# Mongonaut

## Zero Trust Tunnel

> Category: Security

---

## Pages

- [About Mongonaut](https://mongonaut.org/about-mongonaut)
- [Installation](https://mongonaut.org/installation)

### Security

- [Zero Trust Tunnel](https://mongonaut.org/security/zero-trust-tunnel)

---

# Zero Trust Tunnel

This guide explains how to secure your **Mongonaut** instance using **Cloudflare Zero Trust**, ensuring that only authorized users can access the interface.

---

## Prerequisites

1. **Cloudflare Account** with Zero Trust enabled.
2. **Domain registered with Cloudflare** (e.g., [example.com](http://example.com)).
3. **Mongonaut Container** running on your server.

---

## Setting up Cloudflare Zero Trust Tunnel

For the basic setup of a Cloudflare Zero Trust Tunnel, please follow the official step-by-step guide: [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/)

The key steps in the process are:

1. **Creating a tunnel** in the Cloudflare Zero Trust Dashboard
2. **Installing and configuring cloudflared** on your server
3. **Setting up a public hostname** for your application
4. **Defining access policies** for user authentication

---

## Configuring Mongonaut with Cloudflare Tunnel

After setting up the Cloudflare Tunnel following the official guide, customize the configuration for Mongonaut:

### 1. Configure Hostname for Mongonaut

When setting up the public hostname in the Cloudflare Zero Trust Dashboard:

- **Subdomain**: `mongonaut` (or any name of your choice)
- **Domain**: Your domain registered with Cloudflare
- **Service**: `http://localhost:8081` (default Mongonaut port)

### 2. Configure Access Rules

Create an access rule in the Zero Trust Dashboard for your Mongonaut application:

1. Navigate to **Access > Applications > Add an application**
2. Select **Self-hosted** as the application type
3. Configure:
  - **Name**: Mongonaut
  - **Domain**: `mongonaut.example.com` (your configured subdomain)
4. Create at least one policy defining who should have access:
  - **Policy name**: Mongonaut Access
  - **Configure rules**: Choose email addresses, IP ranges, or access groups
  - **Setup authentication**: Select your preferred authentication method

### 3. Secure Mongonaut with Docker

Ensure your Mongonaut container is running on the correct port:

```yaml name="docker-compose.yml"
services:
  mongonaut:
    image: ghcr.io/withzu/mongonaut
    ports:
      - 8081:8081
    environment:
      MONGO_CONNECTION_URL: mongodb://mongo:27017/
    networks:
      - mongo-network
  # ... other services ...
```