Home Lab Raspberry

Remote Home Assistant through Cloudflare Tunnel

By Giacomo No Comments #Cloudflare #HomeAssistant
Home Assistant and Cloudflare icons side by side on a single-colour background.

Introduction

In the world of home labs, Home Assistant has become one of the most powerful and popular tools for automating and controlling home: open-source, highly customisable and with a large active community, it allows one to integrate devices of all kinds, from Zigbee sensors to smart lights, up to more advanced systems such as video intercoms or alarm systems.
One of the most delicate aspects, however, concerns remote access: how to access Home Assistant from outside the home securely, without opening ports on the router and without exposing your server to unnecessary risks? Cloudflare Zero Trust Access, a free service (paid plans also available) that allows you to expose your Home Assistant on the Internet without having to touch your firewall or NAT configuration, and above all with a much higher level of security than simple port forwarding. Using the Cloudflare Tunnel, you can create an encrypted channel between your local server and the Cloudflare infrastructure, completely hiding your public IP and filtering access via two-factor authentication, OAuth providers (such as Google, GitHub, Microsoft) or identity-based rules.

Prerequisites

  1. Own a domain name;
  2. Domain DNS on Cloudflare;
  3. Docker and Portainer.

Create Cloudflare Tunnel

1. Login to Cloudflare and click Zero Trust.

Cloudflare Zero Trust side menu with an arrow pointing to the ‘Zero Trust’ item.

2. In this page, select Tunnels inside Networks section.

Cloudflare Zero Trust side menu with an arrow pointing to the ‘Tunnel’ item under the Network section.

3. Now, Create a tunnel and select Cloudflared tunnel type.

Choosing between Cloudflared and WARP Connector to create secure tunnels on Cloudflare.

4. Enter a name for the tunnel and click Save tunnel.

5. In this section, choose Docker then copy and paste the command on the terminal that run your Docker. When the connector is online, click Next.

Configuring Cloudflare tunnels with Docker: installing the connector and connecting securely.

6. Choose a public subdomain to use for DNS and public connections. In Service type the private IP or URL for the home assistant instance, then click Complete setup.

Configure Cloudflare tunnel to public domain.

Secure Cloudflare Tunnel with Access

1. Login to Cloudflare and click Zero Trust

Cloudflare Zero Trust side menu with an arrow pointing to the ‘Zero Trust’ item.

2. In this page, select Applications inside Access section

Cloudflare Zero Trust side menu with an arrow pointing to the ‘Applications’ item under the Access section.

3. Click on Add a new application and select Self-hosted

Selecting the ‘Self-hosted’ option when adding an application in Cloudflare Access.

4. Create an Application name and the Session duration, next Add public hostname and insert subdomain and domain created before for the Tunnel. In Access policies section selection an existing policies or create a new one.

Entering the application name, session duration, adding the public hostname, and creating a policy in Cloudflare Access.

5. Go to the last page and click Save.

By Giacomo

System Administrator. Founder and writer.

Related post