a year ago
So we're a bit lost when it comes to network security.
Basically what's going on is that we have a running backend app > aaaand we're expecting to be DDoS-ed 1 or 2 times > which lead us to setting up cloudflare.
Now, we don't know if setting up this https://railway.app/template/cf-tunnel would do the job and (in case of yes) if there's anyone willing to help us, whether as a paid Railway service or what not (We're not trying to stretch the ToS or anything, we just don't know whats allowed and what not to ask/do in here)
35 Replies
a year ago
this is definitely a question for the community, so you are in the right place!
What do you currently have setup?
Just a NestJs app with like 4 endpoints, all available to public, no authentication layer, and some lenient rate limits
a year ago
do you have a custom domain set on it?
a year ago
is that with cloudflare?
a year ago
who is the domain with right now?
a year ago
im talking about who the domain is with
a year ago
are the nameservers also namecheap?
a year ago
okay so you want to use cloudflare for ddos protection, there's two main ways to do that -
use Cloudflare's proxy with the CNAME railway gave you.
you will need to remove and replace the domain to get a new CNAME.
this means traffic to your site would go through cloudflare's proxy and then through railway's proxy.use cloudflare's tunnel .
for this you would not have any custom or railway provided domain in your railway service and the domain would solely be managed by cloudflare.
this means traffic would go through cloudflare's proxy and into the private network to communicate with your application directly, bypassing railways proxy entirely.
either option would require you to use cloudflare's nameservers, so go ahead and do that anyway.
bypassing railway proxy
does the railway proxy apply some additional filters / black box magic good stuff or it's irrelevant for the task at hand?
a year ago
it doesn't provide any ddos mitigations for an individual users application, but it's an extra layer that could be eliminated
a year ago
did you need help with that? it can be tricky the first time around
we kinda do need help with everything that has the word "cloudflare" in it (which is I guess out of bounds in this case), let alone the railway cloudflare component 😂
a year ago
this is a railway server so we have to draw a line in the sand on what we can and can't help with but I'd say helping you setup a cloudflare tunnel is within reach since it's tightly integrated with railway
well, we gotta clear the first hurdle first before getting to railway, which is setting up a cloudflare proxy with the appropriate rules
a year ago
you aren't even using cloudflare yet, you are jumping a few steps there
no, in the begining we assumed this template was a do it all kind of thing, but now we got a better picture
a year ago
first you need to start using cloudflare's nameservers -
can close this ticket, went the easy route without tunneling, since we're using duplex communication and it looks like we might encounter some issues
also, this was a lifesaver https://discord.com/channels/713503345364697088/1238796472716099606/1241738857528168509
a year ago
you now just have your domain managed by cloudflare?
a year ago
sounds good