diff --git a/cloudflared/DOCS.md b/cloudflared/DOCS.md index ad03ffcb..078ac5f1 100644 --- a/cloudflared/DOCS.md +++ b/cloudflared/DOCS.md @@ -126,6 +126,10 @@ chunked transfer encoding. This is useful if you are running a WSGI server, like Proxmox for example. Visit [Cloudflare Docs][disablechunkedencoding] for further information. +When `use_builtin_proxy` is enabled, you can also add `internalOnly: true` to a +hostname to only allow access to it from within your local network. When this +service is accessed from Cloudflare, it will return a 403 Forbidden. + Please find below an example entry for three additional hosts: ```yaml @@ -215,6 +219,69 @@ in Cloudflare by adding a CNAME record with `*` as name. Finally, you have to set-up your proxy hosts in Nginx Proxy Manager and forward them to wherever you like. +### Option: `use_builtin_proxy` + +If enabled, the connection to Home Assistant and additional hosts will be made +through the built-in Caddy proxy. This allows a unified access to Home +Assistant and additional hosts even within your local network. + +**Note**: _This option is disabled by default._ + +Here is how you can leverage the built-in Caddy proxy for local access: + +1. These additional add-on ports needs to be exposed through the add-on + _Configuration_ page > _Network_: + - `80/tcp` for HTTP access + - `443/tcp` for HTTPS access (this will also enable automatic HTTPS + certificates and HTTP to HTTPS redirection) + - `443/udp` for HTTP/3 QUIC access + + To expose them, click _Show disabled ports_ and repeat their port numbers in + each of them: + - `80` for the `80/tcp` port + - `443` for the `443/tcp` port + - `443` for the `443/udp` port + +1. Set your local DNS server to resolve the `external_hostname` and any + `hostname` of `additional_hosts` to the local IP of your Home Assistant + instance. + + Example: set `ha.example.com` and `router.example.com` to resolve to + `192.168.1.10`. + + If you are using OpenWRT, you can do it from _Network_ > _DHCP and DNS_ > + _DNS Records_ > _Hostnames_. + + If you are using AdGuard Home, you can do it from _Filters_ > _DNS rewrites_. + + If you are using some other DNS server, please refer to its documentation. + +1. Confirm that the `external_hostname` and any `hostname` of `additional_hosts` + are resolving to the local IP of your Home Assistant. + + Example: run `nslookup ha.example.com` and `nslookup router.example.com` in + your terminal and check that the output shows the local IP of your Home + Assistant instance, and not Cloudflare's IP addresses. + +1. Access your Home Assistant instance via the `external_hostname` or access + your additional hosts via their `hostname`s defined in `additional_hosts` in + your browser. + + Example: `https://ha.example.com/` or `https://router.example.com/`. + + And confirm everything works as expected. + +1. Optionally, you can set `additional_hosts` entries with `internalOnly: true` + to only allow access to them from within your local network. When such + service is accessed from Cloudflare, it will return a _403 Forbidden_. Don't + forget to set the DNS entries for these hosts too. + +Congratulations! You are now using the built-in proxy to access your Home +Assistant instance and additional hosts locally, through a unified URL without +having to swap between internal and external URLs. Also, you saved a lot of +time by not having to set up a reverse proxy like Nginx Proxy Manager yourself, +including handling the HTTPS certificates and HTTP to HTTPS redirection. + ### Option: `post_quantum` If you want Cloudflared to use post-quantum cryptography for the tunnel, diff --git a/cloudflared/Dockerfile b/cloudflared/Dockerfile index 31da4ed9..9d7ad9ae 100644 --- a/cloudflared/Dockerfile +++ b/cloudflared/Dockerfile @@ -2,12 +2,16 @@ FROM ghcr.io/hassio-addons/base:19.0.0 # Set S6 verbosity level ENV S6_VERBOSITY="1" +# Enable Caddy service only if enabled in config +ENV S6_STAGE2_HOOK="/etc/s6-overlay/s6-rc.d/caddy/condition_caddy.sh" # Setup base ARG BUILD_ARCH="amd64" # renovate: datasource=repology depName=yq packageName=alpine_3_22/yq-go versioning=loose ARG YQ_VERSION="4.47.2-r1" +# renovate: datasource=github-releases depName=caddy packageName=caddyserver/caddy +ARG CADDY_VERSION="2.10.2" # renovate: datasource=github-releases depName=cloudflared packageName=cloudflare/cloudflared versioning=loose ARG CLOUDFLARED_VERSION="2025.11.1" diff --git a/cloudflared/config.yaml b/cloudflared/config.yaml index 4647149d..8a8d9f14 100644 --- a/cloudflared/config.yaml +++ b/cloudflared/config.yaml @@ -22,15 +22,23 @@ options: additional_hosts: [] ports: 36500/tcp: null + 80/tcp: null + 443/tcp: null + 443/udp: null +privileged: + # https://hub.docker.com/_/caddy#linux-capabilities:~:text=caddy_container_id%20caddy%20reload-,Linux%20capabilities,-Caddy%20ships%20with + - NET_ADMIN schema: external_hostname: str? additional_hosts: - hostname: str service: str disableChunkedEncoding: bool? + internalOnly: bool? tunnel_name: str? catch_all_service: str? nginx_proxy_manager: bool? + use_builtin_proxy: bool? tunnel_token: str? post_quantum: bool? run_parameters: diff --git a/cloudflared/rootfs/build.sh b/cloudflared/rootfs/build.sh index a75960cd..e271d1ba 100755 --- a/cloudflared/rootfs/build.sh +++ b/cloudflared/rootfs/build.sh @@ -10,6 +10,22 @@ set -eux # yq is to avoid depending on Home Assistant API on startup apk add --no-cache yq-go="${YQ_VERSION}" +# Adapt the architecture to the caddy specific names if needed +# see HA archs: https://developers.home-assistant.io/docs/add-ons/configuration/#:~:text=the%20add%2Don.-,arch,-list +# see Caddy archs: https://github.com/caddyserver/caddy/releases +case "${BUILD_ARCH}" in +"aarch64") + caddy_arch="arm64" + ;; +*) + caddy_arch="${BUILD_ARCH}" + ;; +esac + +# Download the caddy bin +wget -q -O- "https://github.com/caddyserver/caddy/releases/download/v${CADDY_VERSION}/caddy_${CADDY_VERSION}_linux_${caddy_arch}.tar.gz" | + tar -xzf- -C /usr/bin caddy + # Adapt the architecture to the cloudflared specific names if needed # see HA archs: https://developers.home-assistant.io/docs/add-ons/configuration/#:~:text=the%20add%2Don.-,arch,-list # see Cloudflared archs: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation diff --git a/cloudflared/rootfs/etc/caddy/Caddyfile.gtpl b/cloudflared/rootfs/etc/caddy/Caddyfile.gtpl new file mode 100644 index 00000000..6d9fc6a8 --- /dev/null +++ b/cloudflared/rootfs/etc/caddy/Caddyfile.gtpl @@ -0,0 +1,74 @@ +{ + # We don't use the admin API + admin off + # There is no need to persist the generate json configuration + persist_config off + # There is no need to attempt installing the root CA + skip_install_trust + {{ if not .auto_https }} + # Disable automatic generation of Let's Encrypt certificates + local_certs + {{ end }} + log { + # More friendly logging format than the default json + format console + } +} + +# Used for communication between Cloudflared and Caddy +https://caddy.localhost { + tls internal + + # Used to ensure Caddy is ready before starting Cloudflared + respond /healthz 200 + + respond 403 +} + +{{ if .ha_external_hostname }} +{{ .ha_external_hostname }} { + @cloudflared remote_ip 127.0.0.1 + + reverse_proxy @cloudflared {{ .ha_service_url }} { + # https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#caddy + header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} + {{ if hasPrefix "https://" .ha_service_url }} + transport http { + tls_insecure_skip_verify + } + {{ end }} + } + + reverse_proxy {{ .ha_service_url }} {{ if hasPrefix "https://" .ha_service_url }}{ + transport http { + tls_insecure_skip_verify + } + }{{ end }} +} +{{ end }} + +{{ range $i, $e := .additional_hosts }} +{{ $e.hostname }} { + @cloudflared remote_ip 127.0.0.1 + {{ if $e.internalOnly }} + # Block connections from Cloudflared as service is internal only + handle @cloudflared { + respond 403 + } + {{ else }} + reverse_proxy @cloudflared {{ $e.service }} { + header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} + {{ if hasPrefix "https://" $e.service }} + transport http { + tls_insecure_skip_verify + } + {{ end }} + } + {{ end }} + reverse_proxy {{ $e.service }} {{ if hasPrefix "https://" $e.service }}{ + transport http { + tls_insecure_skip_verify + } + }{{ end }} +} +{{ end }} diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/check_readiness.sh b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/check_readiness.sh new file mode 100755 index 00000000..80ec999c --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/check_readiness.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +exec curl --fail --silent --output /dev/null --max-time 1 \ + --cacert /data/caddy/pki/authorities/local/root.crt \ + https://caddy.localhost/healthz diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/condition_caddy.sh b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/condition_caddy.sh new file mode 100755 index 00000000..6103a621 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/condition_caddy.sh @@ -0,0 +1,11 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Add-on: Cloudflared +# +# Decides whether to run Caddy based on the use_builtin_proxy setting or not. +# ============================================================================== + +if bashio::config.true 'use_builtin_proxy'; then + touch /etc/s6-overlay/s6-rc.d/user/contents.d/caddy +fi diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/dependencies.d/prepare b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/dependencies.d/prepare new file mode 100644 index 00000000..e69de29b diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/finish b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/finish new file mode 100755 index 00000000..e9424688 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/finish @@ -0,0 +1,30 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Add-on: Cloudflared +# Take down the S6 supervision tree when Caddy fails +# ============================================================================== + +readonly exit_code_service="${1}" +readonly exit_code_signal="${2}" +exit_code_container=$(cat /run/s6-linux-init-container-results/exitcode) +readonly exit_code_container +readonly service="caddy" + +bashio::log.info \ + "Service ${service} exited with code ${exit_code_service}" \ + "(by signal ${exit_code_signal})" + +if [[ "${exit_code_service}" -eq 256 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo $((128 + exit_code_signal)) >/run/s6-linux-init-container-results/exitcode + fi + if [[ "${exit_code_signal}" -eq 15 ]]; then + exec /run/s6/basedir/bin/halt + fi +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" >/run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/notification-fd b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/notification-fd new file mode 100644 index 00000000..00750edc --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/notification-fd @@ -0,0 +1 @@ +3 diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/run b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/run new file mode 100755 index 00000000..1abffc37 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/run @@ -0,0 +1,6 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash + +bashio::log.info "Starting Caddy..." +exec s6-notifyoncheck -c /etc/s6-overlay/s6-rc.d/caddy/check_readiness.sh \ + env XDG_DATA_HOME=/data caddy run --config /etc/caddy/Caddyfile diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-kill b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-kill new file mode 100644 index 00000000..9e703691 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-kill @@ -0,0 +1 @@ +15000 diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-up b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-up new file mode 100644 index 00000000..9e703691 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/timeout-up @@ -0,0 +1 @@ +15000 diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/type b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/caddy/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/prepare/run.sh b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/prepare/run.sh index 8396e096..a20cbba9 100755 --- a/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/prepare/run.sh +++ b/cloudflared/rootfs/etc/s6-overlay/s6-rc.d/prepare/run.sh @@ -37,6 +37,14 @@ validateConfigAndSetVars() { fi bashio::log.debug "external_hostname: ${external_hostname}" + # Set and validate 'use_builtin_proxy' + if bashio::config.true 'use_builtin_proxy'; then + use_builtin_proxy=true + else + use_builtin_proxy=false + fi + bashio::log.debug "use_builtin_proxy: ${use_builtin_proxy}" + # Set and validate 'additional_hosts' if bashio::config.has_value 'additional_hosts'; then additional_hosts=$(bashio::jq "$(bashio::addon.config)" ".additional_hosts[]") @@ -265,14 +273,29 @@ createConfig() { config=$(bashio::jq "${config}" ".\"credentials-file\" += \"${data_path}/tunnel.json\"") # Add Service for Home Assistant if 'external_hostname' is set - if bashio::config.has_value 'external_hostname'; then - config=$(bashio::jq "${config}" ".\"ingress\" += [{\"hostname\": \"${external_hostname}\", \"service\": \"${ha_url}\"}]") + if bashio::var.has_value "${external_hostname}"; then + if bashio::var.true "${use_builtin_proxy}"; then + config=$(bashio::jq "${config}" ".\"ingress\" += [{\"hostname\": \"${external_hostname}\", \"service\": \"https://caddy.localhost\"}]") + else + config=$(bashio::jq "${config}" ".\"ingress\" += [{\"hostname\": \"${external_hostname}\", \"service\": \"${ha_url}\"}]") + fi fi # Check for configured additional hosts and add them if existing local additional_host local disableChunkedEncoding for additional_host in "${additional_hosts[@]}"; do + # Make Cloudflared always reach the Caddy proxy if enabled + if bashio::var.true "${use_builtin_proxy}"; then + additional_host=$(bashio::jq "${additional_host}" '.service = "https://caddy.localhost"') + elif bashio::var.true "$(bashio::jq "${additional_host}" ".internalOnly")"; then + # Avoid accidental exposure of internal services when not using Caddy + continue + fi + + # internalOnly is only relevant for Caddy, not for Cloudflared + additional_host=$(bashio::jq "${additional_host}" "del(.internalOnly)") + # Check for originRequest configuration option: disableChunkedEncoding disableChunkedEncoding=$(bashio::jq "${additional_host}" ". | select(.disableChunkedEncoding != null) | .disableChunkedEncoding ") if ! [[ ${disableChunkedEncoding} == "" ]]; then @@ -303,8 +326,15 @@ createConfig() { fi fi - # Deactivate TLS verification for all services - config=$(bashio::jq "${config}" ".ingress[].originRequest += {\"noTLSVerify\": true}") + if bashio::var.true "${use_builtin_proxy}"; then + # With Caddy we can avoid noTLSVerify and also can use HTTP/2 + # Even HTTP/3 is possible, but Cloudflared does not support it yet: + # https://developers.cloudflare.com/speed/optimization/protocol/http3/ + config=$(bashio::jq "${config}" '(.ingress[] | select(.service == "https://caddy.localhost") | .originRequest) += {"caPool": "/data/caddy/pki/authorities/local/root.crt", "http2Origin": true}') + else + # Deactivate TLS verification for all services + config=$(bashio::jq "${config}" ".ingress[].originRequest += {\"noTLSVerify\": true}") + fi # Write content of config variable to config file for cloudflared local default_config="/tmp/config.json" @@ -336,6 +366,11 @@ createDNS() { local additional_host local hostname for additional_host in "${additional_hosts[@]}"; do + if bashio::var.false "${use_builtin_proxy}" && bashio::var.true "$(bashio::jq "${additional_host}" ".internalOnly")"; then + # Avoid accidental exposure of internal services when not using Caddy + continue + fi + hostname=$(bashio::jq "${additional_host}" ".hostname") bashio::log.info "Creating DNS entry ${hostname}..." cloudflared --origincert="${data_path}/cert.pem" tunnel --loglevel "${CLOUDFLARED_LOG}" route dns -f "${tunnel_uuid}" "${hostname}" || @@ -367,6 +402,44 @@ setCloudflaredLogLevel() { } +# ------------------------------------------------------------------------------ +# Configure the built-in Caddy proxy +# ------------------------------------------------------------------------------ +configureCaddy() { + bashio::log.trace "${FUNCNAME[0]}" + + bashio::log.info "Configuring built-in Caddy proxy..." + + if [[ "$(bashio::addon.port "443/tcp")" == "443" ]]; then + bashio::log.info "Internal port 443/tcp is exposed to host port 443, enabling automatic HTTPS for local proxy" + local auto_https=true + else + bashio::log.info "Internal port 443/tcp is not exposed to host port 443, not enabling automatic HTTPS for local proxy" + local auto_https=false + fi + + bashio::log.info "Generating Caddyfile..." + additional_hosts_json=$(bashio::jq "$(bashio::addon.config)" ".additional_hosts") + tempio_input=$( + jq -n \ + --argjson auto_https "${auto_https}" \ + --arg ha_external_hostname "${external_hostname}" \ + --arg ha_service_url "${ha_url}" \ + --argjson additional_hosts "${additional_hosts_json}" \ + '{auto_https: $auto_https, ha_external_hostname: $ha_external_hostname, ha_service_url: $ha_service_url, additional_hosts: $additional_hosts}' + ) + bashio::log.debug "Tempio input for generating Caddyfile:\n${tempio_input}" + tempio -template /etc/caddy/Caddyfile.gtpl -out /etc/caddy/Caddyfile <<<"${tempio_input}" + bashio::log.debug "Generated Caddyfile:\n$(cat /etc/caddy/Caddyfile)" + + bashio::log.info "Validating Caddyfile..." + caddy fmt --overwrite --config /etc/caddy/Caddyfile || bashio::exit.nok "Caddyfile formatting failed, please check the logs above." + caddy validate --config /etc/caddy/Caddyfile || bashio::exit.nok "Caddyfile validation failed, please check the logs above." + + bashio::log.info "Adding host entry for communication between Cloudflared and Caddy..." + echo "127.0.0.1 caddy.localhost" | tee -a /etc/hosts +} + # ============================================================================== # RUN LOGIC # ------------------------------------------------------------------------------ @@ -390,6 +463,10 @@ main() { validateConfigAndSetVars + if bashio::var.true "${use_builtin_proxy}"; then + configureCaddy + fi + if ! hasCertificate; then createCertificate fi diff --git a/cloudflared/translations/de.yaml b/cloudflared/translations/de.yaml index 49a83648..945b7a52 100644 --- a/cloudflared/translations/de.yaml +++ b/cloudflared/translations/de.yaml @@ -38,6 +38,14 @@ configuration: name: Nginx-Proxy-Manager als Catch-All aktivieren description: >- Setzt das "Nginx-Proxy-Manager Add-on" als Catch-All-Dienst. + use_builtin_proxy: + name: Eingebauten Caddy proxy verwenden + description: >- + Die Verbindung zu Home Assistant und zusätzlichen Hosts wird über den + eingebauten Caddy-Proxy hergestellt. Dies ermöglicht einen einheitlichen + Zugang zu Home Assistant und zusätzlichen Hosts auch innerhalb Ihres + lokalen Netzwerks. Lesen Sie die Dokumentation für weitere Details. + Diese Option ist standardmäßig deaktiviert. tunnel_token: name: Cloudflare Tunnel Token description: >- @@ -45,4 +53,7 @@ configuration: Wird verwendet, wenn der Tunnel mit dem Cloudflare Dashboard eingerichtet wird. network: - 36500/tcp: Web-Interface für Metriken (36500/tcp) + 36500/tcp: Metriken-Web-Interface + 80/tcp: Eingebaute Caddy-Proxy-HTTP-Schnittstelle + 443/tcp: Eingebaute Caddy-Proxy-HTTPS-Schnittstelle + 443/udp: Eingebaute Caddy-Proxy-HTTP/3-QUIC-Schnittstelle diff --git a/cloudflared/translations/en.yaml b/cloudflared/translations/en.yaml index dbecedee..611fd10e 100644 --- a/cloudflared/translations/en.yaml +++ b/cloudflared/translations/en.yaml @@ -39,10 +39,21 @@ configuration: description: >- Sets the catch-all service to the "Nginx-Proxy-Manager Community Add-Ons" Add-on. + use_builtin_proxy: + name: Use built-in Caddy proxy + description: >- + The connection to Home Assistant and additional hosts will be made + through the built-in Caddy proxy. This allows a unified access to Home + Assistant and additional hosts even within your local network. Read the + documentation for more details. + This option is disabled by default. tunnel_token: name: Cloudflare Tunnel Token description: >- When set all other options will be ignored. Use this option if you set up the tunnel with the Cloudflare Dashboard. network: - 36500/tcp: Metrics Web Interface (36500/tcp) + 36500/tcp: Metrics Web Interface + 80/tcp: Built-in Caddy Proxy HTTP Interface + 443/tcp: Built-in Caddy Proxy HTTPS Interface + 443/udp: Built-in Caddy Proxy HTTP/3 QUIC Interface diff --git a/cloudflared/translations/fr.yaml b/cloudflared/translations/fr.yaml index b9308038..bdec65a5 100644 --- a/cloudflared/translations/fr.yaml +++ b/cloudflared/translations/fr.yaml @@ -38,10 +38,21 @@ configuration: name: Activer le service Catch-All de Nginx-Proxy-Manager description: >- Définir le service Catch-All sur le module complémentaire "Nginx-Proxy-Manager Community Add-Ons". + use_builtin_proxy: + name: Utiliser le proxy Caddy intégré + description: >- + La connexion à Home Assistant et aux hôtes supplémentaires sera établie + via le proxy Caddy intégré. Cela permet un accès unifié à Home Assistant + et aux hôtes supplémentaires même au sein de votre réseau local. Lisez + la documentation pour plus de détails. + Cette option est désactivée par défaut. tunnel_token: name: Token du tunnel Cloudflare description: >- Lorsque cette option est définie, toutes les autres options seront ignorées. Utilisez cette option si vous avez configuré le tunnel via le tableau de bord Cloudflare. network: - 36500/tcp: Interface web des métriques (36500/tcp) + 36500/tcp: Interface Web des Métriques + 80/tcp: Interface HTTP du Proxy Caddy Intégré + 443/tcp: Interface HTTPS du Proxy Caddy Intégré + 443/udp: Interface HTTP/3 QUIC du Proxy Caddy Intégré diff --git a/cloudflared/translations/he.yaml b/cloudflared/translations/he.yaml index 34031f5c..08d33757 100644 --- a/cloudflared/translations/he.yaml +++ b/cloudflared/translations/he.yaml @@ -36,10 +36,20 @@ configuration: name: הפעלת Catch-All Nginx-Proxy-Manager description: >- מגדיר את שירות catch-all להרחבה "Nginx-Proxy-Manager Community Add-ons". + use_builtin_proxy: + name: השתמש ב-Caddy proxy המובנה + description: >- + החיבור ל-Home Assistant ומארחים נוספים יתבצע דרך ה-Caddy proxy המובנה. + זה מאפשר גישה מאוחדת ל-Home Assistant ומארחים נוספים גם בתוך הרשת + המקומית שלך. קרא את התיעוד לפרטים נוספים. + אפשרות זו מושבתת כברירת מחדל. tunnel_token: name: אסימון מנהרת Cloudflare description: >- כאשר מוגדר, כל האפשרויות האחרות יתעלמו. יש להשתמש באפשרות זו בהגדרת המנהרה עם לוח המחוונים של Cloudflare. network: - 36500/tcp: ממשק אינטרנט למדדים (36500/tcp) + 36500/tcp: ממשק אינטרנט למדדים + 80/tcp: ממשק HTTP של Caddy Proxy המובנה + 443/tcp: ממשק HTTPS של Caddy Proxy המובנה + 443/udp: ממשק HTTP/3 QUIC של Caddy Proxy המובנה diff --git a/cloudflared/translations/nl.yaml b/cloudflared/translations/nl.yaml index 7630a1d0..4e223c2e 100644 --- a/cloudflared/translations/nl.yaml +++ b/cloudflared/translations/nl.yaml @@ -39,6 +39,14 @@ configuration: description: >- Gebruikt de "Nginx-Proxy-Manager Community Add-Ons" add-on als de catch-all dienst. + use_builtin_proxy: + name: Gebruik ingebouwde Caddy proxy + description: >- + De verbinding met Home Assistant en aanvullende hosts wordt gemaakt via + de ingebouwde Caddy proxy. Dit maakt een uniforme toegang tot Home + Assistant en aanvullende hosts mogelijk, zelfs binnen je lokale netwerk. + Lees de documentatie voor meer details. + Deze optie is standaard uitgeschakeld. tunnel_token: name: Cloudflare Tunnel Token description: >- @@ -46,4 +54,7 @@ configuration: Gebruik deze optie als je de tunel met het Cloudflare Dashboard instelt. network: - 36500/tcp: Webinterface voor statistieken (36500/tcp) + 36500/tcp: Webinterface voor Statistieken + 80/tcp: Ingebouwde Caddy Proxy HTTP Interface + 443/tcp: Ingebouwde Caddy Proxy HTTPS Interface + 443/udp: Ingebouwde Caddy Proxy HTTP/3 QUIC Interface diff --git a/cloudflared/translations/pl.yaml b/cloudflared/translations/pl.yaml index 30920b80..006348c5 100644 --- a/cloudflared/translations/pl.yaml +++ b/cloudflared/translations/pl.yaml @@ -39,10 +39,21 @@ configuration: description: >- Ustawia usługę catch-all na dodatek "Nginx-Proxy-Manager Community Add-Ons" + use_builtin_proxy: + name: Użyj wbudowanego proxy Caddy + description: >- + Połączenie z Home Assistant i dodatkowymi hostami będzie realizowane + przez wbudowane proxy Caddy. Umożliwia to jednolity dostęp do Home + Assistant i dodatkowych hostów nawet w sieci lokalnej. Przeczytaj + dokumentację aby uzyskać więcej szczegółów. + Ta opcja jest domyślnie wyłączona. tunnel_token: name: Token Tunelu Cloudflare description: >- Po ustawieniu wszystkie inne opcje zostaną zignorowane. Użyj tej opcji, jeśli skonfigurujesz tunel z Cloudflare Dashboard. network: - 36500/tcp: Metrics Web Interface (36500/tcp) + 36500/tcp: Interfejs Web Metryk + 80/tcp: Interfejs HTTP Wbudowanego Proxy Caddy + 443/tcp: Interfejs HTTPS Wbudowanego Proxy Caddy + 443/udp: Interfejs HTTP/3 QUIC Wbudowanego Proxy Caddy