gtag('config', 'G-0PFHD683JR');
Price Prediction

Replace my original setting with the Cloudflare tunnel: preparation

Photo of News Fetcher News Fetcher14 hours ago
0 0 6 minutes read

I still take care of my home assistant. This week, I replaced my original setting with the Cloudflare tunnel.

This is the sixth publication in the Focus Assistant Home Assistant series. Other jobs include:

Initial preparation

My home assistant is used from the beginning.

I achieved this in two steps:

  • I created a sub -range from frankel.chWhich referred to the outer IP of my router.
  • On my router, I opened a dedicated port. In turn, the router has redirect requests to a home assistant.

The following procedure was to secure communications via SSL certificate. I initially targeted MTLS, but I couldn’t achieve it because the iPhone Ha did not support it. However, the encrypted connection to my servant was a difficult requirement.

The good news is that the times when SSL certificates were a luxurious feature. Let’s cushion make it available to everyone for free.

Let’s form problem certificates through the automatic application programming interface based on the ACME protocol.

In order to interact with API Let’s Encrypt and obtain a certificate, a part of the program is called “ACME” is required. There is no part of the process of obtaining a certificate that occurs on this site, which is just media information.

Start

Haa provides a rich additional ecosystem: one of them integrates Encrypt. The additional function operates is flawless, but it is specific in its approach: the additions of Haa work continuously. With this certificate, you can create a certificate to start the additional job.

Let’s take a way of viewing an opinion about the period when the certificates are valid. The shelf life is 90 days, and it is not allowed to exceed. In addition, the official website Let’s Encrypt is recommended to rotate your certificate every 60 days.

that it very Uncomfortable when an installed certificate ends – don’t ask me how I know. Until this year, let’s send email messages a reminder at some point before the expiration date; They didn’t. To avoid occurring again, I created a HA automation to start adding for me. Fun truth: By implementing the Cloudflare tunnel, I noticed that I had made a mistake in forming automation!

While this preparation works in general, there were two things that disturb me in my face:

  • I already use the HTTPS port for my router for another field. My router is unable to manage two sub -clubs at the same port. Thus, I had to open another outlet. It is difficult to remember the outlet from the field.
  • Automation is an additional animated piece, it can fail, as mentioned above. The best to maintain automation that focuses on the home part rather than the basic infrastructure.

Cloudflare tunnel for home assistant

I stumbled on the integration of the Cloudflare tunnel during browsing /R /Homeassistant one day and realized that it would solve my problems. A few convincing reasons came in my mind:

  • I am a happy user Cloudflare
  • With the Cloudflare tunnel, you don’t need to open an outlet on your router
  • The addition is a simple dead to use
  • I have never tried the Cloudflare tunnel, and this is a new shiny game I wanted to play with it!

Cloudflare Tunnel provides you with a safe way to connect your resources to Cloudflare without the IP address openly. With the tunnel, do not send traffic to an external IP address – instead, lightweight hidden in your infrastructure (cloudflaredCreate external connections only for the global Cloudflare network. Cloudflare Tunnel can connect HTTP website, SSH and desktops safely and other protocols to Cloudflare. In this way, your assets can serve traffic through Cloudflare without being vulnerable to attacks that go beyond Cloudflare.

Return to our reference structure for details on how to implement the Cloudflare tunnel in the current infrastructure.

Cloudflared creates external connections (tunnels) between your resources and the global Cloudflare network. Tunnels are ongoing organisms linking traffic to DNS records. Inside the same tunnel, you can run the largest number of “cloudflared” operations as needed. These operations will create contacts to Cloudflare and send traffic to the nearest Cloudflare data center.

Cloudflare tunnel

The additional societal function of the CLODFLERE Tunnel Integration Management in Ha is Cloudflared. After adding it to Ha, you can configure it in two ways:

  • The simple road: You can set the sub -field, and let the assistant take care of the rest. It creates the URL that leads you to Cloudflare, documenting, and the assistant works its magic, including downloading and operating the agent.
  • Advanced method: You can create the tunnel on Cloudflare, get the distinctive symbol, and manually form the additional function.

I chose the previous, and it works as expected. However, I made a big mistake: I set the same sub -range as the current range, and the additional writing of the current configuration without any warning. The lesson learned – make sure to set a new sub -range!

The next step is to form a proxying in Ha if you don’t do it before. By default, Ha ignores requests that come from agents. To allow cloudflared (The process, not the Cloudflare itself) The agent’s request, we need to allow it explicitly, and identify the IP elements that we allow.

http:
  server_port: 443                                          #1
  ssl_certificate: /ssl/fullchain.pem                       #1
  ssl_key: /ssl/privkey.pem                                 #1
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24                                        #2
  1. The old configuration of Let’s Encrypt AdD-on
  2. Allow requests from the local cloudflared practical

At this stage, the preparation works. Sending requests to the new field will reach the HA via the Cloudflare tunnel. I could stop there, but smart readers will notice that I only finished half of the mission: the addition to Encrypt is still present. It is not logical to use SSL inside the tunnel.

Remove, let’s script the additional function

The idea is to remove the addition to Encrypt as well as to clean the SSL composition. Simply, the latter cannot be removed as it is.

I suggest you disable access from remotely, then remove the SSL configuration, then install only one Cloudflare. I did not, because I wanted to be able to back down if necessary. If you are interested in my problems, do not hesitate to read.

SSH enabled first!: If you start tampering with HTTP Access, there is an enormous opportunity, it will be closed from the user interface. If you lose access, your only choice will be to reset the factory. Before changing the critical composition, make sure you have an alternative. The user interface can be across a local network, but SSH is a SURER. Ha provides the additional SSH function. Install it before anything else.

The Cloudflared environment is used to create its configuration when it starts, anySSL and the port. It prepares the same parameters on the distant Cloudflare tunnel. You cannot change either of them. On the side of Cloudflare, it says it runs locally. On the side of Ha, there is no way to reach the formation parameters, at least those that govern the tunnel.

I went to the Cloudflare console and moved to a remote formation. Beware that there is no way to go back: as soon as it is managed from a distance, you cannot be deported to local configuration. Go to The name of the general host Tab, on line homeassistant Tunnel, click Restricting. This is the composition:

the homeassistant The internal field for Ha: It is a specific value. because cloudflared It works on Ha, you must keep it as it is. Also, the HA virtual port is 8123.

To use the new configuration, go to summary Your tunnel tab. in Install and operate a conductor Section, locate command lines, and copy the distinctive code value yet install. Paste in the Cloudflare tunnel field adding to Ha Cloudflared. The documents state that when they have value, the additional function ignores all other training parameters.

You can now remove parameters related to Server_Port and SSL from the composition above. Then, restore a hectare.

At this stage, you should be able to reach Ha through the sub -range via the tunnel. It is time to remove the additional function, SSH Legacy, and the text of renewal.

conclusion

In this post, we installed Cloudflare Tunnel to allow safe access to Ha Ui. If you installed it on a new haa, the process is clear. If you replace an existing preparation, like the SSL of Let’s Encrypt, it becomes a little more complicated, but not impossible. Either way, we only benefit from Cloudflare SSL certificates but also from automating certificates renewal.

To go further:

It was originally published in Java Al -Mahaoub on May 11, 2025

Photo of News Fetcher News Fetcher14 hours ago
0 0 6 minutes read
Photo of News Fetcher

News Fetcher

Related Articles

Kansas approves Bitcoin ETF investments for state pension fund under new bill

Kansas approves Bitcoin ETF investments for state pension fund under new bill

January 23, 2025
You see the investment funds circulated in Bitcoin Spot Drawdown, but this is why running running

You see the investment funds circulated in Bitcoin Spot Drawdown, but this is why running running

4 weeks ago
Cryptocurrency mixer Tornado Cash has been acquitted of OFAC sanctions by a US court

Cryptocurrency mixer Tornado Cash has been acquitted of OFAC sanctions by a US court

January 22, 2025
Expert analyst warns bitcoin/Vix of ascending, these are the bear market signals

Expert analyst warns bitcoin/Vix of ascending, these are the bear market signals

April 13, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button