Last updated on June 17th, 2022 at 07:25 pm

In today’s post, I will show you how to create a Cloudflare tunnel to Home Assistant, so you can remotely connect to your Smart Home without opening any ports

After reading this post till the end, you’ll be able to access your Home Assistant from anywhere. You can do so using https connection absolutely for free from a first-level domain ending with ga, tk, ml, and so on. 

I’m not quite sure as I have a real IP address here and I have nowhere to test this but I think if you are behind CGNAT (Carrier-Grade NAT) this whole setup will work for you as well.

Quick Tip: Carrier-grade NAT, also known as large-scale NAT, is a type of Network address translation for use in IPv4 network design.

By the way, check my free Smart Home glossary where you will find some simple, but useful explanations of the most common Smart Home words and abbreviations. 

The glossary is all free and you can get it here on my other website. 

Now without further ado, let’s dive in as I can’t wait to show you the cool things! This will be a follow-along tutorial where I will practically explain the complete procedure as I go through each step.

#1. Free Domain Registration

The first one is to get a free domain name. Of course, if you have a paid domain and you want to use it you can do so

Cloudflare to Home Assistant tunnel require a domain name. What is better than a free one?
Cloudflare to Home Assistant tunnel require a domain name. What is better than a free one?

Go to freenom.com and search and register your own domain here. I’ll search for temenu.ga. (which is a kind of flower in Bulgarian, I think it’s a violet or something) and I’ll check for availability. 

search for a free domain at freenom.com and checkout it is free

The temenu.ga domain is free and I’m going to click on checkout. I’ll extend the period to 12 months for free and I’ll click continue. 

I’m not quite sure what will happen with this free domain after 12 months. If you happen to know that let me know in the comments it will be very useful for all of us. 

I’ll enter my email address and I’ll click on verify my email address. 

I have to wait now for the verification email to arrive. It can take some time because it’s a free service and it is not very fast sometimes. 

Verify you e-mail address by clicking on the link that freenom is sending.
Verify you e-mail address by clicking on the link that freenom.com is sending.

Next step is to enter my details. I’ll enter my information (name, password, etc) and I’ll tick the ‘I have read and agree the terms and conditions’ and I’ll click on complete order button. 

And my order which is completely free is confirmed. Now, I can go to my client area and I can see my domain name temenu.ga, violet in english as active. 

My free domain ending with .ga is already active and I'm going to use it for my Cloudflare tunnel to Home Assistant.
My free domain ending with .ga is already active and I’m going to use it for my Cloudflare tunnel to Home Assistant.

#2. Cloudflare Registration

Next, we have to create an account in Cloudflare. This is so standard and easy that I will not even show you the exact steps. On top, Cloudflare is so popular lately that there is a big chance that you already have an account there. If not just create one.

Now go create a user on Cloudflare.com

Add new site when you are inside Cloudflare.
Add new site when you are inside Cloudflare.

I already created one and inside the Website section, I’ll click on Add a Site.

I’ll enter temenu.ga which is my new free domain that I just created.

Confirm adding new site inside Cloudflare

I’ll click Add site. I’ll select the free plan which is just perfect. The Cloudlflare will start scanning for existing DNS records.

Then I’ll click on continue without DNS records

“Cloudflare isn’t able to activate your site…” I know that and I’ll click Confirm and this is what I wanted to get:

I'm getting the Cloudflare's nameservers as I will need them in my freenom.com free domain.
I’m getting the Cloudflare’s nameservers as I will need them in my freenom.com free domain.

These are the Cloudflare’s nameservers and I’ll copy them and I’ll go back to my freenom management portal. 

I’ll click on the Manage Domain, I’ll click on the Management Tools > Name Servers > Use custom name servers and I’ll paste the name servers that I get from Cloudflare. 

Adding the Cloudflare nameservers in my free domain is very important step for my tunnel.

I’ll copy both of the name servers under Nameserver 1 & Nameserver 2. Finally, I’ll click on Change Nameservers and configuration of my free domain name temenu.ga is almost finished. 

Now I have to wait a few minutes and I’ll receive an email from Cloudflare telling me that my site temenu.ga is added. 

You have to wait for this confirmation mail from Cloudflare before you continue further with the Home Assistant tunnel creation.
You have to wait for this confirmation mail from Cloudflare before you continue further with the Home Assistant tunnel creation.

Congratulations you have successfully activated temenu.ga. Your site will now receive the benefits of Cloudflare’s performance, security and reliability features, great! 

#3. Installing the Cloudflared Home Assistant add-on

Tobias Brenner is the author of the Cloudflared Home Assistant add-on, so all the credits go to him. 

Let’s install the add-on that he has created as it will greatly help us in our secure, tunnel mission. 

Cloudflared Home Assistant add-on official GitHub page
Cloudflared Home Assistant add-on official GitHub page

This is the official GitHub page of Home Assistant add-on Cloudflared and here we have some prerequisites. 

  • Make sure to remove all other add-ons or configuration entries handling SSL certificates. That means if you already have DuckDNS add-on or Let’s Encrypt add-on or something similar, or you have manually configured some SSL certificates in your Home Assistant, you have to remove them. 
  • Next, you have to have a working Cloudflare setup with a domain name and we already have that, so we are good to go. 
  • And the last prerequisite is to decide whether to use a local or managed tunnel (We are going to use a local one) 

We are coming to the actual installation of the Cloudflared Home Assistant add-on. 

  • I’ll open my test Home Assistant.
  • I’ll press the “c” button on my keyboard to invoke the search bar and I’ll type add-on and I’ll go to the Add-on store of Home Assistant
  • Then, I’ll click on the three dots menu, repositories and I’ll paste the Cloudflared repository.
https://github.com/brenner-tobias/ha-addons
Thank you Tobias, please continue supporting this gorgeous add-on.
Thank you Tobias, please continue supporting this gorgeous add-on.
  • To confirm adding the new Cloudflared repository, I’ll click Add and then Close.
  • I’ll click on the Cloudflare add-on and I’ll click install.
Cloudflared add-on added in Home Assistant
Cloudflared add-on added in Home Assistant

If you don’t have an add-ons section in your Home Assistant, that means you are not running Home Assistant OS or Supervised installation type. 

If you want to know more about the different installation types of Home Assistant – check my webinar. In the Webinar I’m explaining everything about this topic. It is completely free and you can register on my other website – https://automatelike.pro/webinar

The Cloudflared add-on is now installed and I’ll go to the Configuration section. 

Adding Details Like Domain And Tunnel Name In The Configuration Section
Adding Details Like Domain And Tunnel Name In The Configuration Section

In this section, I’ll enter my domain name which is temenu.ga. and I’ll change the Cloudflare tunnel name to let’s say My HA. I’ll click Save

I’m ready to start the Cloudflare add-on in Home Assistant, but before that, I have to add some YAML code to my configuration.yaml file. For that, I’ll open my File Editor add-on and I’ll open the configuration.yaml file (of course, you can use any other text editor that you wish).

Inside the configuration.yaml file I’ll paste the following lines which will allow requests from the Cloudflare add-on.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

I’ll hit Save and then I’ll restart my Home Assistant.

Lines Of Code In The configuration.yaml File
Lines Of Code In The configuration.yaml File

#4. Starting the Home Assistant Cloudflared add-on

The grande finale is just ahead 🙂 Let’s see if our Cloudflare tunnel to Home Assistant is actually working. 

Home Assistant has started and I’ll go again to my Add-on store section, Cloudflare add-on. The configuration is Okay and I’ll go to the Info tab and I’ll hit the Start button. 

Info Tab In The Cloudflared Add-On
Info Tab In The Cloudflared Add-On

Then I’ll go to the Log tab and I’ll hit the Refresh button constantly here until I see the “Please open the following url and log in with your Cloudflare account…” text.

Copy the link from your log section and open it in a new browser or tab

I’ll copy the link and I’ll paste it into a new tab. I’ll select my temenu.ga domain and I’ll click Authorize button. Cloudflare has installed a certificate allowing your origin to create a tunnel on this zone. 

Very good! Let’s hit refresh again. Everything seems good except these small errors which I don’t know how to resolve. 

If you know that let me know in the comments. They’re not fatal, everything should work with them, but anyways if you know the solution let us know.

#5. Testing the Home Assistant Cloudflare tunnel

Now it is time to check what we have done. I’ll open a new tab and I’ll type tememu.ga and I’ll hit enter. My Home Assistant login page is immediately displayed on the screen. Great, I managed to open my Home Assistant using the Cloudflare tunnel. 

Home Assistant Login Page Using The Cloudflare Tunnel
Home Assistant Login Page Using The Cloudflare Tunnel

I see one problem though: the connection is not secure. That means it is an http connection. Making this a secure connection is very hard it will take us around one or two hours, but let’s do it. 

I’m kidding 🤣 It’s very easy!

I just have to change the http to https and I’ll enter my domain name again and now everything is fine. 

Opening the Cloduflare to Home Assistant tunnel over https secure connection.

I have a valid certificate coming from Cloudflare and I’m able able to login in my Home Assistant using a secure tunnel without opening any ports in my router!

Bonus: Home Assistant Companion app

Everything that I showed you so far is free of charge which is wonderful, but there is one more bonus. You can now use this free domain and this Cloudflare tunnel to connect Home Assistant companion app which is available for iOS and Android devices. 

All you have to do is to enter your domain name during the Home Assistant Companion app setup.

Entering Domain Name In The Home Assistant Mobile App
Entering Domain Name In The Home Assistant Mobile App

Doing so, you will not only be able to control your Smart Home from everywhere, but you unlock some device tracking features and notifications that are pretty cool.

Don’t forget to subscribe to my newsletter which is also free 😉  

So that’s it! Hope you enjoyed and found this post helpful. This is Kiril signing off. See you again next Wednesday!



2 Comments

Antonio · 16/06/2022 at 2:02 am

Thank you. I watched the video on the TV and came here to actually do it.
It was nice and much simpler than when I set up DuckDNS and Nginx, because I have some local wifi buttons that need http, so I coudln’t stay with only DuckDNS.

I’ll have to reconfigure Google Home and hopefully still works, but no big deal if it doesn’t.

QUESTION: do you know if/how to allow external access to some addons that have the port in the URL? like for example Sonarr, which would be tememu.ga:8989 –> it won’t work… neither with duckdns.

PS: the HTTPS thing can be fixed in Cloudflare, setting “Always use HTTPS”.

    KIril Peyanski · 16/06/2022 at 3:03 pm

    Hi Antonio,
    you can try add additional hosts in the configuration of the Cloudflared add-on. Check the documentation for the exact syntax, but in theory you should list them as new services and you will be able to access these services using subdomains of your main domain registered in the Cloudflare. This is an example of what you can add in the Cloudflared add-on

    additional_hosts:
    – hostname: “router.example.com”
    service: “http://192.168.1.1”

Leave a Reply

Avatar placeholder

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.