DEV Community

Cover image for Building a Smart Heater Controller with Python, Docker, and Bluetooth #4
Miguel Correa Calvo
Miguel Correa Calvo

Posted on

Building a Smart Heater Controller with Python, Docker, and Bluetooth #4

Chapter 4: Exposing Home Assistant to the World

In this chapter, I’ll walk you through how I exposed my Home Assistant (HA) instance to the internet using Cloudflare. This approach ensures secure, remote access to HA without needing to open ports on my router. It offers free access via Cloudflare tunnels. Alternatively, for a paid option with additional features, you can consider using Nabu Casa. If you’re running HA in Docker like I am, this guide is especially relevant since it involves running Cloudflared in a separate Docker container.


Why Cloudflared?

Cloudflare’s Cloudflared add-on provides a secure way to expose services running locally to the internet by creating a tunnel to Cloudflare’s network. It’s perfect for situations where you:

  • Don’t want to or cannot open ports on your router.
  • Want to avoid complex network configurations.
  • Require robust security with minimal setup.

Since I’m running HA in Docker and add-ons aren’t available for this setup, I needed to run Cloudflared in a separate Docker container.


Setting Up Cloudflared in Docker

Here’s how I set up Cloudflared to work with my Home Assistant instance:

Follow the Guide:
I followed the instructions detailed in this Home Assistant Community post. These steps outline how to configure Cloudflared in Docker for HA. Special thanks to brenner-tobias for creating the Cloudflared add-on and providing invaluable guidance.

A few key points :

  1. Use the Correct Docker Image: Instead of the standard cloudflared/cloudflared image, I used milgradesec/cloudflared:latest. This image is tailored for arm64 which is required by Pi4.
   docker run -v ~/demo:/home/nonroot/.cloudflared      milgradesec/cloudflared:latest tunnel create test-tunnel
Enter fullscreen mode Exit fullscreen mode
  1. Domain Name Configuration:
    I had already purchased a domain name through Cloudflare (https://www.cloudflare.com/en-ca/). Configuring the domain was straightforward:

    • Added a CNAME record pointing my domain’s subdomain to the Cloudflare tunnel.
    • Set up Zero Trust policies in the Cloudflare dashboard to control access.
  2. Connect to Home Assistant:
    I configured the Cloudflared tunnel to point to the internal IP of my HA instance running on Docker. This made my HA accessible through my custom domain securely.


HA configuration.yaml

# Loads default set of integrations. Do not remove.
default_config:

http:
  use_x_forwarded_for: true

  trusted_proxies:
  - 127.0.0.1

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

Enter fullscreen mode Exit fullscreen mode

Cloudflare configuration

Image description


Benefits of Using Cloudflared

  • Security: Traffic is routed through Cloudflare’s network, ensuring that your HA instance is not directly exposed.
  • No Port Forwarding: There’s no need to open ports on your router, reducing the attack surface.
  • Custom Domain: Using my own domain makes accessing HA intuitive and professional.
  • Zero Trust Policies: Control who can access your HA instance using Cloudflare’s advanced security features.

Challenges and Solutions

  • Choosing the Right Docker Image:
    Initially, I tried using cloudflared/cloudflared, but it didn’t work as expected. Switching to milgradesec/cloudflared:latest resolved the issue.

  • Configuring the Tunnel:
    The community guide was invaluable in setting up the tunnel configuration correctly. Double-checking the YAML file and logs helped troubleshoot minor errors.

  • Domain Setup:
    Configuring the domain name through Cloudflare’s dashboard was straightforward but required some trial and error with DNS records.


Final Thoughts

By setting up Cloudflared in a separate Docker container, I’ve ensured secure, remote access to my Home Assistant instance without compromising on security or flexibility. Whether you’re running HA in Docker or looking for a no-port-forwarding solution, this method works brilliantly.

In the next chapter, I’ll walk you through setting up the segue, given that HA is Dockerised. Stay tuned!

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay