2 months ago
Hi there. I run a Django application on Railway. I have a custom management command that creates a database backup and uploads it to my own SFTP server. I've been using this command with success for some time. Now suddenly the command doesn't work anymore because the connection to the SFTP server times out. I tested the command locally and it works fine, and I can connect and upload files to the SFTP server with FileZilla. Hence my conclusion is that there is something wrong with connecting to my SFTP server from Railway.
Since my command is based on Fabric, I ran railway ssh and then opened a Python session to run a very basic test:
root@a6017fa24300:/app# python
Python 3.13.11 (main, Dec 30 2025, 00:43:19) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from fabric import Connection
>>> h=os.getenv("SFTP_HOST")
>>> u=os.getenv("SFTP_USER")
>>> p=os.getenv("SFTP_PASSWORD")
>>> c=Connection(host=h,user=u,port=22,connect_kwargs={"password":p})
>>> with c.sftp() as sftp:
... print(sftp.listdir("."))As expected, after a long time this fails with:
TimeoutError: [Errno 110] Connection timed out
But succeeds when running it locally.
Any hints on this?
Regards,
Francisco
8 Replies
2 months ago
This is likely an outbound networking limitation on Railway. Port 22 / SFTP isn’t guaranteed and outbound ip rotate, so connections can start timing out. Since it also fails from railway ssh, its not your code. Using HTTPS storage like S3 or R2 or Static Outbound ip on Pro should fix it.
2 months ago
Whitelist Railway outbound IP ranges (Railway support can provide these)
OR move SFTP to a server that doesn’t IP-restrict
OR switch to S3 / R2 / Backblaze (Railway-friendly)
2 months ago
Thanks for your answers. How is using a static IP supposed to fix the issue? I'm not aware of my SFTP server blocking any of Railway's IPs nor having a whitelisting feature. It's a DreamHost SFTP server by the way.
fvicent
Thanks for your answers. How is using a static IP supposed to fix the issue? I'm not aware of my SFTP server blocking any of Railway's IPs nor having a whitelisting feature. It's a DreamHost SFTP server by the way.
2 months ago
fair question. Static outbound IP dont fix SFTP by default. They only help when the remote side requires or benefits from a consistent source IP like whitelisting, rate rules, etc
In your case, since Dreamhost doesnt do IP whitelisting for SFTP, a static IP probably wont change anything. The important signal is that it also times out from railway ssh, which points to a Railway outbound networking / port-22 issue rather than your code. That why this tends to be flaky on Railway and why HTTPS-based storage S3,R2,B2 is usually the safer option there.
a month ago
Thanks for your reply. If that's the case then I'd expect it at least to be documented and have a consistent behavior. And it's not clear to me the logic behind blocking outgoing connections to port 22. These are the kind of weird things that push me away from Railway to be honest.
An official reply from the Railway team would be appreciated as well.
a month ago
app’s source IP can change
If your SFTP host blocked or changes rules you’ll see exactly what you’re seeing no success
as others probably said your host could be blocking railways assigned IP most likely, you might be able to test via ssh using
getent ahosts "$SFTP_HOST"
# or
nc -vz -w 5 "$SFTP_HOST" 22
a month ago
Running nc times out as expected.
To be sure, I contacted DreamHost support about this issue and they say there is no record of their firewall blocking my service's IP. Just in case, I asked them to whitelist the current IP of my service (it hasn't rotated yet) and I still get a connection timeout from Railway. So it looks to me this is on Railway's side.
a month ago
From Railway:
root@1f82834d0ff6:/app# nc -vz -w 5 "$SFTP_HOST" 22
... [...] 22 (ssh) : Connection timed out
From my machine:
docker run -t --rm --network=host --name=ncs subfuzion/netcat -vz -w 5 "$SFTP_HOST" 22
Connection to ... 22 port [tcp/ssh] succeeded!