2 months ago
Currently, Railway’s TCP Proxy provides a stable way to expose raw TCP services (e.g. WebSocket game servers), but it does not support attaching custom domains or SSL certificates. This limits developers who want secure wss:// connections.
Please add support for:
Mapping custom domains (e.g.
server.mydomain.com) to TCP Proxy endpoints.Automatic or manual SSL/TLS certificate management (similar to how HTTP services use Let’s Encrypt).
Optionally, exposing TCP Proxy traffic over port 443 for secure WebSocket connections (
wss://).
Why it matters:
This would let developers host persistent, secure WebSocket or game servers directly on Railway — maintaining stability and ease of deployment — without needing to set up an external reverse proxy or Cloudflare tunnel. It would make Railway a complete solution for real-time apps and multiplayer backends.
Example use case:
A Node.js/Socket.IO game server using Railway’s TCP Proxy could serve players securely via wss://server.example.com, rather than a raw tcp://...railway.app:12345 endpoint.
0 Threads mention this feature
2 Replies
2 months ago
That would be great, I'm also for that feature.
21 days ago
I’d like to add my support for this feature. We’re running Kafka on Railway using the TCP Proxy, and since the proxy doesn’t provide TLS, all Kafka traffic is currently unencrypted unless we implement SSL ourselves inside Kafka. For a small early-stage startup this adds a lot of overhead (keystores, truststores, certificate management, client configs, etc.).
Having built-in TLS for TCP Proxy — the same way Railway handles HTTPS for HTTP services — would make it much easier and safer to expose Kafka externally without extra infrastructure. This feature would help us a lot.