Cannot connect to atlas mongodb through cloudflared proxy

Hi team.

I’m running mongo in private network. It’s hidden from public internet.
I’m trying to proxy traffic through Cloudflare tcp tunnel.

But I see that Compass is trying to access IP of a public endpoint. Of course it fails because our atlas mongo cluster is hidden from the internet:

image666×781 49.1 KB

Why is Compass doing this? Is there a way to force it to use only my proxied localhost ports?

mongosh is having the same behavior.
If I open atlas to the internet the proxied connection string above works correctly. But I want to avoid public access.

Hi @Ivan_Sabelnikov - Welcome to the community

I’m running mongo in private network. It’s hidden from public internet.

Based off the details of the post and the replicaSet value, I presume you are referring to an Atlas cluster. When you state that it is hidden from the public internet, do you mean that you have configured Network Peering Connection?

I’m trying to proxy traffic through Cloudflare tcp tunnel .

I’m not too familiar with the Cloudflare TCP tunnel you’ve linked but based off the same documentation page, more specifically the requirements:

• A Cloudflare account
• A site active on Cloudflare
• The cloudflared daemon installed on the host and client machines

The third requirement is for the cloudflared daemon to be installed on both the host and client machines. If the host machine (or client machine) is to be the Atlas nodes then this won’t be possible.

If I open atlas to the internet the proxied connection string above works correctly. But I want to avoid public access.

Can you clarify what you mean by opening atlas to the internet? Do you mean adding the CIDR 0.0.0.0/0 to your Network Access List so that it allows access from anywhere?

Perhaps setting either of the following may suit your use case:

• Set Up a Network Peering Connection
  Note: Atlas supports Network Peering connections for AWS, Google Cloud, and Azure-backed and multi-cloud dedicated clusters.

• Set Up a Private Endpoint for a Dedicated Cluster
  Note: MongoDB Atlas supports private endpoints on:

  • AWS using the AWS PrivateLink feature,
  • Azure using the Azure Private Link feature, and
  • Google Cloud using the Google Cloud Private Service Connect feature.

Atlas is secure by default as communications are encrypted using TLS and has IP access list capabilities which limits exposure of the Atlas endpoints to certain IP’s which user’s control. You may find the Atlas Security page useful as it includes much more detailed information regarding Atlas Security. On the page, you’ll also be able to download the Atlas Security Controls white paper.

Regards,
Jason