Thanks for sharing. Now, most of the network attacks you'll supriced to know that have a source from CDN's like cloud flare. So if you don't do a VPN I would highly avoid exposing your home assistant instance like that.
You have to remember that for some people using vpn is way over their technical skills. Some people just use duckdns and do a wide open port forwarding on their routers almost waving attackers in. So...is this the perfect solution, maybe not. Is it 100% secure? Nothing is. Is it a step up from other methods? Definitely yes.
Great video! Thank you. Could you also cover how to enable local network access as well please? What scares me is how to make sure I don't fully lose access if some routing error and can leverage local accounts for a dashboard or something like that... Hope it make sense too.
Hello, excellent channel, I congratulate you, I wanted to ask if Google Assistant can be used with this method because I tried to do it and it didn't work, thank you
Thanks for the video you have shared, I have question about cloudflare proxy. Does it also proxy the response coming from your network? What I mean is when a user tried to connect to your network from the outside cloudflare proxy that request and forwards it the network. When the server (in this case home assistant) responds does it go to cloudflare and then to the requester or does it go directly to the requester?
Thats a demo home assistant instace that is no longer active and the dns record is also long gone so I'm not too worried about it but thanks for noticing, i must have missed that. Anyway, thank you so much for your feedback
About the 7th one of these from various sources I have watched - all of them have me so confused. I like the White Board aspects - it helps clear (a little). I have some questions. (1) should my CloudFlare A record be the HA name and IP address, or as I have seen use @ for the whole domain? I have it this way, and from my work computer if I ping the FQDN of my HA machine - it replies back with the IP Address (in my home - the one I assigned it). (2) I am eventually hoping to setup a VPN for my entire home using OPNSense setup on my pfSense router - am I going to have problems? Right now I am getting CERT errors in browser.
I'm also using this method and i couldnt be happier. its rock solider and most importantly before that i just used duckdns and used port forwarding to access my HA. my firewall IPS was getting 20-30 alerts per day about attempt to access my HA. once i switched over to this method about 6 months ago- nothing, no alerts. that has to be a good thing.
I think you need to replace or reconfigure your IPS! With so many non-actionable false alerts, how will you find one when there actually is a problem? Now that all the traffic is inside a secure connection, how will your IPS see issues?
Its ok buddy. I have firewall rules on the cloudflare side that will prevent access to the tunnel unless very spesific criteria is met. Thanks for the heads up
Great video and there is little info on Cloudflare and Home Assistant so I really appreciated this video. I have my own domain as well as SSL certs through Namescheap. However, I am running the traditional DuckDNS, NGNIX and let'sEncrypt. I am scared to jump over fully. Is there any way of running both at the same time (I am not worried about security)?
From my experience this will not work. The very basic condition of you reaching the proxy directly will never happen when using cloudflare. But my experience specifically with ngnix proxy is relatively limited so take it with a grain of salt
Update to previous comment - apparently there is something wrong with the CERTS that are coming from CloudFlare per your steps - the CERT is only one level.... where as I have been informed there needs to be My Cert, the intermediate CA and the root CA.
I can't make this work.... after checking the configuration with green result I reload the server and it startup in "safe mode" and it doesn't work... the logs are pretty confuse to me... this is the only thing I fund mght be the problem, but I don't know how to fix it.... it's exacltly done as in the video so I don't get this message.... homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /ssl/origin.pem: [SSL] PEM lib (_ssl.c:3874)
Another great video! Really love that you incorporated Cloudflare and the whiteboard illustration was very helpful!
Thank you so much, i greatly appreciate it. Thanks for watching!
This is a really good video, thanks for the very detail information. Now a few things would become clear to me. 👍
Thank you very much. Glad it was helpful
VPN is indeed the safest way but other than that, this looks pretty solid! kudos!
Thanks for watching!
Thanks for sharing. Now, most of the network attacks you'll supriced to know that have a source from CDN's like cloud flare. So if you don't do a VPN I would highly avoid exposing your home assistant instance like that.
You have to remember that for some people using vpn is way over their technical skills. Some people just use duckdns and do a wide open port forwarding on their routers almost waving attackers in. So...is this the perfect solution, maybe not. Is it 100% secure? Nothing is. Is it a step up from other methods? Definitely yes.
Great video! Thank you. Could you also cover how to enable local network access as well please?
What scares me is how to make sure I don't fully lose access if some routing error and can leverage local accounts for a dashboard or something like that...
Hope it make sense too.
Hello, excellent channel, I congratulate you, I wanted to ask if Google Assistant can be used with this method because I tried to do it and it didn't work, thank you
My HA breaks, but when I remove the two .pem files, it works fine, but I can't even access the interface.
Really hoped this could help - great guide
Thanks for the video you have shared, I have question about cloudflare proxy. Does it also proxy the response coming from your network? What I mean is when a user tried to connect to your network from the outside cloudflare proxy that request and forwards it the network. When the server (in this case home assistant) responds does it go to cloudflare and then to the requester or does it go directly to the requester?
you may want to hide your FQDN when creating the A record at approx the 7:05 mark of the video.
otherwise, great video, thanks!
Thats a demo home assistant instace that is no longer active and the dns record is also long gone so I'm not too worried about it but thanks for noticing, i must have missed that. Anyway, thank you so much for your feedback
About the 7th one of these from various sources I have watched - all of them have me so confused. I like the White Board aspects - it helps clear (a little). I have some questions. (1) should my CloudFlare A record be the HA name and IP address, or as I have seen use @ for the whole domain? I have it this way, and from my work computer if I ping the FQDN of my HA machine - it replies back with the IP Address (in my home - the one I assigned it). (2) I am eventually hoping to setup a VPN for my entire home using OPNSense setup on my pfSense router - am I going to have problems? Right now I am getting CERT errors in browser.
I'm also using this method and i couldnt be happier. its rock solider and most importantly before that i just used duckdns and used port forwarding to access my HA. my firewall IPS was getting 20-30 alerts per day about attempt to access my HA. once i switched over to this method about 6 months ago- nothing, no alerts. that has to be a good thing.
I think you need to replace or reconfigure your IPS! With so many non-actionable false alerts, how will you find one when there actually is a problem? Now that all the traffic is inside a secure connection, how will your IPS see issues?
Edit: Hey, Great Video'
Its ok buddy. I have firewall rules on the cloudflare side that will prevent access to the tunnel unless very spesific criteria is met. Thanks for the heads up
hi, great video but i have a issue
my ISP dooes not provie static ip soo port forwarding from external does not work.
is there any way to fix it?
You can use DDNS and have Cloudflare proxy to that DDNS. It will still work this way for you. (Also he addresses this at the 7 minute mark)
Great video and there is little info on Cloudflare and Home Assistant so I really appreciated this video. I have my own domain as well as SSL certs through Namescheap. However, I am running the traditional DuckDNS, NGNIX and let'sEncrypt. I am scared to jump over fully. Is there any way of running both at the same time (I am not worried about security)?
from your experience it's possible to use
Nginx Proxy Manager add-on to HA and behind Cloudflare, would you need to open ports in this case?
From my experience this will not work. The very basic condition of you reaching the proxy directly will never happen when using cloudflare. But my experience specifically with ngnix proxy is relatively limited so take it with a grain of salt
@@TechMeOut5 thanks
did not work..may be limited with unifi router(no limited port forwarding option for me)
Thank you
Update to previous comment - apparently there is something wrong with the CERTS that are coming from CloudFlare per your steps - the CERT is only one level.... where as I have been informed there needs to be My Cert, the intermediate CA and the root CA.
the config snippet doesnt seem to work, i cannot access my HA now...wth
Can you do another video talking about cloudflare Argo tunnel? I am not familiar with it and it sounds interesting. :)
Will add that to the list of future videos. Thanks for watching!
I can't make this work.... after checking the configuration with green result I reload the server and it startup in "safe mode" and it doesn't work... the logs are pretty confuse to me... this is the only thing I fund mght be the problem, but I don't know how to fix it.... it's exacltly done as in the video so I don't get this message....
homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /ssl/origin.pem: [SSL] PEM lib (_ssl.c:3874)