрын
@@mostlychris Jus an update, I seem to have a problem when Cloudflared restarts, it try's to recreate a CNAME in DNS but fails as one exists. To fix I go into DNS settings in CloudFlare portal and remove the CNAMEs, did take me a while to work out that I can jus delete the entries auto created. However if I am not at home I cannot restart the service in Home Assistant. Have you come across this issue? But it certainly does work apart from the DNS issues, lol.
@LarsvanZon Жыл бұрын
Clearly explained, good work. I was looking into Cloudflare, but your video made clear to me that for simplicity and security, I better stay with my Zerotier solution. That is free as well, doesn't need a domain, and will only work with pre-authenticated devices. What I like about Cloudflare is the ability to expand easily to other servers.
@giannism7157 Жыл бұрын
Thank you for this great tutorial. I was struggling with remote access to HA for a long time because it is hard to get my ISP to open port's.
@mostlychris Жыл бұрын
Thanks for watching!
@TiaLikely Жыл бұрын
Thank you, super helpful! Video was really detailed and clear which I greatly appreciate.
@mostlychris Жыл бұрын
You're welcome. Thanks for watching!
@BerkeleyTowers Жыл бұрын
Nice one Chris.... I migrated to the Cloudflare GUI and find it super easy to add any of my Unraid dockers...... and no need for NPM either.............
@mostlychris Жыл бұрын
Excellent!
@danfitzpatrick4112 Жыл бұрын
Very cool stuff Chris! Thank you!
@mostlychris Жыл бұрын
Thanks for watching and subscribing!
@rpolverini Жыл бұрын
Thanks Chris!! you are the man!!! great Job!!! I was looking the way to make it easy and FREE, I support nabucasa too, but in some regions, pay 6 or 7 USD montly, that really is cheap service, is Hard for many people!! then this is a great alternative!
@maartenplatenburg9947 Жыл бұрын
Loved the video. I have one question after watching this video and also your older video on Cloudflare. In your first video you mention setting SSL/TLS encryption mode in Cloudflare to Full (strict). You do not mention that here. Is it still relevant? I tried to search for this but could not come up with a definite answer. Thanks!
@cristianocariani Жыл бұрын
Thanks for your very clear guide I was able to reach HA from my tablet outside my home and assign various addresses to my docker containers. However I ask how can I ssh to my Raspberry from remote Terminal through my cloudflare domain on port 22, I've tried a lot but it doesn't work. Is there any way to do this? Thanks
@iceman3k236 Жыл бұрын
What about putting up an application authentication rule with login required through cloudflare? How do we get the mobile app, on the public internet, to authenticate and communicate?
@user-ks8gz8qx3j Жыл бұрын
great video. have had this working for a couple months then just recently the cloudflare tunnel as visible from the cloudflare tunnels status dashboard shows that the tunnel bounces down then up on a regular basis.
@florianderidder9322 Жыл бұрын
Great vid! Can additional hosts be used to ssh from outside my network to a machine on my local network? (on the same network as HA)
@orbit7979 10 ай бұрын
Great video, thanks! Wondering why you changed the tunnel name though. Does it make any difference?
@oriongamingtv1401 Жыл бұрын
any idea why id get a 400:bad request when i use my domain after following your steps?
@chnillapoil0150 Жыл бұрын
Work like a charm thank you.
@mostlychris Жыл бұрын
Excelletnt! Thanks for watching!
@IrfanJiwa Жыл бұрын
Thanks for the video, up until 7mins all ok, tunnel is showing active. But when i try to access my domain, I get a defaut domain parking page. I checked the DNS serves have updated to cloudflare so not sure what else to do!
@safari433_ Жыл бұрын
I did the last video and i could open a connection. I try to use a internal reverse proxy but i got errors that i could not resolve yet. But, thanks so much for your contribution!!!
@heiaheiaheiahei Жыл бұрын
clear instructions, many thanks.
@mostlychris Жыл бұрын
You are welcome!
@myhometvaccount9365 Жыл бұрын
followed the video, tunnel is all up and running but i am getting a 400: Bad Request error ??
@pieronompleggio3910 Жыл бұрын
Great Video, thank you! I see that the site can be reached via https, do I need to install let's encrypt or is the connection already secure?
@kasek4164 Жыл бұрын
so i guess i have to buy a domain address first to use this or am i misunderstanding?
@user-lk3jl5iv7w 11 ай бұрын
Is there still an port restriction of the port numbers to use from Cloudflare if you use cloudflared?
@adamjjay 11 ай бұрын
On the verge of quitting this if anyone can help. Ive mixed and matched this video with the original i.e. creating account with clouldflare, doing the domain stuff etc. Not touched my router in any way, which I understand is right/not needed. Im getting this error in the zero trust logs which I can't work out. I disabled the ssl thing. Do I need to be routing any traffic manually or has Cloudflare done everything automatically? "error": "Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp EXTERNALIP:8123: connect: connection refused"
@krayzieegg7294 Жыл бұрын
sir nice vid but i need help... i tried loging in remotely but i get this error: login blocked: user cannot authenticate remotely. cloudflare no ports open. i also dont see A record on cloudflare not sure if its needed. i finally figured it out: people->your account->un ticked can only log in from local network. thanks you
@manukalias Ай бұрын
Hi Chris, I am using cloudflared on OMV running on RPi, I did created additional public hostname and can individually access HA from one URL OMV from another URL One thing I find no video or tutorials where One could use Same Tunnel to access a OMV Based NAS Drive remotely. On Android, Cx File explorer can be used to connect easily using cloudflared hostname to access the NAS. I am sure if you could cover that in a video it should attract lot's of views and subscribers 🙏🙏
@debnathmriganka2010 Жыл бұрын
Sir Can you help me one thing i am using cloudflare tunner, to access localhost, it is working but when i am trying to access RDP it is not working can you please help sir.
@jeffer8762 Жыл бұрын
secure the HA endpoint with cloudflare access, something like 2FA, rather than only allow US origin, incase you are accessing it oversea when u are traveling
@surfingnoid Жыл бұрын
Great video!
@mostlychris Жыл бұрын
Thanks!
@dssguy11 Жыл бұрын
now how do we get google assistant working with this?
@MichaelVanBladel Жыл бұрын
just bricked my HA after adding the trusted proxy and rebooting. no idea what went wrong but restoring a 2 month old backup now so i'll have a bit of work now haha. always backup your stuff before doing any tinkering my dudes
@mostlychris Жыл бұрын
Always. Back. Up. On my dashboard on my desk is card with the last backup. When I'm about to push the button for something major, I look at the date on that card to make sure it was the night before.
@mikepeterson443 Жыл бұрын
Although I appreciate the ease of the addon, I learned to do it the "long" way and glad I did, because I needed some other types of connections such as ssh/vnc/rdp. I'm not sure if that's possible without configuring those on the CloudFlare interface.
@mostlychris Жыл бұрын
Your use case is a bit more advanced and it sounds like you understand how to set that up.
@leecurcio6132 11 ай бұрын
Is it possible to access it with the app instead of using Safari? Thanks
@Ajicles Жыл бұрын
I was going the antilazy way of setting up a pfsense firewall on the Oracle free tier service. Setup a IPsec tunnel to home and NATing everything to my home firewall (wan is DHCP) and send it to my internal NGX proxy server to handle SSL encryption. This seems a bit more convenient. Going to try Azure Application proxy as well.
@mostlychris Жыл бұрын
Lots of stuff there. This is definitely simpler, but everyone's use cases are different.
@SpencerBrownJM Жыл бұрын
Can you expose VaultWarden from your other video using the same method?
@oldstonedpanda Жыл бұрын
I simply added HA to my ZeroTier network and it works flawlessly. $0 cost and no config, not sure if Cloudflare cost money. Well, you have to setup the ZT network...
@mostlychris Жыл бұрын
I discuss Zerotier as an option as well. There are many options available out there. I try to cover different methods so that one can choose the best one for their needs.
@dablet 8 ай бұрын
i dont understand how you have HTTPS working at 7:38. mine is insecured when i acess my domain name
@DanangWidiantoro Жыл бұрын
can we expose the devices to alexa via cloudflared?
@juanrivera4938 Жыл бұрын
thanks so much! a question for everyone :) between nabucasa and cloudflare, what is your experience in speed? is cloudflare much better?
@mostlychris Жыл бұрын
I don't notice any difference.
@2bagsOfChips2k2 Жыл бұрын
Will this solution work with Alexa?
@Craigslistmist Жыл бұрын
Can this method be used with google assistant integration? It all worked fine and I can access my HA it remotely. Google console is also set up, and google home app recognizes it. But when I try to add my HA, google home gives an error that the website and the connection are not secure and doesnt let me proceed. Any suggestions to make this "secure" for google to identify? Thanks
@mostlychris Жыл бұрын
As long as your HA is reachable, I would think it would work fine. Not sure why it wouldn't as long as you are using SSL. Hopefully someone else here has an answer.
@maartenplatenburg9947 Жыл бұрын
I did do this yesterday and it worked for me. Not sure where your problem is coming from. I used this tutorial: kzbin.info/www/bejne/iKKqmpJ9fpWfqrc
@antonnemtsev6473 6 ай бұрын
Thing to keep in mind: if you will just spin up docker container with cloudflare on home assistant yellow (HA OS), it will start complaining about unsupported software :(
@ThisOldManOfTheSea Жыл бұрын
Would you know if this solution works in conjunction with a DDNS as I don’t have a permanent IP address?
@mostlychris Жыл бұрын
The tunnel makes an outbound connection and it will report the IP address so it should work fine.
@fibranijevidra 11 ай бұрын
I don't believe it could be easier than Tailscale. I am strugling to understand why is this better.
@kdelios Жыл бұрын
Great video as always Chris. With regards to the Cloudflare's WAF rule it's incomplete. As is, you allow US origin traffic, and that's all. If you want to allow ONLY US origin traffic, you need to create a second rule which blocks traffic in counties which "does not equal" to US (and place this rule fist in list order ).
@mostlychris Жыл бұрын
Ugh. I missed that. I actually have a "block non US" in the primary domain I use so at least it's working there. Thanks for the feedback.
@Shubham_Gupta_ji Жыл бұрын
How to set up ftp server
@patti4832 Жыл бұрын
It seems like there was an update to the Terms of service section 2.8 of cloudflare
@mostlychris Жыл бұрын
I'll take a look.
@marcinszczesny6329 Жыл бұрын
This is greate method but when You using this localization not working :(
@GyanGupta07 Жыл бұрын
Where is the domain name and cloudfare setup link ? It just shows in video
@mostlychris Жыл бұрын
Head over to cloudflare.com. You'll need an account and then you can get into the tunnel stuff.
@Sebastian-xf8je Жыл бұрын
The only drawback with this setup I found is I can't get Adguard DNS Rewrites to work (aka using local ip on local network)
@mostlychris Жыл бұрын
True. It's designed for connecting to hosts. I use tailscale or wireguard if I want to be "on" my local network including use of AdGuard. Check out my video on tailscale for more.
@kdelios Жыл бұрын
Not true. You can still access HA from your local network. Make sure to remove https stuff from your http part of your config file. You don't need https at your local network.
@Birukoff Жыл бұрын
Funny story how I locked myself out of my Home Assistant. First, I set up the tunnel using the addon. I didn't notice that the addon creates an SSL certificate for you (but doesn't add it to the http section of the configuration.yaml). Then I watched your your other video, remembered that I don't have SSL certificates in the config, went ahead and creates and added the certificate. "Check configuration" - all green, restart... Locked out! I had to SSH into the HA and edit the config there to access it again.
@mostlychris Жыл бұрын
Interesting. I didn't have to do anything with SSL certs. It's simply a host inside my network that the tunnel points to.
@gauthiertijtgat5193 Жыл бұрын
Hmhm. I get Bad request when I try this. Could my router be blocking ICMP requests?
@chucksw1 Жыл бұрын
I was getting 400: Bad Request, until I added the config at the end of the video where he mentioned you must add the lines to the configuration.yaml file!
@subthousandoaks Жыл бұрын
Ty
@mostlychris Жыл бұрын
yw
@Doerakker Жыл бұрын
Have been running it for a couple of months and am pretty tired with the “cannot reach you ha instance name here”
@NicolaeFratila Жыл бұрын
Isn't working properly? I paid at Nabu casa for 1 year, I shouldn't be sorry if Cloudflared is not working properly.
@EmilePolka Жыл бұрын
Well its a common issue, nothing you can do about it, even nabu casa had this issue which i encountered multiple times within that 1 month trial period. It probably had something to do with the cloud provider (regardless if its nabu casa or cf) but the issue is gone if I just port forward ha. Luckily I use pfsense so I only allowed google ASN to access ha though that port forward, works great so thats at least minimize the attack vector of my ha.
@mostlychris Жыл бұрын
Via CF you can't reach it?
@jpmiller25 Жыл бұрын
I’ve been running with cloudflare tunnels for over a year and never had this error. Only time it’s down is when my server is down for a separate reason
@hsmptg Жыл бұрын
Hi Have you tried to use this method to ssh to your server? Regards
@mostlychris Жыл бұрын
I have not, but it is do-able.
@GottaHache Жыл бұрын
Nice - Twingate is much easier to set up though
@adamgreenberg3583 Жыл бұрын
Thanks for this video. Great job and really easy to follow and set up. I am trying to add a replica instance of cloudflared (for redundancy purposes) to another server of mine that runs docker. The use case here is if something happens to my home assistant and it shuts down, I'd lose access to all of my services which are accessed via subdomains if I was not at home, including the pikvm which gets me onto the computer where home assistant runs. I set up the replica and it works perfectly for all my other subdomains, but not home assistant. Sometimes it works, and sometimes it doesn't. I figure this is based on which cloudflared instance my cloudflare tunnel is using for any given request..I get a 400: bad connection message. I have added some additional entries in my config file that I believe are the addresses of my docker network and computer running docker but can't get it to work. Has anyone else been able to get a replica instance of cloudflared running in docker to work with home assistant? Would this be an idea for a follow-up video on cloudflare tunnels for home assistant?
@darrelriley Жыл бұрын
Does this require Domain fees ??
@mostlychris Жыл бұрын
You will need a domain name and usually there is a nominal fee involved.
@lewiskelly14 Жыл бұрын
I'm glad there are other ways... I would love to financially support home assistant by buying their cloud service but I find it overprised
@mostlychris Жыл бұрын
That's the beauty of it. HA doesn't force you to use their cloud for access. It's available if you want to support them. It does make smart speaker control of entities super simple.
@lewiskelly14 Жыл бұрын
@@mostlychris Absolutely, but I'd be more likely to financially support them if the cloud service was better priced, personally
@Wandering_Kerrs Жыл бұрын
How does this compare to using Tailscale? I have been using Tailscale for about a year to access my HA instances. Is Cloudfare superior enough to warrant achange?
@mostlychris Жыл бұрын
It is a different application. The technologies might be similar but they operate differently. If you've got something working, I'd leave it. One main difference is that you don't have to have tailscale installed and running to access your host(s).
@Wandering_Kerrs Жыл бұрын
@@mostlychris Thanks for your response. I might look into it one day. Thanks!
@shadow.banned Жыл бұрын
My goodness, that is... kind of a lot.
@T4cC0re Жыл бұрын
Please consider whether you think it's a good idea to provide some business to Cloudflare: en.wikipedia.org/wiki/Cloudflare#Controversies
@SandWire Жыл бұрын
I like them even more. Because what is their CEO saying is true. It's not their work to block thousands of sites. I think when there is really problematic site, that's why the police are there. They have resources to shut the site down. (translated)
@gnlgrim2 Жыл бұрын
Wonderful video and very detailed walkthrough. Got my portainer and a few other ones working no problem. The only one i cannot get to work is Proxmox. It give me a. Connection error 401: Unauthorized. After i login. Any chance you know the reason why and what i need to do
@mostlychris Жыл бұрын
Does proxmox do the same thing regarding reverse proxies that HA does. Do you have to tell proxmox to allow reverse proxy access?
mostlychris
Рет қаралды 13 М.
TESLA CAR WORLD
Рет қаралды 116 М.
Buy Smart┃Магазин ноутбуков
Рет қаралды 1,2 МЛН
lev89k
Рет қаралды 2,2 МЛН