Skip to content

Instantly share code, notes, and snippets.

@aolwas

aolwas/homeassistant-remote-access-using-cloudflare-zero-trust.md

Created October 20, 2023 12:10
Show Gist options
  • Save aolwas/968ef02c3170b64fd4c0948833e14ba0 to your computer and use it in GitHub Desktop.
Save aolwas/968ef02c3170b64fd4c0948833e14ba0 to your computer and use it in GitHub Desktop.
Download ZIP
homeassistant remote access using cloudflare zero-trust
Raw
homeassistant-remote-access-using-cloudflare-zero-trust.md

Cloudflare tunnel

  • Create a tunnel [ref] and install client on homeassistant machine (use cloudflare addon if using HAOS)
  • Create two public hostnames for this tunnel targeting http:localhost:8123
    • my-app for browser access
    • my-app-android for android companion app access
  • Update homeassistant to allow proxied connections: 
    # authorize cloudflare cidr
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 127.0.0.1
    - ::1

Cloudflare oauth2 proxy for browser access

  • Create a self hosted application [ref]

Cloudflare mTLS configuration for android access

  • [ref]
  • mtls rule: (not cf.tls_client_auth.cert_verified and http.host eq "my-app-android")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment