The problem

Getting repeated WRN and INF and complaints about being unable to use "quic", I am not sure what that is, and today I was disconnected and then reconnected while using node-red on home-assistant (lost all my unsaved flow work.. ;p). Disconnections were a complaint mentioned when I looked up this error on google and found what may have been an official cloudlflare git hub...

I'm not sure what it means by exposing my IP address but I have been checking IP lookup tools and it seems it is still hidden each time I have checked (using my domain name).

I had a quick look at the link that the warnings mentioned in the log and really am not sure what it says to do however if you think I should try whatever it is, I will look into it further.

NOTE: I'm sure it's obvious but in the log I have added the removed on anything I figured was best kept private and probably some that don't matter.

What version of Cloudflared has the issue?

2.0.5

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

No response

Anything in the logs that might be useful for us?

-----------------------------------------------------------
 Add-on: Cloudflared
 Use a Cloudflared tunnel (formerly Argo Tunnel) to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
 Add-on version: 2.0.5
 You are running the latest version of this add-on.
 System: Home Assistant OS 8.4  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2022.7.7
 Home Assistant Supervisor: 2022.07.0
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[07:49:41] INFO: Checking Add-on config...
[07:49:43] INFO: Checking for existing certificate...
[07:49:43] INFO: Existing certificate found
[07:49:43] INFO: Checking for existing tunnel...
[07:49:43] INFO: Existing tunnel with ID _*removed*_  found
[07:49:43] INFO: Checking if existing tunnel matches name given in config
[07:49:44] INFO: Existing Cloudflare tunnnel name matches config, proceeding with existing tunnel file
[07:49:45] INFO: Creating config file...
[07:49:47] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[07:49:47] INFO: Creating new DNS entry _*removed*_ ...
2022-07-26T23:49:49Z INF _*removed*_  is already configured to route to your tunnel tunnelID=_*removed*_ 
[07:49:49] INFO: Finished setting-up the Cloudflare tunnel
s6-rc: info: service init-cloudflared-config successfully started
s6-rc: info: service cloudflared: starting
s6-rc: info: service cloudflared successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
[07:49:50] INFO: Connecting Cloudflared Tunnel...
2022-07-26T23:49:50Z INF Starting tunnel tunnelID=_*removed*_
2022-07-26T23:49:50Z INF Version 2022.7.1
2022-07-26T23:49:50Z INF GOOS: linux, GOVersion: go1.17.10, GoArch: arm64
2022-07-26T23:49:50Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info no-autoupdate:true origincert:/data/cert.pem]
2022-07-26T23:49:50Z INF Generated Connector ID: _*removed*_
2022-07-26T23:49:50Z INF Initial protocol quic
2022-07-26T23:49:50Z INF Starting metrics server on 127.0.0.1:40123/metrics
2022-07-26T23:49:50Z INF Connection _*removed*_ registered connIndex=0 ip=_*removed*_ location=_*removed*_
2022-07-26T23:49:51Z INF Connection _*removed*_ registered connIndex=1 ip=_*removed*_ location=_*removed*_
2022-07-26T23:49:52Z INF Connection _*removed*_ registered connIndex=2 ip=_*removed*_ location=_*removed*_
2022-07-26T23:49:53Z INF Connection _*removed*_ registered connIndex=3 ip=_*removed*_ location=_*removed*_
2022-07-27T05:02:42Z INF Unregistered tunnel connection connIndex=2
2022-07-27T05:02:42Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=2 ip=_*removed*_
2022-07-27T05:02:42Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=2 ip=_*removed*_
2022-07-27T05:02:42Z INF Retrying connection in up to 1s seconds connIndex=2 ip=_*removed*_
2022-07-27T05:02:43Z WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with 'quic' protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not work unless your cloudflared can connect with Cloudflare Network with 'quic'. connIndex=2 ip=_*removed*_
2022-07-27T05:02:43Z INF Switching to fallback protocol http2 connIndex=2 ip=_*removed*_
2022-07-27T05:02:43Z WRN Connection terminated error="timeout: no recent network activity" connIndex=2
2022-07-27T05:02:43Z INF Unregistered tunnel connection connIndex=0
2022-07-27T05:02:43Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 ip=_*removed*_
2022-07-27T05:02:43Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=0 ip=_*removed*_
2022-07-27T05:02:43Z INF Retrying connection in up to 1s seconds connIndex=0 ip=_*removed*_
2022-07-27T05:02:43Z WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with 'quic' protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not work unless your cloudflared can connect with Cloudflare Network with 'quic'. connIndex=0 ip=_*removed*_
2022-07-27T05:02:43Z INF Switching to fallback protocol http2 connIndex=0 ip=_*removed*_
2022-07-27T05:02:43Z INF Connection _*removed*_ registered connIndex=0 ip=_*removed*_ location=_*removed*_
2022-07-27T05:02:50Z INF Connection _*removed*_ registered connIndex=2 ip=_*removed*_ location=_*removed*_
2022-07-27T05:50:22Z INF Lost connection with the edge connIndex=2
2022-07-27T05:50:22Z INF Unregistered tunnel connection connIndex=2
2022-07-27T05:50:22Z WRN Serve tunnel error error="connection with edge closed" connIndex=2 ip=_*removed*_
2022-07-27T05:50:22Z INF Retrying connection in up to 1s seconds connIndex=2 ip=_*removed*_
2022-07-27T05:50:24Z INF Changing protocol to quic connIndex=2 ip=_*removed*_
2022-07-27T05:50:24Z WRN Connection terminated error="connection with edge closed" connIndex=2
2022-07-27T05:50:26Z INF Lost connection with the edge connIndex=0
2022-07-27T05:50:26Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 ip=_*removed*_
2022-07-27T05:50:26Z INF Unregistered tunnel connection connIndex=0
2022-07-27T05:50:26Z INF Retrying connection in up to 1s seconds connIndex=0 ip=_*removed*_
2022-07-27T05:50:26Z INF Changing protocol to quic connIndex=0 ip=_*removed*_
2022-07-27T05:50:26Z WRN Connection terminated error="connection with edge closed" connIndex=0
2022-07-27T05:50:34Z INF Connection_*removed*_ registered connIndex=0 ip=_*removed*_ location=_*removed*_
2022-07-27T05:50:34Z INF Connection _*removed*_ registered connIndex=2 ip=_*removed*_ location=_*removed*_
2022-07-27T09:09:02Z INF Unregistered tunnel connection connIndex=0
2022-07-27T09:09:02Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 ip=_*removed*_
2022-07-27T09:09:02Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=0 ip=_*removed*_
2022-07-27T09:09:02Z INF Retrying connection in up to 1s seconds connIndex=0 ip=_*removed*_
2022-07-27T09:09:03Z INF Unregistered tunnel connection connIndex=2
2022-07-27T09:09:03Z WRN Failed to serve quic connection error="failed to accept QUIC stream: timeout: no recent network activity" connIndex=2 ip=_*removed*_
2022-07-27T09:09:03Z WRN Serve tunnel error error="failed to accept QUIC stream: timeout: no recent network activity" connIndex=2 ip=_*removed*_
2022-07-27T09:09:03Z INF Retrying connection in up to 1s seconds connIndex=2 ip=_*removed*_
2022-07-27T09:09:03Z WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with `quic` protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not work unless your cloudflared can connect with Cloudflare Network with `quic`. connIndex=0 ip=_*removed*_
2022-07-27T09:09:03Z INF Switching to fallback protocol http2 connIndex=0 ip=_*removed*_
2022-07-27T09:09:03Z WRN Connection terminated error="timeout: no recent network activity" connIndex=0
2022-07-27T09:09:04Z WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with `quic` protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not work unless your cloudflared can connect with Cloudflare Network with `quic`. connIndex=2 ip=_*removed*_
2022-07-27T09:09:04Z INF Switching to fallback protocol http2 connIndex=2 ip=_*removed*_
2022-07-27T09:09:04Z WRN Connection terminated error="failed to accept QUIC stream: timeout: no recent network activity" connIndex=2
2022-07-27T09:09:15Z INF Connection _*removed*_ registered connIndex=0 ip=_*removed*_ location=_*removed*_
2022-07-27T09:09:15Z INF Connection _*removed*_ registered connIndex=2 ip=_*removed*_ location=_*removed*_

Steps to reproduce the issue

Launch addon or have it auto-launch when starting home assistant after setting up using tutorial by "Everything Smart Home"

Additional information

I have looked up the warning logs and it brings up a GitHub for another Cloudflare thing where the error mentioned will cause random disconnections and if the warning is correct, possibly cause my IP to be visible ?

Hi and thanks so much for your work on creating this application. I was able to successfully implement after setting up a new domain on cloudflare, and it works great!!

Couple questions:

1. Are you planning to set this up through the HA Community Addons?
2. As far as nginxproxymanager - do you use it?
3. Is there anything else you'd recommend for security, besides 2FA?
4. Finally - what did you use to create your webpage :)

Thanks again for sharing your work! As an FYI - Currently I have HA OS running on a RPI4..

The problem

Home Assistant TTS service stops working for me once I start using Cloudflared Add-On.

When I call a TTS service HA shows below error:

Logger: homeassistant.components.websocket_api.http.connection
Source: helpers/network.py:201
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 9:02:14 PM (1 occurrences)
Last logged: 9:02:14 PM

[139727335055008] Error handling message: Unknown error (unknown_error)
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/decorators.py", line 27, in _handle_async_response
    await func(hass, connection, msg)
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 636, in handle_execute_script
    await script_obj.async_run(msg.get("variables"), context=context)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 1513, in async_run
    await asyncio.shield(run.async_run())
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 405, in async_run
    await self._async_step(log_exceptions=False)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 449, in _async_step
    self._handle_exception(
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 472, in _handle_exception
    raise exception
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 447, in _async_step
    await getattr(self, handler)()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 680, in _async_call_service_step
    await service_task
  File "/usr/src/homeassistant/homeassistant/core.py", line 1713, in async_call
    task.result()
  File "/usr/src/homeassistant/homeassistant/core.py", line 1750, in _execute_service
    await cast(Callable[[ServiceCall], Awaitable[None]], handler.job.target)(
  File "/usr/src/homeassistant/homeassistant/components/tts/__init__.py", line 218, in async_say_handle
    await hass.services.async_call(
  File "/usr/src/homeassistant/homeassistant/core.py", line 1713, in async_call
    task.result()
  File "/usr/src/homeassistant/homeassistant/core.py", line 1750, in _execute_service
    await cast(Callable[[ServiceCall], Awaitable[None]], handler.job.target)(
  File "/usr/src/homeassistant/homeassistant/helpers/entity_component.py", line 204, in handle_service
    await service.entity_service_call(
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 680, in entity_service_call
    future.result()  # pop exception if have
  File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 930, in async_request_call
    await coro
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 717, in _handle_entity_call
    await result
  File "/usr/src/homeassistant/homeassistant/components/cast/media_player.py", line 628, in async_play_media
    sourced_media = await media_source.async_resolve_media(
  File "/usr/src/homeassistant/homeassistant/components/media_source/__init__.py", line 146, in async_resolve_media
    return await item.async_resolve()
  File "/usr/src/homeassistant/homeassistant/components/media_source/models.py", line 90, in async_resolve
    return await self.async_media_source().async_resolve_media(self)
  File "/usr/src/homeassistant/homeassistant/components/tts/media_source.py", line 68, in async_resolve_media
    if manager.base_url and manager.base_url != get_url(self.hass):
  File "/usr/src/homeassistant/homeassistant/helpers/network.py", line 201, in get_url
    raise NoURLAvailableError
homeassistant.helpers.network.NoURLAvailableError

My configuration.yaml:

http:
  base_url: https://url.com
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
...
tts:
  - platform: google_translate
    service_name: google_say
    base_url: https://url.com

Do you know if this can be fixed by configuration or I cannot use Cloudflared Add-On and TTS at the same time?

What version of Cloudflared has the issue?

2.0.4

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

additional_hosts: []
external_hostname: url.com
tunnel_name: homeassistant
tunnel_token: ''

Anything in the logs that might be useful for us?

Logs in description

Steps to reproduce the issue

Call a TTS service

service: tts.google_say
data:
  entity_id: media_player.google_home
  message: test
  language: pl

Additional information

No response

Describe the bug

I'm using the latest version of cloudflared: 2.0.2.

I followed the documentation and when I start cloudflared I get the following log output:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
curl: (7) Couldn't connect to server
[17:16:27] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
curl: (7) Couldn't connect to server
[17:16:27] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[17:16:27] INFO: Checking Add-on config...
[17:16:27] FATAL: 'external_hostname' is empty, please enter a valid String
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

I tried various configurations and I made sure external_hostname is filled, which in logs it says it is not. I always get the same error.

In configuration.yaml I also added

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24`

• Add-On Version: 2.0.2.
• Supervisor Version (e.g. supervisor-2021.10.8): supervisor-2022.05.3
• Core Version (e.g. core-2021.11.5): core-2022.6.6
• Operating System (e.g. Home Assistant OS 6.6): Ubuntu 16.04.7 LTS
• Devices (e.g. Raspberry Pi 4 Model B): HP laptop.

The problem

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh

Add-on: Cloudflared
Use a Cloudflared tunnel (formerly Argo Tunnel) to remotely connect to Home Assistant without opening any ports

Add-on version: 2.0.4
You are running the latest version of this add-on.
System: Home Assistant OS 8.2 (amd64 / qemux86-64)
Home Assistant Core: 2022.7.0
Home Assistant Supervisor: 2022.07.0

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[18:07:21] INFO:
[18:07:21] INFO: Using Cloudflare Remote Management Tunnel
[18:07:21] INFO: All add-on configuration options except tunnel_token
[18:07:21] INFO: will be ignored.
[18:07:21] INFO:
s6-rc: info: service init-cloudflared-config successfully started
s6-rc: info: service cloudflared: starting
s6-rc: info: service cloudflared successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
Provided Tunnel token is not valid.
See 'cloudflared tunnel run --help'.
[18:07:22] WARNING: cloudflared crashed, halting add-on
s6-rc: info: service legacy-services: stopping
[18:07:22] INFO: cloudflared stoped, restarting...
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service cloudflared: stopping
s6-rc: info: service cloudflared successfully stopped
s6-rc: info: service init-cloudflared-config: stopping
s6-rc: info: service init-cloudflared-config successfully stopped
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

What version of Cloudflared has the issue?

Add-on version: 2.0.4

What was the last working version of Cloudflared?

previous one

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

No response

Anything in the logs that might be useful for us?

Provided Tunnel token is not valid.


however the tunnel has not changed and was working fine before the update and is the correct tunnel code as from the cloudflare portal.

Steps to reproduce the issue

just run the plugin

Additional information

No response

Thanks Brenner Tobias for your awesome work to make the integration so so so easy.

I have 2 users that will be accessing Home Assistant.
Each of us have our own domain name.
example: ha.user1.com and ha.user2.com

But the AddOn only allows us to create 1 Cloudflared tunnel. (Please correct me if I'm wrong)

I have a NAS running cloudflared on docker, I am able to create multiple cloudflared docker to cater the different domain names.

Hence would like to check / request a feature to allow multiple domain name to be used to access via CloudFlare tunnel.

I am open for any suggestion to achieve above scenario.
Appreciate your help and thank you in advance!

Describe the bug
I have an 400 Bad request error while trying to connect using domain

To Reproduce
Steps to reproduce the behavior:

Default config

Expected behavior
Work

Screenshots

Add-On / Home Assistant Information (please complete the following information):

• Add-On Version 1.0.5
• System: Home Assistant OS 7.6 (aarch64 / raspberrypi3-64)
• Home Assistant Core: 2022.5.1
• Home Assistant Supervisor: 2022.05.0
• Devices Raspberry Pi 3 Model B+

Additional context

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 00-cloudflared-log.sh: executing...
[cont-init.d] 00-cloudflared-log.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 10-cloudflared-config.sh: executing...
[02:45:22] INFO: Checking Add-on config...
[02:45:28] INFO: Checking for existing certificate...
[02:45:28] INFO: Existing certificate found
[02:45:28] INFO: Checking for existing tunnel...
[02:45:28] INFO: Existing tunnel with ID xxx found
[02:45:28] INFO: Checking if existing tunnel matches name given in config
[02:45:33] INFO: Existing Cloudflare tunnnel name matches config, proceeding with existing tunnel file
[02:45:34] INFO: Creating config file...
[02:45:41] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[02:45:43] INFO: Creating new DNS entry xxx...
2022-05-07T00:45:45Z INF Added CNAME x which will route to this tunnel tunnelID=xxx
[02:45:46] INFO: Finished setting-up the Cloudflare tunnel
[cont-init.d] 10-cloudflared-config.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[02:45:48] INFO: Connecting Cloudflared Tunnel...
2022-05-07T00:45:48Z INF Starting tunnel tunnelID=xxxx
2022-05-07T00:45:48Z INF Version 2022.5.0
2022-05-07T00:45:48Z INF GOOS: linux, GOVersion: go1.17.5, GoArch: arm64
2022-05-07T00:45:48Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info no-autoupdate:true origincert:/data/cert.pem]
2022-05-07T00:45:48Z INF Generated Connector ID: xxx
2022-05-07T00:45:48Z INF Initial protocol http2
2022-05-07T00:45:48Z INF Starting metrics server on 127.0.0.1:32959/metrics
2022-05-07T00:45:49Z INF Connection xxx registered connIndex=0 location=WAW
2022-05-07T00:45:50Z INF Connection xxx registered connIndex=1 location=FRA
2022-05-07T00:45:51Z INF Connection xxx registered connIndex=2 location=WAW
2022-05-07T00:45:52Z INF Connection xxx registered connIndex=3 location=FRA
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080
2022-05-07T00:50:27Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 172.30.32.1:8080: connect: connection refused" cfRay=xxx-WAW ingressRule=0 originService=http://homeassistant:8080

Describe the bug
When i open the domain is says: 400: Bad request

To Reproduce
Steps to reproduce the behavior:
Install normally like the tutorial

1. Open the domain
2. See the error

Expected behavior
Normal home assistant site

Screenshots

Logs
[21:50:46] INFO: Connecting Cloudflared Tunnel..
If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with quic protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not workunless your cloudflared can connect with Cloudflare Network with quic. connIndex=2
2022-05-26T19:51:05Z INF Switching to fallback protocol http2 connIndex=2
2022-05-26T19:51:05Z INF Connection 6983cd7e-1b9c-4d0d-9833-********** registered connIndex=2 location=AMS

Hi,
I set up the cloudflare addon newly and that process seemed to work fine. However, it is not working and the log shows

Failed to add route: code: 1003, reason: An A, AAAA, or CNAME record with that host already exists.
[20:32:01] FATAL: Failed to create DNS entry aaaaaaaa.ml

Could you please advise.
Thanks a lot
Arne

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh

Add-on: Cloudflared
Use a Cloudflared tunnel (formerly Argo Tunnel) to remotely connect to Home Assistant without opening any ports

Add-on version: 2.0.4
You are running the latest version of this add-on.
System: Home Assistant OS 8.2 (armv7 / raspberrypi3)
Home Assistant Core: 2022.7.6
Home Assistant Supervisor: 2022.07.0

Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.

cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[20:31:51] INFO: Checking Add-on config...
[20:31:54] INFO: Checking for existing certificate...
[20:31:54] INFO: Existing certificate found
[20:31:54] INFO: Checking for existing tunnel...
[20:31:54] INFO: Existing tunnel with ID d076ee66-9b54-4ba8-aebe-919d12e02884 found
[20:31:54] INFO: Checking if existing tunnel matches name given in config
[20:31:55] INFO: Existing Cloudflare tunnnel name matches config, proceeding with existing tunnel file
[20:31:56] INFO: Creating config file...
[20:31:59] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[20:31:59] INFO: Creating new DNS entry aaaaaaaa.ml...
Failed to add route: code: 1003, reason: An A, AAAA, or CNAME record with that host already exists.
[20:32:01] FATAL: Failed to create DNS entry aaaaaaaaa.ml
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

This is more a question than anything else. I'm new to Cloudflare in general, but I wonder if the dashboard wasn't supposed to show the configured tunnel:

However, despite not showing up there, everything is working fine. Also, I can see the new entry under my DNS for the tunnel.

Is your feature request related to a problem? Please describe.
When running another reverse proxy then Nginx Proxy Manager, it is not possible to set the default route to its address.

Describe the solution you'd like
A way of defining the default route in the configuration to set it so another address then the Nginxproxymanager add-on

Additional context
Could be added to the additional_hosts array in config.

The problem

Hello, im trying to configure the Addon on my Home Assistance instance and i get an error that the domain is not configured (but it it setup in the config).

What version of Cloudflared has the issue?

2.0.4

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant Supervised

Add-on YAML Configuration

No response

Anything in the logs that might be useful for us?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
curl: (7) Couldn't connect to server
[11:01:27] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
curl: (7) Couldn't connect to server
[11:01:27] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[11:01:28] INFO: Checking Add-on config...
[11:01:28] FATAL: 'external_hostname' is empty, please enter a valid String
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Steps to reproduce the issue

I just did a normal installation, nothing different.

Additional information

Also im running HASS Supervised in Docker and i previously had DuckDNS setup but its uninstalled now.

Is your feature request related to a problem? Please describe.
As I'm stuck with HA Core in venv for my usecase I don't have access to the addon store.

Describe the solution you'd like
It would be great to be able to install your addon via HACS in HA Core to use this service.

Describe alternatives you've considered
Setting up a secure remote connection isn't that easy using my particular setup which causes some security issues.

Additional context
/

Thanks for creating a great add on!

Is your feature request related to a problem? Please describe.
I’m unable to use the Home Assistant apps through the tunnel when authentication is turned on. I’m able to login through the Cloudflare one time password wall, but the apps doesn’t seem to accept the resulting cookie.

Describe the solution you'd like
A workaround would be to support the Cloudflare Zero Trust companion app, that effectively creates a VPN to your local network from your device. I have this up an running on a stand-alone device in my LAN, and it works great. It would involve adding this lines to the Cloudflare config

warp-routing:
  enabled: true

Adding a route to your tunnel like this:

cloudflared tunnel route ip add 192.168.XX.0/24 tunnelname

And finally remove your LAN IP subnet in Cloudflare’s Split Tunnels settings.

See https://digaround.cloud/homeassistant-secure-access-with-cloudflare-warp/ for full context.

Describe the bug
When i click on zigbee2mqtt i got this JS error in chrome console: Uncaught SyntaxError: Unexpected end of input and this in the extension log: Unsolicited response received on idle HTTP channel starting with "0\r\n\r\n"; err=<nil>

To Reproduce
Steps to reproduce the behavior:

1. Install zigbee2mqtt extension (repo: https://github.com/zigbee2mqtt/hassio-zigbee2mqtt)
2. Install addon-cloudflared and configure it.
3. Visit home assistant throught the tunnel.
4. See error in extension log and in js console.

Expected behavior
Zigbee2mqtt frontend load like when exposing port without using tunnel.

Add-On / Home Assistant Information (please complete the following information):

• Add-On Version: 0.1.8
• Supervisor Version: supervisor-2021.12.2
• Core Version: core-2021.12.7
• Operating System: Home Assistant OS 7.0
• Devices: virtualized on kvm

It would be nice if the Cloudflared add-on could export the SSL certificates to /ssl like the DuckDNS and Let's Encrypt add-on does.

For me, this would be useful for other server add-ons like Asterisk, which requires a SSL certificate regardless.

I don't know if it's possible, but if it is, it would be nice.

If it is possible, I believe that perhaps we could recommend people setup their http integration to enable HTTPS, so that traffic inside of the house also gets encrypted.

Hello,

Your cloudflared addon is just awesome, very important and priceless and money saver for me.

I just noticed that there is a new version of cloudflared library.
https://github.com/cloudflare/cloudflared/blob/master/RELEASE_NOTES

Lookin forward to get a addon update also.

Thanks for your great work.
Regards

I recently thought about improving the security to make the add-on even more trustable. We could achieve this by removing the Hassio API manager role.

This would imply that we need to remove the checks mentioned below ( bashio::addons.xxx this one should be the only part where the manager role is needed).
In my opinion we could omit this check. If the nginx add-on is installed everything works as expected, if not the host isn't reachable which will lead to a 404 error. Either way, this is the default behavior for services that are not reachable.

As described here, I would set the following line to the hostname: a0d7b954-nginxproxymanager

What do you think?

Is your feature request related to a problem? Please describe.
If something goes wrong or you want to change the Cloudflare account, a new authentication needs to be triggered. For that, there is a bool option in the config that tells the add-on to delete all files on start-up. After that run, the variable needs to be set to false again in order to start the onboarding process.

The add-on has to stop after deleting the files. In order to do that and to preserve the logs, I went for bashio::exit.nok "Fail to preserve the logs" . This suggests that something went wrong, which in case did not happen.

Describe the solution you'd like
Regarding the general reset: I am not sure about the best approach here. Maybe there are some best practices about resetting add-ons that I am not aware of.
Regarding stopping the add-on while preserving the logs: Is there another way, to do that without exiting with not?

Describe alternatives you've considered

Additional context
The detention is done in the file cloudflared/rootfs/etc/cont-init.d/02_cloudflared-setup.sh

hello
I have Home assistant installed with docker-compose containr, could this addon be installed with docker-compose container?
Thank you

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Cloudflared automatically updates itself, which is not the desired behaviour

Expected behavior
No auto-update

Additional context
Can be fixed by adding --no-autoupdate to the run command

The problem

Hi,

I findout that addon has issue with reconnecting back to Cloudflare tunnel if server lost connection. It looks like Add-on is unable to reset tunnel connection automatically, after I restart add-on all is working fine.

What version of Cloudflared has the issue?

2.0.4

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

additional_hosts: []
external_hostname: xxxxxxxxxx
tunnel_name: xxxxxxxxx
tunnel_token: ''
data_folder: ssl

Anything in the logs that might be useful for us?

022-07-16T13:12:39Z ERR Unable to establish connection with Cloudflare edge error="TLS handshake with edge error: read tcp 172.30.33.5:48064->198.41.192.47:7844: read: connection reset by peer" connIndex=3 ip=198.41.192.47
2022-07-16T13:12:39Z ERR Serve tunnel error error="TLS handshake with edge error: read tcp 172.30.33.5:48064->198.41.192.47:7844: read: connection reset by peer" connIndex=3 ip=198.41.192.47
2022-07-16T13:12:39Z INF Retrying connection in up to 1s seconds connIndex=3 ip=198.41.192.47
2022-07-16T13:12:39Z ERR Unable to establish connection with Cloudflare edge error="TLS handshake with edge error: read tcp 172.30.33.5:53778->198.41.192.67:7844: read: connection reset by peer" connIndex=1 ip=198.41.192.67

Steps to reproduce the issue

Disconnect internet for some time and Cloudflare add-on couldn't estabilished connection

Additional information

No response

Ok... I really don't know what's happening, but:

Am I missing something? Looking forward to use your add-on. Thank you!

Is your feature request related to a problem? Please describe.

Home Assistant OS 7.6
since cloudflared version 2022.4.0, current add-on version 2022.4.1

The problem is OS related and can't be fixed from inside the add-on.

Log excerpt:

2022/04/29 18:30:50 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 58 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

See issue mentioned in log message.

Additional context

The default protocol for creating tunnels changed from http2 to quic with cloudflared version 2022.4.0 TUN-5992

See cloudflared service doc for further information. (Doc doesn't seem up to date as it still mentions http2 as default value).

quic protocol will be the future according to the developers (among others for UDP support).

Describe alternatives you've considered

For HA OS:

• Change default protocol to http2 in services.d/run (wouldn't recommend that, though)
• We open a ticket in HA OS with a request to increase the value.
• Hint on how to change sysctl -w net.core.rmem_max=2500000 (we can issue the command but it isn't persistent between reboots):
  --> Workaround with HA OS persistent UDEV rules would be possible
  --> ACTION=="add", KERNEL=="sd*", RUN+="/sbin/sysctl -w net.core.rmem_max=2500000"
  This will change kernel parameter on every reboot when device with kernel name sd* eg. sdaor sdb (which should be the name in default configurations) is connected. Works fine for me on Proxmox with KVM (.qcow2) image.

For HA Supervised installations:

• create documentation for Supervised Installations: execute sysctl -w net.core.rmem_max=2500000

Describe the bug
After some use of this addon I got an error that tunnel already exist, so I added 't' at the end of the name in the config, then the problem went back, and I repeated it problem occurred one more time.

To Reproduce
Steps to reproduce the behavior:

1. Setup addon
2. Wait a few days
3. Check for error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

https://pastebin.com/trJzp8HW
Add-On / Home Assistant Information (please complete the following information):

Add-on version: 2.0.1
You are running the latest version of this add-on.
System: Home Assistant OS 7.6 (aarch64 / raspberrypi3-64)
Home Assistant Core: 2022.5.4
Home Assistant Supervisor: 2022.05.3

Is your feature request related to a problem? Please describe.
When setting up Cloudflared, you have to manually check the logs of the add-on, copy the authentication link and paste it into a browser window.

Describe the solution you'd like
It would be easier to automatically open the link in a new browser tab / a mobile browser for the app to make the authentication a more seaming-less experience.

Describe alternatives you've considered
Since this only needs to be done once, the current solution might also be feasible, depending on the effort.

Additional context
The URL is generated by running /opt/cloudflared tunnel login as an output to the console. This is done in the file /cloudflared/rootfs/etc/cont-init.d/02_cloudflared-setup.sh

I currently use the following forward to expose my bitwarden addon to the web.

- hostname: bw.example.com
  service: https://addon_a0d7b954_bitwarden:7277

Would it be possible to for example block the following substring from being accessed by the web?
https://bw.example.com/Admin

The problem

OS: Ubuntu 22.04 LTS
Home Assistant: 2022.7.7
Docker: 20.10.17

Whenever I try to start the Add-on it fails with the above mentioned error message:
FATAL: 'external_hostname' is empty, please enter a valid String

The folder mounted as /data contains a valid options.json config:

{
  "additional_hosts": [],
  "external_hostname": "test.com",
  "tunnel_name": "homeassistant",
  "tunnel_token": "",
  "data_folder": "config",
  "custom_config": false,
  "log_level": "trace"
}

What version of Cloudflared has the issue?

2.0.5

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant Supervised

Add-on YAML Configuration

additional_hosts: []
external_hostname: test.com
tunnel_name: homeassistant
tunnel_token: ''
data_folder: config
custom_config: false
log_level: trace

Anything in the logs that might be useful for us?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
curl: (7) Couldn't connect to server
[09:51:41] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
curl: (7) Couldn't connect to server
[09:51:41] ERROR: Something went wrong contacting the API
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-cloudflared-log: starting
s6-rc: info: service init-cloudflared-log successfully started
s6-rc: info: service init-cloudflared-config: starting
[09:51:42] INFO: Checking Add-on config...
[09:51:42] FATAL: 'external_hostname' is empty, please enter a valid String
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Steps to reproduce the issue

Start the Add-on.

Additional information

I don't fully understand how the initialization process is working but maybe this error is related to other errors shown in the log:
curl: (7) Couldn't connect to server

Usually the supervisor entry is passed as an extra host docker and added to /etc/hosts. After creating the container and before starting it the file looks like this:

127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.30.32.2     hassio
172.30.32.2     supervisor
172.17.0.6      9074a9fa-cloudflared.local.hass.io 9074a9fa-cloudflared

After starting the Add-on it loogs like this:

127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.30.32.2     hassio
172.30.33.1     9074a9fa-cloudflared.local.hass.io 9074a9fa-cloudflared

Somehow the supervisor entry was removed from the list. Is is possible that this is causing the issue?

Is your feature request related to a problem? Please describe.
To check if a defined config with the adiditonal_hosts is valid, we can use a validator from Cloudflared:
cloudflared tunnel ingress validate

Describe the solution you'd like
Add this validation after the Cloudflared Config was created to check if it is valid.

Additional context
See documentation here.

while the installation is simple enough (both HA and cloudflare), would be nice to provide an example of
the corresponding entries in the configuration.yaml file.

my 'minimal' version isn't working
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
- 192.168.50.16

I am pretty happy with the current functionality and stability of the add-on. Therefore, I am thinking about changing the project stage from Experimental to Production Ready, maybe even releasing v1.0.0 ?

Any thoughts @felipecrs and @elcajon?

@elcajon: I just started looking into the auto-update in this repo and the ha-addons-edge.
It looks like everything is working fine in the repo, but the run of update in the add-on repository fails. It shows ValueError: untagged-2eea43dd07768ed394b6 is not valid SemVer string. This untagged-2eea43dd07768ed394b6 is the same value for different runs and I have no idea what's wrong here.
Do you mind having a look?
Thanks a lot in advance.

Originally posted by @brenner-tobias in #25 (comment)

Describe the bug
When trying to connect through the tunnel, I receive a "too many redirects" response.

To Reproduce
Bug happens on initial setup. Have properly authorized on Cloudflare and the DNS record has been properly created.

external_hostname: host.name.here
tunnel_name: homeassistant
nginxproxymanager: true
log_level: debug

(Please note host.name.here is not the actual hostname in the config)

Expected behavior
Connects to home assistant.

Screenshots
If applicable, add screenshots to help explain your problem.

Add-On / Home Assistant Information (please complete the following information):

• Add-On Version: 0.4.1
• Supervisor Version: supervisor-2022.01.1
• Core Version: core-2022.2.2
• Operating System: Home Assistant OS 7.2
• Devices: rPi4B8GB

Additional context
Error is repeated:

2022-02-06T20:04:36Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d96fd0e9d28c51c-ORD ingressRule=0 originService=http://homeassistant:8123
2022-02-06T20:04:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d96fd1b5b5ee1ce-ORD ingressRule=0 originService=http://homeassistant:8123
2022-02-06T20:04:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d96fd1c9c55e1ce-ORD ingressRule=0 originService=http://homeassistant:8123
2022-02-06T20:04:42Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d96fd37f9dac51c-ORD ingressRule=0 originService=http://homeassistant:8123

Before the 2.0.7 release, after an Internet outage, the add on would have to be restarted manually to re establish the tunnel (#139). This was fixed, but now the add-on shuts down and needs to be started. I have watchdog turned on, but it fails to start the add-on.

Reverted back to 0.1.9 and it's working fine. Any idea what might be going wrong? I'd have to update again to get more detail on logs, but I appeared to be getting messages about unregistered web hooks.

Having problem that a remote installation stopped connecting after error with tunnel token.: "Tunnel token not valid".

Running HASSIO on RPI3b, pretty much vanilla and latest version everything.

I might have copy/pasted the wrong one or I rolled it. Anyway, that means I cannot access my HA instance, since by entering tunnel token in config, other config parameters are not used. I have not found a way to edit addon config via HA CLI commands (which I can access), so my remote location is only accessible by plane, and 2 hour drive...

If there was a fallback to other config because for some reason an API tunnel token became invalid, or wrong, would dit not be good to have a fallback, or maybe a choice to activate such a fallback?

Or is there maybe a way to edit config via SSH and CLI, which of course is preferred if the roll is related to security breach?

The CF Tunnel Add-On has been rock solid up until this point. Still running the old version 1.04 with Nginx Proxy Manager .11.0

From the mobile HA iOS app, I've been running into issues where I'm displayed with the following nginx error intermittently:

Sometimes this happens when I change connections from Wifi to mobile & occasionally just trying to access from outside of my home LAN. To resolve, I'm, forced \to manually close the app, and reopen until it auto authenticates itself back into HA.

Not sure if related, but in the Cloudflared logs, I'm consistently receiving this error: If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with quic protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/

Are these issues because I'm on the old version? Been reluctant to upgrade until this point because "it just works."

Is your feature request related to a problem? Please describe.
Since cloudflared 2022.03.04 it supports management of the tunnel from the Cloudflare Zero Trust Dashboard. IMO this simplifies the configuration (as the configuration is fully managed by cloudflare itself). I would love to see support for this feature in this add-on. Maybe the user of the addon could decide if he wants to managed it from Cloudflare or manage itself.

I guess the implementation wouldn't be very hard, as the cloudflared binary just must be executed with a token and the rest happens automatically.
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/remote-management/

Additional context
Here's an screenshot how the management looks like on the Cloudflare Zero Trust Dashboard:

I mainly use Apple products and therefore have the HomeKit integration up and running without any problems.
I recently tried to get my Sonos speakers (with built-in Alexa) running with the HA Alexa integration. I tried to add the integration with custom Alexa Skill and AWS Lambda service but the skill isn't able to connect to my HA instance. The error occurs during final login stage when trying to map the custom Alexa Skill with my local HA instance.

My question is: Has anybody got this integration up and running with cloudflared tunnel? Is the problem somewhere in my configuration or because any connections are blocked at Cloudflare?

Describe the bug
I use a Cable Internet connection. Sometimes connection gets cut for few minutes or seconds.
I have noticed that, in some rear cases, this plugin stops working totally. Can't create the tunnel any more.
Device restart or Add-on restart doesn't work!
I need to Delete the Tunnel from dash.teams.cloudflare.com and then restart the Add-on/Full Device to restart the tunnel.

Log Error Message

FATAL: Failed to create tunnel. Please check the Cloudflare Teams Dashboard for an existing tunnel with the name homeassistant and delete it: https://dash.teams.cloudflare.com/ Access / Tunnels.

Expected behavior
It should re-establish the broken connection/tunnel automatically.
Pls fix this annoying bug for this 99.99999% perfect Add-on.

Add-On / Home Assistant Information (please complete the following information):

• Add-On Version (2.0.0) latest
• Supervisor Version (2022.05.2)
• Core Version (2022.5.5)
• Operating System (e.g. Home Assistant OS 8.1)
• Devices (e.g. Raspberry Pi 3 Model B)

Log

[cont-init.d] 10-cloudflared-config.sh: executing...
failed to create tunnel: Create Tunnel API call failed: tunnel with name already exists
[14:57:49] FATAL: Failed to create tunnel.
Please check the Cloudflare Teams Dashboard for an existing tunnel with the name homeassistant and delete it:
https://dash.teams.cloudflare.com/ Access / Tunnels
[cont-init.d] 10-cloudflared-config.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing...

            Oops! Something went wrong.

We are so sorry, but something went terribly wrong when
starting or running this add-on.

Be sure to check the log above, line by line, for hints.

[cont-finish.d] 99-message.sh: exited 0.

Hi,
some of use use HA on Docker and not like HAOS so Addons are not allowed.
Would by possible to share docker-compose or other type of docker configuration of your addon?

Thanks in Advance

Describe the bug
When trying to delete all the additional hosts, I get:

Failed to save add-on configuration, Missing option 'additional_hosts' in root in Cloudflared (90xxxxfa_cloudflared). Got {'external_hostname': 'axxxxxxxe.ga', 'tunnel_name': 'homeassistant', 'tunnel_token': ''}

I can only edit to make the additional host pointing nowhere.

To Reproduce
Steps to reproduce the behavior:

1. Go to Cloudflared Configuration tab
2. Delete all Additional Hosts
3. Save
4. See error

Expected behavior
Configuration is saved without errors. Additional Hosts are removed

Screenshots

Add-On / Home Assistant Information (please complete the following information):

• Add-On Version (e.g. 0.7)
• Supervisor Version (e.g. supervisor-2021.10.8)
• Core Version (e.g. core-2021.11.5)
• Operating System (e.g. Home Assistant OS 6.6)
• Devices (e.g. Raspberry Pi 4 Model B)

Additional context
Add any other context about the problem here.

The problem

After latest updates of add-on which resolved issue with not reconnecting with cloudflare after internet loose, know it stopping whole add-on after couple of service restart

What version of Cloudflared has the issue?

2.0.7

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

additional_hosts: []
external_hostname: xxxx
tunnel_name: xxxx
tunnel_token: ''
data_folder: ssl

Anything in the logs that might be useful for us?

2022-08-11T03:53:30Z INF Switching to fallback protocol http2 connIndex=1 ip=198.41.192.37
2022-08-11T03:53:30Z ERR Connection terminated error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=1
2022-08-11T03:53:30Z WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with `quic` protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress connectivity as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ports-and-ips/
If you are using private routing to this Tunnel, then UDP (and Private DNS Resolution) will not work unless your cloudflared can connect with Cloudflare Network with `quic`. connIndex=3 ip=198.41.192.47
2022-08-11T03:53:30Z INF Switching to fallback protocol http2 connIndex=3 ip=198.41.192.47
2022-08-11T03:53:30Z ERR Connection terminated error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=3
[05:53:34] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:34] WARNING: Connection attempt 15/24 before restart.
2022-08-11T03:53:38Z ERR Unable to establish connection with Cloudflare edge error="TLS handshake with edge error: read tcp 172.30.33.5:57668->198.41.200.33:7844: i/o timeout" connIndex=0 ip=198.41.200.33
2022-08-11T03:53:38Z ERR Serve tunnel error error="TLS handshake with edge error: read tcp 172.30.33.5:57668->198.41.200.33:7844: i/o timeout" connIndex=0 ip=198.41.200.33
2022-08-11T03:53:38Z ERR Unable to establish connection with Cloudflare edge error="TLS handshake with edge error: read tcp 172.30.33.5:36660->198.41.200.73:7844: i/o timeout" connIndex=2 ip=198.41.200.73
2022-08-11T03:53:38Z ERR Serve tunnel error error="TLS handshake with edge error: read tcp 172.30.33.5:36660->198.41.200.73:7844: i/o timeout" connIndex=2 ip=198.41.200.73
2022-08-11T03:53:38Z INF Retrying connection in up to 4s seconds connIndex=2 ip=198.41.200.73
2022-08-11T03:53:38Z INF Retrying connection in up to 1s seconds connIndex=0 ip=198.41.200.33
[05:53:39] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:39] WARNING: Connection attempt 16/24 before restart.
2022-08-11T03:53:40Z ERR Connection terminated error="TLS handshake with edge error: read tcp 172.30.33.5:57668->198.41.200.33:7844: i/o timeout" connIndex=0
2022-08-11T03:53:41Z ERR Connection terminated error="TLS handshake with edge error: read tcp 172.30.33.5:36660->198.41.200.73:7844: i/o timeout" connIndex=2
[05:53:44] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:44] WARNING: Connection attempt 17/24 before restart.
[05:53:49] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:49] WARNING: Connection attempt 18/24 before restart.
[05:53:54] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:54] WARNING: Connection attempt 19/24 before restart.
[05:53:59] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:53:59] WARNING: Connection attempt 20/24 before restart.
[05:54:04] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:04] WARNING: Connection attempt 21/24 before restart.
[05:54:09] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:09] WARNING: Connection attempt 22/24 before restart.
[05:54:15] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:15] WARNING: Connection attempt 23/24 before restart.
[05:54:20] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:20] WARNING: Connection attempt 24/24 before restart.
[05:54:20] ERROR: Restarting Cloudflared service
2022-08-11T03:54:20Z INF Initiating graceful shutdown due to signal terminated ...
[05:54:25] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:25] WARNING: Connection attempt 1/24 before restart.
[05:54:30] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:30] WARNING: Connection attempt 2/24 before restart.
[05:54:35] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:35] WARNING: Connection attempt 3/24 before restart.
[05:54:40] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:40] WARNING: Connection attempt 4/24 before restart.
[05:54:45] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:45] WARNING: Connection attempt 5/24 before restart.
2022-08-11T03:54:50Z INF Tunnel server stopped
2022-08-11T03:54:50Z INF Metrics server stopped
[05:54:50] INFO: cloudflared stoped, restarting...
[05:54:50] INFO: Connecting Cloudflared Tunnel...
2022-08-11T03:54:50Z INF Starting tunnel tunnelID=2980eb59-08c0-4aba-9d23-4827715e2f48
2022-08-11T03:54:50Z INF Version 2022.7.1
2022-08-11T03:54:50Z INF GOOS: linux, GOVersion: go1.17.10, GoArch: amd64
2022-08-11T03:54:50Z INF Settings: map[config:/tmp/config.json cred-file:/ssl/cloudflared/tunnel.json credentials-file:/ssl/cloudflared/tunnel.json loglevel:info metrics:localhost:36500 no-autoupdate:true origincert:/ssl/cloudflared/cert.pem]
2022-08-11T03:54:50Z INF Generated Connector ID: 02385f46-ec33-435c-989c-845149e4fca5
2022-08-11T03:54:50Z INF Initial protocol quic
2022-08-11T03:54:50Z INF Starting metrics server on 127.0.0.1:36500/metrics
[05:54:51] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:51] WARNING: Connection attempt 6/24 before restart.
[05:54:56] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:54:56] WARNING: Connection attempt 7/24 before restart.
2022-08-11T03:55:00Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.7.1&os=linux\": dial tcp: lookup update.argotunnel.com on 127.0.0.11:53: read udp 127.0.0.1:60131->127.0.0.11:53: i/o timeout"
[05:55:01] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:55:01] WARNING: Connection attempt 8/24 before restart.
[05:55:06] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:55:06] WARNING: Connection attempt 9/24 before restart.
[05:55:11] WARNING: Connection unavailable, rechecking in 5 seconds.
[05:55:11] WARNING: Connection attempt 10/24 before restart.
2022-08-11T03:55:15Z ERR Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.11:53: server misbehaving"
2022-08-11T03:55:15Z ERR Please try the following things to diagnose this issue:
2022-08-11T03:55:15Z ERR   1. ensure that argotunnel.com is returning "origintunneld" service records.
2022-08-11T03:55:15Z ERR      Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
2022-08-11T03:55:15Z ERR   2. ensure that your DNS resolver is not returning compressed SRV records.
2022-08-11T03:55:15Z ERR      See GitHub issue https://github.com/golang/go/issues/27546
2022-08-11T03:55:15Z ERR      For example, you could use Cloudflare's 1.1.1.1 as your resolver:
2022-08-11T03:55:15Z ERR      https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
2022-08-11T03:55:15Z INF Tunnel server stopped
2022-08-11T03:55:15Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.11:53: server misbehaving"
2022-08-11T03:55:15Z INF Metrics server stopped
Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.11:53: server misbehaving
[05:55:15] WARNING: cloudflared crashed, halting add-on
[05:55:15] INFO: cloudflared stoped, restarting...
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service healthcheck: stopping
[05:55:15] INFO: healthcheck stoped, restarting...
s6-rc: info: service healthcheck successfully stopped
s6-rc: info: service cloudflared: stopping
[05:55:15] INFO: cloudflared stoped, restarting...
s6-rc: info: service cloudflared successfully stopped
s6-rc: info: service init-cloudflared-config: stopping
s6-rc: info: service init-cloudflared-config successfully stopped
s6-rc: info: service init-cloudflared-log: stopping
s6-rc: info: service init-cloudflared-log successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Steps to reproduce the issue

Just have unstable internet

Additional information

No response

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

I recently thought about changing the location for cert.pem and tunnel.json from /data to /{ssl or share}/cloudflared.
This would benefit in making both files reusable on other hosts for redundancy.

I also thought about providing the possibility to add config.yml (.yml, not .json) manually. Which, if file exists, leads to starting clouflared tunnel with the manually created config file. This would benefit allow making more complex service configuration with other ingress config options.

In my opinion this could be realized with another optional configuration option (e.g. "data_path").

Describe alternatives you've considered

Additional context

In addition I would suggest (independent of "data_path") moving the automatically created config.json file outside the persistent /data storage as it is regenerated on every restart either way.

@brenner-tobias I could take a look at it tonight if you think the changes make sense as well.

Describe the bug
On clean install and first run tunnel.json does not have TunnelName property.
Maybe the new version of cloudflared creates the file diferently?

After copy pasting tunnel.json from the logs, adding "TunnelName":"homeassistant" and restarting it works fine.

To Reproduce
Clean install, config and enable debug logging, first run.
Authorized correctly, then error:

DEBUG: Tunnnel name read from file: null
WARNING: Tunnel name in file does not match config, removing tunnel file
and exit.

Logs

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
-----------------------------------------------------------
 Add-on: Cloudflared
 Use a Cloudflared tunnel (formerly Argo Tunnel) to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
 Add-on version: 0.5.2
 You are running the latest version of this add-on.
 System: Home Assistant OS 7.4  (amd64 / qemux86-64)
 Home Assistant Core: 2022.3.1
 Home Assistant Supervisor: 2022.01.1
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 00-cloudflared-log.sh: executing... 
[cont-init.d] 00-cloudflared-log.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
Log level is set to DEBUG
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] 10-cloudflared-config.sh: executing... 
[18:01:02] INFO: Checking Add-on config...
[18:01:03] INFO: Checking for existing certificate...
[18:01:03] NOTICE: No certificate found
[18:01:03] INFO: Creating new certificate...
[18:01:03] NOTICE: 
[18:01:03] NOTICE: Please follow the Cloudflare Auth-Steps:
[18:01:03] NOTICE: 
Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.cloudflareaccess.org%2F63dYTIhGuV#######redacted#######
Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
[18:01:45] INFO: Authentication successfull, moving auth file to the '/data' folder
[18:01:45] INFO: Checking for existing certificate...
[18:01:45] INFO: Existing certificate found
[18:01:45] INFO: Checking for existing tunnel...
[18:01:45] NOTICE: No tunnel file found
[18:01:45] INFO: Creating new tunnel...
Tunnel credentials written to /data/tunnel.json. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel homeassistant with id #######redacted#######-b94a-b74e0eb05301
Tunnel Token: eyJhIjoiOGQyOTQwYTUzODE#######redacted#######
[18:01:46] DEBUG: Created new tunnel: {"AccountTag":"#######redacted#######8e5e1815","TunnelSecret":"#######redacted#######1DTiKc6Eacqw63A=","TunnelID":"#######redacted#######-b94a-b74e0eb05301"}
[18:01:46] INFO: Checking for existing tunnel...
[18:01:47] INFO: Existing tunnel with ID #######redacted#######-b94a-b74e0eb05301 found
[18:01:47] INFO: Checking if existing tunnel matches name given in config
[18:01:47] DEBUG: Tunnnel name read from file: null
[18:01:47] WARNING: Tunnel name in file does not match config, removing tunnel file
[18:01:47] FATAL: Failed to create tunnel

Is your feature request related to a problem? Please describe.
As of now, 'additional_hosts' can only be set as subdomains. Cloudflared additionally offers for the rule to set paths for subdomains, so only a specific path of a (sub)domain would match the rule. For example if you only want to match 'ha.example.com/home', you could deine 'hostname' as 'ha.example.com' and 'path' as "/home".

Describe the solution you'd like
Add another optional option within 'additional_hosts' called 'path' to define a path when needed.

Describe alternatives you've considered
Thinking about offering another array option to completely override the 'additional_hosts' config, which is 1:1 reflecting the 'ingress' array of the Cloudflared configuration.

Additional context
See detailed documentation here.

Describe the bug

To Reproduce

I tried to set two and they don't work with the same error:

additional_hosts:
  - hostname: sip.home.felipecrs.com
    service: http://192.168.1.10:8088
  - hostname: router.home.felipecrs.com
    service: http://192.168.1.1

Expected behavior
I guess they were supposed to work as the example?

Screenshots
Added above.

Add-On / Home Assistant Information (please complete the following information):

All latest to-date. Please let me know if you think the version matters.

• Add-On Version: 0.2.3
• Supervisor Version: 2021.12.2
• Core Version: 2021.12.10
• Operating System: HassOS 7.1
• Devices: J4125

Additional context
Am I doing something wrong or did I misunderstand something?

Any chances for the tunnel allowing CCTV feed to be broadcast? If yes, do we need to add ingress into the setup?

Is your feature request related to a problem? Please describe.
Expose MQTT ports.

Describe the solution you'd like
Possibility to create also other tunnels for other ports.

Within my system logs - I'm getting this message "22-02-07 10:34:39 WARNING (MainThread) [supervisor.addons.options] Option 'nginxproxymanager' does not exist in the schema for Cloudflared"

I'm not currently using nginx proxy manager for anything. Is there an advantage to using it, in addition to the cloudflare tunnel? Currently I'm using the tunnel to access HA, and one additional host. I have a domain through cloudflare.