EVEN EASIER way to use Cloudflare Tunnels to access Home Assistant and remote network access.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it turns out that sometimes there are just easier ways to do things [Music] I recently made a video using cloudflare tunnels to connect to home assistant remotely and to connect to things inside your network on that video I got a lot of comments asking me why I didn't just use the cloud flared add-on in home assistant well because I'm ignorant and I guess I didn't know about it or I forgot about it there are so many different things you can do in home assistant that sometimes you just don't know what they all are which is why I'm here to tell you all about stuff that I find out about and other people tell me that I'm doing wrong so we're going to talk about the cloudflare add-on today in home assistant and this add-on was written by Brenner Tobias it connects your home assistant instance via a secure tunnel to a domain or a subdomain at cloudflare and it allows you to expose your home assistant instance and other services to the internet without opening ports on your router and you can use the zero trust to further secure your connection you can add WAFF rules you can add two-factor authentication through your auth provider all kinds of stuff which I won't go into today so there's a lot of different ways to secure the tunnels and this connection as well now a disclaimer here I still support nabukasa nabukasa is the home assistant cloud and that's how you can also connect securely back to home assistant or your home assistant instance the one thing that you get with the cloudflare tunnel or this cloudflare D is that you can also expose other resources within your network if you have web servers or things like that now be careful there are some legal disclaimers on the cloudflare site that talk about what you're allowed to do things like me media servers potentially cameras you can't really stream media non-stop through the tunnel you might violate their terms of service but if you're trying to connect to home assistant or a web page or something that's running inside your network on a brief basis then this will be fine and I also say make sure you check the fine print as well all right so that's what it says here make sure you comply with cloudflare Self Serve subscription agreement when using this add-on especially section 2.8 you could breach that when streaming videos like Plex or other non-html content the idea today is not to show you how to extreme your Plex Media or anything else over this tunnel we're talking about connecting to home assistant maybe some other lightweight stuff inside your network all right so there are some prerequisites that you must do you must know about and let me zoom in here you must have a domain name using the cloudflare for DNS so this is just like my other video that I talked about if you don't have one you can uh set one up there you need to decide between a local title managed by the add-on so this add-on that we're installing today I'm going to let it manage the tunnel that's the easy part of it you can do everything I did on the other video take the token and then put it on this add-on and it will still work the same way however that defeats the purpose really of this and then this add-on should be installed but not started yet because we're going to configure it first so we're going to go through the settings here and do the local add-on or tunnel add-on setup and these steps here will create a cloud flare tunnel that will be automatically added and exposed to your home assistant instance out into the cloudflare network now it's important that you add the HTTP integration to your home assistant config uh you're going to we're going to set the external hostname we're going to change the tunnel name start the add-on and then we'll do some other stuff here so let's get started into how we set things up the first thing we need to do is add a repository to get this actual add-on into home assistant because it's not part of the home assistant add-on so if we go to add-ons we'll see what we're talking about here if I go to the add-on store here and I search for cloudflare D it doesn't exist because this is an additional repository that we will add right here so you need to add the repositories URL down here in the bottom and for that we'll go to his GitHub page and I'll go to ha add-ons and at the top in the links above you'll be able to copy his uh the URL and we'll put that over here in home assistant if I can find it there we go put it right there we'll add it and if it's successful you'll see it pop up right here and now we have this uh available to us and now if we refresh the screen and we go back and look for cloud flared you should see that in fact it's right here so now what we do is just click on that and we will install it and we're going to install it but we're not going to start it up before we start it we want to do some configuration and uh the first thing we're going to do and this is really optional but you can use this is the external host name and home assistant I'm going to call this h a yellow because that's what I'm installing this on mostly Chris demo.com now there's some other options down here as well which we aren't going to do anything with but you can change the tunnel name actually we will we will change the tunnel name it defaults to home assistant I'm going to call this uh h a yellow tunnel and that's the tunnel name that will show up on the cloudflare side and if you're doing the manual install the not recommended way the the harder way then you would put the token here but we're not going to do that today you can also set some additional hosts and we will come back to that in a little bit we're just going to get everything up and running first and then we'll talk about additional hosts click on Save and then we can go back over here to info we're going to start it up and we're going to check the logs because what's going to happen in the logs is it's going to give you a link that you need to click on and that link is going to authenticate you against the cloudflare system so here is the link down here and I will go ahead and destroy all these tunnels and things after the filming of the video so don't worry about Security on that I have got that taken care of so you will copy this link and you will paste it in your browser and it will open up cloudflare to authenticate and it's asking you to authenticate the cloudflare tunnel you pick the domain you want to authenticate it against this one's for mostly Chris demo click on authorize and now it says cloudflare has installed a certificate allowing your origin to create a tunnel to this Zone you may not close this window start your cloudflare terminal which is already started if we go over here in our logs now refresh them if everything is successful we now have connections back from our home assistant instance into the cloudflare network and in addition to that if we go into our DNS for the domain let's refresh that you should see a new subdomain attached to this domain called h a yellow that's the one we created and this is the DNS entry that it made in order for the internet to know how to get back to this instance so now what I want to do is just check the tunnel so if we go to access and we launch the zero trust bug uh button here we should be able to see that tunnel is up and running and we go here to access tunnels and now here's the hi yellow tunnel it is active and if I go in my browser to that domain let me just put that up there now you can see that we're going from cloudflare over into my new home assistant instance and this should log me in as well and now I'm logged into home assistant via cloudflare VIA a tunnel I now have a secure connection back from the internet to my home assistant instance I also have a tunnel that has been created between my home assistant instance and my local network for that matter over to cloudflare which also allows me to do some fun stuff uh which is adding some additional hosts that I can reach from here so if we go back over here now this is a tunnel that allows the connection between home assistant and cloudflare's network so what I want to do now is I want to go back into the settings and I'm going to add an additional host here and I'm going to call this blue um not mostly Chris demo .com and I you can do this in the UI but I find it a little bit easier to do this in yaml so I'm going to edit this in yaml because I'm going to do additional hosts right here and the way the format is set up is this is the format you want to use additional hosts and then you want you can add as many as you want here hostname and then the service is the IP address it goes to so if I go over here I can't really see how that is done in the UI I'm sure some of you all know how to do it in the UI like that so actually let me follow the settings here hostname is the first part so we'll put in hostname hostname and then Services right or service we'll put service down here and then in quotes 117 1601.121 and then 8123 I'm just going to pull up one of my other home assistant instances here so we can see how that works let me just make sure that is correct service yep and that's it so you have to specify the port as well and then we can save this and then we can restart the uh the deal here so about five minutes later I had to restart home assistant Pro tip if you're going to make a video after playing around with a configuration don't do a restore and then try to make the video when it's only half restored so now I have my restart button you didn't see that a minute ago it wasn't there but I've restarted or restarted the add-on actually and I have now reconnected back into my cloudflare environment if we go look at DNS now we'll see that it created a entry called Blue which points to the same tunnel location as the other one so if I open up a browser and I go now into blue it should take me about to my home assistant instance and it does okay so there we go it's now taking me to my production home assistant uh instance using that same tunnel so you could do the same thing with anything inside your environment if you wanted to add an additional uh host or whatever here it would look like this now this is the actual format if you want to do this through the UI you can you just specify a hyphen here and then hostname is what you want it to be and then service is where it points to so that's the same way you would add applications in the in the cloudflare tunnel itself or the cloudflare dashboard itself now one thing I'll talk about too is securing this a little bit and I talked about this in the other video in home assistant or in cloudflare itself under the domain names you can actually set up some security on these and I've got what I call a WAFF rule uh web application firewall rule and I allow us only connections all that does is is lower the Geo or the lower the Threat Vector it doesn't eliminate anything at all other than just giving it a smaller space a cloudflare will reject anything that's not a us only uh origin type IP address so you can add those rules you can also add some other things as well which I won't go into under security you can actually add in some rules that allows two-factor authentication so under applications you could create an application here and this application would then allow you to set security rules uh you go through all of this stuff here and you can use an identity provider to be able to log into this so if you want to put another layer of security on home assistant or whatever thing is that you're exposing you could use an identity provider and set up the authentication it'll provide you with a secondary screen to log in before you get through the tunnel so that's an option for you as well uh one other thing here that I did not talk about yet this is super super important you have to set up a trusted proxy in your configuration file home assistant blocks requests from proxies and reverse proxies you need to tell your instance to allow requests from cloudflare the add-on runs locally so ha has to trust the docker Network so home assistance installed in a Docker Network now make sure that if you're not doing the add-on like this if you're running home assistant in a different environment you have to be able to trust whatever the IP address is in our case we're running the home assistant blue the home assistant yellow anything installed with H or has OS in the the docker environment that it uses this is the IP address you would set and all you do is you go on your configuration.yaml file I use uh either terminal or file editor for today we'll just use file editor since it's easy I'll go into configuration.yaml so you just come over here find configuration.yaml and it's already open and you go down here and you find the HTTP section if you don't have one you need to create one and then I've got some other stuff in here that you can ignore the most important part is use exported for true and trusted proxies as they specify here and then you put this IP address 172 3033.0 and then that allows home assistant or tell some assistant to allow connections from the add-on into home assistant or it's not going to work you'll get some sort of error so that is the most important part of all of this make sure you have that set up when you change your configuration.yaml file you will have to restart home assistant so restart it and then do the rest of this stuff and then we talked about securing home assistant you can set up self-hosted applications all the documentations on the website here uh or it points to where it is so if you uh check the link down below I'll link this or the description down below I'll link this and you can read all of this stuff okay so we're done we've set up an app or an add-on that allows us to connect to home assistant uh securely without opening any ports on our routers or firewalls or anything else and it also allows us to specify other internal resources in our Network that will also go through the same tunnel and it's super easy most of what I've said is explanations doing the actual task probably takes you five or so minutes to set up so it is very easy and I appreciate all of you who said why didn't I use the cloud flared um the the add-on well now I have and you're right it's very easy it's easier than using the other thing one final thing to point out let me show you on their website here if I go into the tunnels uh and I try to configure this tunnel from the dashboard it's going to tell me that it's managed uh as a locally configured tunnel which means it's managed by the add-on you can choose to migrate the Ingress rules to be managed from the dashboard so you could manage it from cloudflare itself uh it doesn't cause any downtime any other configurations on the configuration file will not be migrated any changes you make locally will not be reflected so I don't know if you migrate over to the the dashboard if any of the external hosts or extra hosts that you set up we'll go over here typically you'll create an application that will then point back to the tunnel but everything is managed within the add-on itself not through the uh home or the cloudflare dashboard all right that's it super simple right you can now allow access to home assistant securely no ports open in your firewall router you can access other things on your network as well there are ways to use the nginx proxy manager through this setup it is on the documentation for the add-on which again is linked down below you can read all about that too much for this video uh thank you for watching if you're a channel member I really appreciate you uh subscribing and becoming a member of the channel really helps support what I do here if you don't mind taking just a second hit that subscribe button if you're not a subscriber not a channel member uh subscribing doesn't cost you anything it just helps the algorithm realize that you know people like watching what I do here and it helps push things up uh through the bubble of millions of videos that are out there and gets my stuff out there so again thank you for watching and we'll see on the next video foreign [Music]

Info

Channel: mostlychris

Views: 53,530

Rating: undefined out of 5

Keywords: Smart Home, Home Assistant, cloudflare tunnel, cloudflare tunnel tutorial, home assistant remote access without port forwarding, home assistant remote access, home server remote access, how to use cloudflare tunnel, cloudflare argo tunnel, cloudflare access, zero trust network access, cloudflare tunnel setup, smart homes, mostly chris homeassistant, remote network access

Id: XoTmO4mLibw

Channel Id: undefined

Length: 17min 25sec (1045 seconds)

Published: Sun Nov 13 2022