How to setup cloud flare home assistant

by | Sep 6, 2024 | Technology

Setting up Cloudflare with Home Assistant involves using Cloudflare to provide secure remote access to your Home Assistant installation and/or enhance the security of your Home Assistant instance through features like SSL/TLS encryption, DNS management, and protection from DDoS attacks. Below is a step-by-step guide on how to do this:

Prerequisites:

  1. A running Home Assistant instance (preferably on a Raspberry Pi or server).
  2. A registered domain name that you own.
  3. A Cloudflare account.

Step 1: Set up Cloudflare DNS

To remotely access Home Assistant using a domain, you first need to set up DNS through Cloudflare.

  1. Sign Up and Add a Domain:
    • Go to Cloudflare and sign up for an account if you don’t already have one.
    • Once you’re logged in, add your domain to Cloudflare by following the prompts.
    • Cloudflare will scan your existing DNS records, but you can add or modify them later.
  2. Point the Domain to Your Home Assistant IP:
    • In the DNS section of the Cloudflare dashboard, create a new A record:
      • Name: homeassistant (or something similar)
      • IPv4 address: Your public IP address (which can be found via services like whatismyip.com).
      • Ensure Proxy status is set to DNS only at this point, as we’ll later configure it for secure access.

Step 2: Configure Home Assistant to Use SSL

Next, set up SSL certificates to secure your connection.

Option 1: Use Let’s Encrypt with Home Assistant (easier with the Home Assistant Add-on):

  • In Home Assistant, go to SupervisorAdd-on Store → Search for Let’s Encrypt and install it.
  • Configure the Let’s Encrypt add-on by setting your domain name (e.g., homeassistant.example.com), email, and whether you want to automatically renew the certificates.
  • Start the add-on to generate your SSL certificate.

Option 2: Use Cloudflare SSL (via Cloudflare’s Origin Certificate):

  • In the Cloudflare dashboard, go to SSL/TLSOrigin Server.
  • Click Create Certificate and follow the instructions to generate a Cloudflare Origin Certificate.
  • Save the certificate and private key, which you’ll need to use in Home Assistant.
  • Copy the certificate and key into Home Assistant’s configuration directory, typically /config/ssl/.

Step 3: Configure Home Assistant for HTTPS

  • In Home Assistant’s configuration.yaml file, add the following under the http: section:
    yaml

    http:
    ssl_certificate: /config/ssl/cloudflare_cert.pem
    ssl_key: /config/ssl/cloudflare_key.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5
  • Make sure the file paths point to where you saved the Cloudflare SSL certificate and key.

Step 4: Configure Cloudflare Tunnel (optional, for easier remote access)

Using Cloudflare Tunnel (formerly called Argo Tunnel) allows you to expose Home Assistant without needing to open ports on your router.

  1. Install Cloudflare Tunnel:
    • Go to Zero TrustAccessTunnels in the Cloudflare dashboard.
    • Follow the steps to create a tunnel, name it, and download the Cloudflare daemon (cloudflared) to your Home Assistant instance.
    • Run cloudflared on your Home Assistant device to establish the tunnel:
      bash

      cloudflared tunnel create homeassistant
    • Configure the tunnel in Cloudflare by setting the service to point to http://localhost:8123, which is the local address of Home Assistant.
  2. Run the Tunnel as a Service (on Home Assistant):
    • You can configure cloudflared to run as a service on Home Assistant so that it stays active after reboots. There are guides available for setting up cloudflared as a systemd service on Linux.

Step 5: Secure Remote Access with Cloudflare Access (optional)

  • If you want additional security, you can use Cloudflare Access to enforce authentication (e.g., using Google, GitHub, or any SSO provider) before someone can access your Home Assistant interface.
  • Go to Zero TrustAccessApplications and add Home Assistant as an application.
  • Set up access policies, such as requiring login via Google before anyone can connect.

Step 6: Update Firewall and Router Settings

  • If you’re using a Cloudflare Tunnel, you don’t need to open any ports on your router.
  • If you aren’t using a tunnel, ensure that ports 443 (HTTPS) and 80 (HTTP for SSL certificate renewals) are forwarded from your router to Home Assistant.

Step 7: Test the Setup

  • Visit your domain (e.g., https://homeassistant.example.com), and you should be able to access your Home Assistant instance securely.
  • If you used Cloudflare Tunnel, no open ports will be exposed, and your domain should automatically forward to Home Assistant.

Summary of Options:

  1. Cloudflare DNS: Manage DNS records for your Home Assistant domain.
  2. Cloudflare SSL/Let’s Encrypt: Enable HTTPS access to your Home Assistant instance.
  3. Cloudflare Tunnel: Use Cloudflare Tunnel for secure remote access without exposing ports.
  4. Cloudflare Access: Add an extra layer of authentication for enhanced security.

If you’d like help with any specific part of the process, feel free to ask!

×
Sign in
Sign up

Sign In

Sign Up