Chapter 4: Exposing Home Assistant to the World
In this chapter, I’ll walk you through how I exposed my Home Assistant (HA) instance to the internet using Cloudflare. This approach ensures secure, remote access to HA without needing to open ports on my router. It offers free access via Cloudflare tunnels. Alternatively, for a paid option with additional features, you can consider using Nabu Casa. If you’re running HA in Docker like I am, this guide is especially relevant since it involves running Cloudflared in a separate Docker container.
Why Cloudflared?
Cloudflare’s Cloudflared add-on provides a secure way to expose services running locally to the internet by creating a tunnel to Cloudflare’s network. It’s perfect for situations where you:
- Don’t want to or cannot open ports on your router.
- Want to avoid complex network configurations.
- Require robust security with minimal setup.
Since I’m running HA in Docker and add-ons aren’t available for this setup, I needed to run Cloudflared in a separate Docker container.
Setting Up Cloudflared in Docker
Here’s how I set up Cloudflared to work with my Home Assistant instance:
Follow the Guide:
I followed the instructions detailed in this Home Assistant Community post. These steps outline how to configure Cloudflared in Docker for HA. Special thanks to brenner-tobias for creating the Cloudflared add-on and providing invaluable guidance.
A few key points :
-
Use the Correct Docker Image:
Instead of the standard
cloudflared/cloudflared
image, I usedmilgradesec/cloudflared:latest
. This image is tailored for arm64 which is required by Pi4.
docker run -v ~/demo:/home/nonroot/.cloudflared milgradesec/cloudflared:latest tunnel create test-tunnel
-
Domain Name Configuration:
I had already purchased a domain name through Cloudflare (https://www.cloudflare.com/en-ca/). Configuring the domain was straightforward:- Added a CNAME record pointing my domain’s subdomain to the Cloudflare tunnel.
- Set up Zero Trust policies in the Cloudflare dashboard to control access.
Connect to Home Assistant:
I configured the Cloudflared tunnel to point to the internal IP of my HA instance running on Docker. This made my HA accessible through my custom domain securely.
HA configuration.yaml
# Loads default set of integrations. Do not remove.
default_config:
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
Cloudflare configuration
Benefits of Using Cloudflared
- Security: Traffic is routed through Cloudflare’s network, ensuring that your HA instance is not directly exposed.
- No Port Forwarding: There’s no need to open ports on your router, reducing the attack surface.
- Custom Domain: Using my own domain makes accessing HA intuitive and professional.
- Zero Trust Policies: Control who can access your HA instance using Cloudflare’s advanced security features.
Challenges and Solutions
Choosing the Right Docker Image:
Initially, I tried usingcloudflared/cloudflared
, but it didn’t work as expected. Switching tomilgradesec/cloudflared:latest
resolved the issue.Configuring the Tunnel:
The community guide was invaluable in setting up the tunnel configuration correctly. Double-checking the YAML file and logs helped troubleshoot minor errors.Domain Setup:
Configuring the domain name through Cloudflare’s dashboard was straightforward but required some trial and error with DNS records.
Final Thoughts
By setting up Cloudflared in a separate Docker container, I’ve ensured secure, remote access to my Home Assistant instance without compromising on security or flexibility. Whether you’re running HA in Docker or looking for a no-port-forwarding solution, this method works brilliantly.
In the next chapter, I’ll walk you through setting up the segue, given that HA is Dockerised. Stay tuned!
Top comments (0)