Turning on DNS Proxy stops access to site

What is the name of the domain?

homeassistant.mydomain.org

What is the issue you’re encountering

Unable to connect to site when DNS Proxy is enabled.

What steps have you taken to resolve the issue?

I have two servers on my LAN – a raspberry pi, which I use for hosting a web app, and recently I have added a virtual machine (running on an Ubuntu host) which runs the Home Assistant Operating System.

I have setup my router to forward incoming requests on port 443 to the raspberry pi, and requests on port 2053 to the Home Assistant server.

The raspberry pi uses a letsencrypt script to obtain a certificate (my-pi.mydomain.org) and I have installed the Letsencrypt Add On on the HA server (homeassistant.mydomain.org).

My DNS is hosted with Cloudflare. Both sub-domains point to the same external IP address using ‘A’ records.

With the DNS Proxy turned on for the raspberry pi, everything is working as it should (and has done for many years). And if I turn the DNS proxy off for the HA, I can also access the server fine, using https://homeassistant.mydomain.org:2053 However, when I turn the Cloudflare DNS Proxy on for the HA server, the connection stops working – the App simply says connection lost and a web browser says 400 Bad Request. (One frustrating thing I have found is that it takes up to 10 minutes before a Cloudflare change takes effect, which has caused quite a bit of confusion and makes things slow to test).

So in my mind, there must be a problem with Cloudflare connecting to the HA server. The SSL/TLS setting is set to Full (strict).

As far as I can tell, port 2053 is supported by Cloudflare – (new user – so can’t add link)

I have cleared the cookies in the browser, and I have cleared the Cloudflare cache.

I’ve been using the Trace tool. If I run a trace to my-pi site I get a HTTP Status Code of 200 OK. But if I run a trace to my homeassistant site, I get a HTTP 526 error. I have followed the suggestions on the page for this error (new user – so can’t add link) The curl command in idea 1. Returned a 200 OK (and it has only just been created). I don’t really understand idea 3 (but I don’t have any CNAME records).

If I run the SSL checker at sslshopper (new user – can’t add link) it returns success. I have uninstalled the HA Letsencrypt addon and re-installed it with the same result.

How can I tell what the problem is (so that I can then take steps to fix it)?

What feature, service or problem is this related to?

DNS records

May I ask if you’ve added Cloudflare IPs to the Trusted Proxies in your HA setup? :thinking:

On the below link, there is also a way to add Cloudflare Origin CA SSL certificate to the HomeAssistant.

I’ve used HA on a virtual machine for my work at school for a “smart classroom” which was connected to the HDL devices, sensors, etc…, but my setup was via the cloudflared tunnel.

Cloudflare IPs: