Setup Cloudflare tunnel to a VM

keryo · January 2, 2025, 10:02pm

On my Truenas Scale, I have installed a VM for HomeAssistant. It works perfectly…locally.
Truenas IP is 192.168.1.9 and is connected to NIC enp4s0
HomeAssistant VM IP is 192.168.1.68:8123 connected to br0 192.168.1.33/24 (I created this bridge because I have read it is needed although I don’t understand)

I have setup a tunnel on Cloudflare website for my whole server (for services Truenas and Nextcloud). On Truenas I have installed Cloudflared app and I can access remotely truenas.domain.com and nextcloud.domain.com from inside or outside the network.

I want to access HomeAssistant remotely through ha.domain.com
I have installed Cloudflared addon on HomeAssistant and copied the token from Clouflare web
I have added this to HA configuration.yaml:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24

I have read and re-read Brenner-Tobias documentation on Github addon. The access to https://ha.domain.com works locally but not from outside my network. When I try, I can access my HA login page but when I input credentials it says “400: Bad request”.

Hopefully somebody could guide me. Thanks in advance.

keryo · January 3, 2025, 9:02am

I think the problem is this: “Received X-Forwarded-For header from an untrusted proxy 192.168.1.33”
I have added 192.168.1.33 in the list of trusted_proxies (in configuration.yaml) but it doesn’t solve the problem.
192.168.1.33 is the br0 (bridge) IP for the VM

itsharryshelton · January 3, 2025, 6:09pm

I use the Cloudflared app and can redirect into applications without an addon, assuming you can reach Home Assistant locally via a port should connect fine via Cloudflare Tunnel

For Example the Settings I have for one application are:

Make sure you set the HTTP or HTTPS type, and add the port to the end of your IP on URL.

keryo · January 3, 2025, 8:06pm

I think you are right and the Cloudflared addon in HA is not necessary since Truenas system has already opened the tunnel with the Cloudflared app. But it is not the solution. I have also tried removing the addon and changed from https to http with similar result: “400: bad request” and when I activate on Cloudflare website https, result: “Bad gateway. Error code 502”

Thanks anyway for your answer.

keryo · January 3, 2025, 8:50pm

I have found the solution and it was easy…with a catch!
Configuration.yaml has to be modified in order to add the proxy. The proxy, in my case, is the IP of the bridge NIC (br0)

In my case the configuration.yaml is like this:

http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.33

BUT the catch is that you have to “Restart Home Assistant” a “Quick reload” IS NOT ENOUGH!!!

When I made my changes I only used Quick reload and this is why it didn’t work! I hope it will be useful to someone.

By the way, the Cloudflared addon for Homeassistant is not needed if you already have Cloudflared app installed in Truenas.

nicksterx · January 15, 2025, 7:56pm

Where did you find that configuration.yaml file to modify it?

Thank you!