2 years ago
So all examples i can find and searches of tthese questions show the service starting on the give $PORT with just ListenAndServe() and no example of listening using https.
I know that railway provides certs to the outside world, but is this telling me that within the local network, it is HTTP only?
I have read the public networking guide and the techincal reference, but they are a bit light on information to be honest.
3 Replies
2 years ago
That's correct, apps listening on HTTP will only be exposed over HTTP in a private network. Because it's a private network, there isn't really a potential for man-in-the-middle attacks, and so there isn't really a security risk there. Do you have any suggestions on how the docs could be improved?
2 years ago
While I don't believe that anyone at Railway would be intercepting network traffic it makes me slightly uneasy, though encryption itself is no panacea. I presume this is an internal switched network.
Perhaps the guide could be upgraded to explicitly point this out?
2 years ago
As aleks has stated there is no need to listen on https when using the private network, furthermore the private network lives inside an encrypted wiregaurd tunnel already.