Zmeel supports two runtime modes. You choose your mode during zmeel onboard and can change it later with zmeel configure --section server.
Modes at a glance
| Mode | Login required | Best for |
|---|
local_trusted | No | Solo use on your own machine |
authenticated + private | Yes | Team access over a private network (Tailscale, VPN, LAN) |
authenticated + public | Yes | Internet-facing or cloud deployment |
local_trusted is the default and the easiest way to get started. It binds only to localhost — nothing is exposed to the network.
local_trusted
The simplest mode. No login, no credentials — just run Zmeel and access the dashboard at http://localhost:3100.
- Loopback-only host binding (localhost)
- No login flow required
- Fastest local startup
Use this for personal, single-operator workflows on your own machine.
Do not expose local_trusted to a public network. It has no authentication layer.
authenticated
Login is required for all access. Choose between two exposure policies:
private
For access over a private network (Tailscale, VPN, or LAN).
- Login required
- Low-friction URL handling — Zmeel detects the base URL automatically
- Suitable for a small team sharing a self-hosted instance
public
For internet-facing deployments.
- Login required
- You must provide an explicit public URL during setup
- Stricter checks run during
zmeel doctor
Changing your mode
Run the interactive server configuration:
zmeel configure --section server
Migrating from local_trusted to authenticated
If you’ve been running in local_trusted mode and switch to authenticated, Zmeel emits a one-time board claim URL on startup. Visit that URL while signed in to claim board ownership and avoid being locked out.
The claim URL looks like:
http://localhost:3100/board-claim/<token>?code=<code>