Home Assistant with Cloudflare Zero Trust


Want to access your Home Assistant setup from anywhere in the world securely through the mobile app or web browser without fiddling with your router’s settings or worrying about having a static IP address? Home Assistant with Cloudflare Zero Trust configuration is your answer. It’s a secure, hassle-free way to reach your Home Assistant system from any corner of the globe. 


Quick Overview

Getting remote access to Home Assistant involves a few steps, but it’s straightforward when you know how. Here’s what we’ll cover:

  • Setting up a Cloudflare Zero Trust tunnel
  • Installing Cloudflared on your Home Assistant instance
  • Optionally tightening application access security

What You Need First

Make sure you’ve got your domain name and have moved your DNS to Cloudflare. We’re starting from there, bypassing traditional hurdles like port forwarding, thanks to Cloudflare’s encrypted tunnels.


Steps to Success:

  • A registered domain name through a domain registrar.
  • Moved your DNS hosting to Cloudflare.

These steps are crucial as they enable Cloudflare’s Zero Trust configuration to direct traffic securely to your internal network, eliminating the need for traditional port forwarding.

1. Setting up a Cloudflare Zero Trust tunnel


1.1 Get started

Visit CloudFlare website, sign in with your account

(Note: Assumption is you have moved your DNS hosting to Cloudflare, you need to do this!)


1.2 Navigate to Zero Trust tunnel

Create a zero trust tunnel, choose Add a tunnel

Cloudflare Zero Trust menuCloudflare Zero Trust menu

Cloudflare Zero Trust menu


1.3 Define connector type

Select your connector type being Cloudflared 

Cloudflare Zero Trust tunnel menu


1.4 Create a tunnel

Name it (I went with ‘homeassistant’) and save your secure token – treat this like your most prized password.

Cloudflare Zero Trust tunnel menu


1.5 Important: Safeguarding Your Secure Token

To link your Home Assistant with the Cloudflared tunnel, you’ll need a secure token. Think of this token as a key to your digital front door. Here’s how to grab it:

  • Fetch it by copying a line from the service installation commands shown below. Look for the long string after ‘install’—that’s your connector. It looks like this:

  • Carefully copy this string into a text editor. This is your secure token, and it’s crucial for the setup in step 2.5. Make sure to keep it safe and treat it with the same care as a password.

Cloudflare Zero Trust connector menu

1.6 Setting Your Public Hostname

Next up, you’ll set your public hostname. Here’s how:

  • Head to the menu and look for the public hostname option. Since Cloudflare is handling your DNS, your domain should already be filled in. Now, just add the subdomain name you chose earlier.

Quick Tip: If you run into trouble with the ‘homeassistant.local’ not connecting, you might need to adjust the URL. Try switching to ‘localhost’ ( or input the actual IP address or hostname of your Home Assistant server (something like 192.168.x.x) for a smoother setup.


Cloudflare Zero Trust public host name page

1.7 Secure tunnel is up!

Your Tunnel should now be created, next we need to configure Home Assistant to allow the connection.


Cloudflare Zero Trust tunnel created menu


2. Installing Cloudflared on your Home Assistant instance


2.1 Kickstarting Cloudflared Integration

Start by adding the HA-Addons repository. You can do this manually with the provided GitHub repository link or simply click the ‘Add Repository’ button below for a quick setup and add the repository.


Add Repository to HA


2.2 Navigating to the Add-On Store

After adding the repository, head over to your Home Assistant and go to Settings > Add-Ons, then tap on the Add-On Store.


Home Assistant Menu



2.3 Installing Cloudflared

Simply search for ‘Cloudflared’ in the Add-On Store and hit ‘Install’.


Cloudflared Home Assistant Cloudflare Zero Trust Daemon


2.4 Setting Up for Reliability

Enable ‘Start on boot’ and ‘Watchdog’. Then head over to the ‘Configuration’ tab.


Cloudflared Home Assistant Cloudflare Zero Trust Installation 


2.5 Configuring Your Connection

Enable the unused optional configuration options and populate using the secure token from 1.5 as the Cloudflare Tunnel Token.


Cloudflared Home Assistant Cloudflare Zero Trust Daemon Options


2.6 Launching Cloudflared

Start the service from the ‘Info’ page and use the ‘Log’ tab for debugging.


Cloudflared Home Assistant Cloudflare Zero Trust Daemon Start


2.7 Adjusting Home Assistant Configuration

Using the Studio Code Server modify ‘configuration.yaml’ to allow trusted_proxies. After making the changes, don’t forget to restart your Home Assistant to apply them.


  use_x_forwarded_for: true


2.8 Accessing Your Home Assistant Remotely

After restarting Home Assistant, head to your external web address to check out your setup in action. For instance, you might go to https://homeassistant.yourdomain.com.


Cloudflared Home Assistant Cloudflare Zero Trust Welcome Screen


2.9 Multi-factor Authentication

To enhance security, we strongly advise enabling multi-factor authentication, especially now that your service is accessible on the internet.


3. Optionally tightening application access security


Congratulations on setting up your Home Assistant for secure remote access! Now, let’s consider if you want it accessible from anywhere globally. Typically, you’ll use it within your home country, so it makes sense to limit access geographically for an extra layer of security.


3.1 Access Control Setup

Head to Access -> Applications from the main menu.


Cloudflare Application Security Menu


3.2 Add an application


3.3 Opt for Self-hosted

Select the ‘Self-hosted’ option.

Cloudflare Application Security Menu for Self-Hosted applications


3.4 Application Configuration

Complete the application configuration form, keeping default settings for the unspecified options.


Cloudflare Application Security Menu Configure application


3.5 Setting Access Restrictions

Name your policy and set up rules tailored to your needs. For example, I’m limiting access to just Australia with a ‘Bypass’ action. This setup allows seamless access from within Australia without needing Cloudflare authentication challenges.


Cloudflare Application Security Bypass action for Country Australia


3.6 Finalising Setup

Keep the setup page on its default settings to conclude.


Congratulations! You’ve now enhanced the security and accessibility of your Home Assistant instance using Cloudflare’s Zero Trust. This setup not only fortifies your smart home against external threats but also ensures that you can enjoy the conveniences of home automation from anywhere in the world. Have questions or feedback for Home Assistant with Cloudflare Zero Trust? Feel free to share your thoughts or ask for help in the comments below.

Did this guide help you secure your Home Assistant remotely? If you found it valuable and are feeling generous, consider Buying Me A Coffee. Your support encourages me to create more helpful content like this. Cheers!


Share the Post:

Leave Your Comment

Related Posts

Subscribe to new blogs