On my Truenas Scale, I have installed a VM for HomeAssistant. It works perfectly…locally.
Truenas IP is 192.168.1.9 and is connected to NIC enp4s0
HomeAssistant VM IP is 192.168.1.68:8123 connected to br0 192.168.1.33/24 (I created this bridge because I have read it is needed although I don’t understand)
I have setup a tunnel on Cloudflare website for my whole server (for services Truenas and Nextcloud). On Truenas I have installed Cloudflared app and I can access remotely truenas.domain.com and nextcloud.domain.com from inside or outside the network.
I want to access HomeAssistant remotely through ha.domain.com
I have installed Cloudflared addon on HomeAssistant and copied the token from Clouflare web
I have added this to HA configuration.yaml:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
I have read and re-read Brenner-Tobias documentation on Github addon. The access to https://ha.domain.com works locally but not from outside my network. When I try, I can access my HA login page but when I input credentials it says “400: Bad request”.
Hopefully somebody could guide me. Thanks in advance.
I think the problem is this: “Received X-Forwarded-For header from an untrusted proxy 192.168.1.33”
I have added 192.168.1.33 in the list of trusted_proxies (in configuration.yaml) but it doesn’t solve the problem.
192.168.1.33 is the br0 (bridge) IP for the VM
I use the Cloudflared app and can redirect into applications without an addon, assuming you can reach Home Assistant locally via a port should connect fine via Cloudflare Tunnel
For Example the Settings I have for one application are:
I think you are right and the Cloudflared addon in HA is not necessary since Truenas system has already opened the tunnel with the Cloudflared app. But it is not the solution. I have also tried removing the addon and changed from https to http with similar result: “400: bad request” and when I activate on Cloudflare website https, result: “Bad gateway. Error code 502”
I have found the solution and it was easy…with a catch!
Configuration.yaml has to be modified in order to add the proxy. The proxy, in my case, is the IP of the bridge NIC (br0)