7 hours ago
hii
I'm trying to use Cloudflare for SaaS (Custom Hostnames) with a Railway application to support multiple customer domains.
My setup
Railway application running normally.
Railway default URL works.
Added fwp.csam.in as a custom domain in Railway.
fwp.csam.in points to my Railway app and returns HTTP 200.
In Cloudflare for SaaS:
Fallback Origin is configured.
Custom Origin Server is set to fwp.csam.in.
Customer domain example:
si.sanyaji.top
The customer completed all required DNS verification (TXT and CNAME).
SSL certificate has been successfully issued by Cloudflare.
Problem
When I access:
https://fwp.csam.in → Works (HTTP 200)
https://si.sanyaji.top → Returns:
HTTP/2 404
x-railway-fallback: true
Railway shows:
"The train has not arrived at the station."
This suggests the request reaches Railway, but Railway does not route it to my service.
My question
Is Railway compatible with Cloudflare for SaaS Custom Hostnames without registering every customer domain as a Railway custom domain?
If so, is there a required Host Header override or any additional configuration needed on Railway or Cloudflare?
If not, is the recommended approach to place a Cloudflare Worker or reverse proxy in front of Railway?
I'd appreciate any guidance from anyone who has successfully deployed Cloudflare for SaaS with Railway.
Thanks!
3 Replies
7 hours ago
This thread has been opened as a bounty so the community can help solve it.
Status changed to Open Railway • about 7 hours ago
7 hours ago
where in my domain or in client domain
3 hours ago
I've run into the same situation. What i did is instead of using the domain option i created a TCP proxy on the service (should be next to the add domain button). This will give you an actual port. Then you can create a destination rule or something on Cloudflare (not sure what its called) to set the target port (all rules you make in your Cloudflare zone where SaaS is setup is passed over to client domains (really nice :D). Set the fallback hostname to the proxy domain it gives you before the colon (so for example thomas.proxy.railway:4521 you only put in thomas.proxy.railway as the dns record. Then use the rule to set the port (match * or anything not matching your own domain). This will bypass the Railway HTTP proxy so things like http logs and firewall will not work but most of those things work through CF anyway. There is a Host header override aswell but i think thats restricted to enterprise plans on CF.