For some months now, I have been running Home Assistant on a Raspberry Pi mini-computer at home. It’s a great asset in my ‘smart home’ and allows me to bundle a lot of smart IoT devices into one platform.
When starting with Home Assistant, I only access it locally. Yet, I was looking for ways to control my home from outside of my home network as well. Here is my guide on how to setup Home Assistant on your own domain with Cloudflare. By the way, this is a method which doesn’t cost anything (except for a domain name which you may already have).
Default ways to access Home Assistant
Out-of-the-box you are will be accessing your local Home Assistant installation when you are connected yourself to that same local network. The hardware you utilise to run Home Assistant is likely connected to Ethernet or Wi-Fi and not by default reachable outside your own home. Possibly for good reason: you do not want others to access your home information.
By using your preferred web browser, you will need to navigate to either of these URLS:
- 192.168.1.X (this may be slightly different in your situation)
Additionally, you may have to enter the specific port number as well. For Home Assistant, the port 8123 is used.
If you wish to access your Home Assistant instance from virtually anywhere in the world (if you are connected to the Internet that is), you could take a subscription with Nabu Casa called ‘Home Assistant Cloud‘. While there is currently a free trial available, this is a paying subscription. While it is an excellent way to support the further development of Home Assistant, it is a recurrent cost for you and once you stop paying, the remote access to Home Assistant will stop working.
In conclusion: in my case, the default options available to access Home Assistant where not fitting my needs. I wanted instead to use my own custom domain name (using a dedicated subdomain).
First things first. In this tutorial I will explain how you can access your Home Assistant installation via your own custom domain name using the services of Cloudflare. There will be a new few things I assume you already own or have configured properly as it is not in scope of this tutorial to include instructions:
- A domain name
- Cloudflare account
- Working Home Assistant installation
2. Setting up Cloudflare: add a subdomain
Let’s get started! We should start with setting up Cloudflare properly. The main idea is to create a subdomain (homeassistant.example.com) and ensure it points to your home assistant installation at your home location.
Within your Cloudflare dashboard we will start with adding a new subdomain: add a new A record, give it a name (be creative!) and assign your current IPv4 address to it. If you are using what the IP address is, you could visit IPInfo or any other similar free website to show you your current IPv4 address.
In theory, if you access your subdomain homeassistant.example.com, you should end up at your Home Assistant instance and be presented with your login screen. But we have some other steps to take.
3. Ensure you configure your network to allow port forwarding
We must now ensure that a user who visits https://homeassistant.example.com will be forwarded to your exact HA instance: including the correct port. The port forwarding is important in order to point the user correctly to Home Assistant and no other devices on your network:
- The incoming port is 443, because that’s the default port for HTTPS traffic
- The internal port is 8123, but we will change this later
This step depends on your exact home router, so the steps may be slightly different. Here is a screenshot how I forwarded port 443 to 8443:
4. Configure Home Assistant
Now let’s go to Home Assistant (via the local method still) and ensure it is configured properly to allow for these incoming traffic from the Internet.
Use File Editor (read here how to install it) to edit the configuration.yaml file. Home Assistant -> File Editor -> Browse -> configuration.yaml
Ensure to include the following pieces of code:
First, set the external URL that you have defined.
homeassistant: external_url: "https://homeassistant.example.com"
Then, we will set a new port number (8443 instead of 8123), define the use_x_forwarded_for header (passing on the client’s correct IP address in proxied setups) and setting trusted_proxies (the IP ranges of Cloudflare). Lastly, we also set up a bit of security: we will only allow a certain level of login attempts.
http: server_port: 8443 # Add use_x_forwarded_for use_x_forwarded_for: true # Add the Cloudflare IPs as trusted proxies https://www.cloudflare.com/ips-v4 trusted_proxies: - 220.127.116.11/20 - 18.104.22.168/22 - 22.214.171.124/22 - 126.96.36.199/22 - 188.8.131.52/18 - 184.108.40.206/18 - 220.127.116.11/20 - 18.104.22.168/20 - 22.214.171.124/22 - 126.96.36.199/17 - 188.8.131.52/15 - 184.108.40.206/13 - 220.127.116.11/14 - 18.104.22.168/13 - 22.214.171.124/22 login_attempts_threshold: 5
5. Manage your dynamic IP address at home
Your IPv4 address at home is possibly a dynamic address: your ISP may change it at any time. It is a good idea to sent the latest IP address of your home network to Cloudflare and update the A record with this new IP address.
Install the Cloudflare integration here: Cloudflare – Home Assistant (home-assistant.io)
- Browse to your Home Assistant instance.
- In the sidebar click on Configuration.
- From the configuration menu select: Integrations.
- In the bottom right, click on the Add Integration button.
- From the list, search and select “Cloudflare”.
- Follow the instruction on screen to complete the set up.
Then, ensure to configure it for your own subdomain. You will need to configure the integration and enter an API token. You can find all relevant info here: Creating API tokens · Cloudflare API docs