My system is a store for game servers, similar to tebex.

When I point to a custom domain, I get an error.

This error occurs when I try to access the custom domain that is pointed to in the CNAME.

From what I've seen in the documentation, do I need to register each of my clients' domains in your dashboard?

My current setup, railway and Cloudflare (DNS and CF for SaaS). Is there anything wrong with it?

I am getting the error “Invalid SSL certificate” when pointing to the domain hyren.luccabassoli.com (example domain for a customer's store). This domain is pointed to cname.hyren.net and configured in Cloudflare for SaaS, which I use their API to register.

@Chandrika can you helpme?

Please don't ping team members! #🛂｜readme 5)

https://railway.com/project/a249c202-a55b-4056-ba53-b026dc8e9e76/service/e19716d5-ba32-4710-8aa1-6c8fb534661d/settings?environmentId=6f6a08fd-2401-4db7-b4ea-a6010a671557

Hi?

Hi?

Hey @Lucca Bassoli, I'm trying to understand your case. Do you have multiple client domains that you want Railway to support? Are these domains dynamic rather than static?

||sorry for accidental ping ludwig||

If that's a yes, then I'm afraid your case isn't supported. Railway currently only supports a set of known domains. I'm guessing that your use case is some kind of shop that users can create and is known by their own custom domain.

I have a system where my system's client can point their domain through cname. I release a cname (cname.hyren.net) and it points to domain.tld, but when it points, it does not show the website and gives an SSL error. Do I need to register the client's domain in the railway domains?

Yes, you're required to register your client's domain in Railway.

Is there a limit? Can I change my limits? Because I would need to run more than 100 stores.

Yes, the Pro Plan is limited to 20 domains per service. The Railway Team might increase this limit upon request.

https://discord.com/channels/713503345364697088/1145752999235432508/1443232929244250155

I saw that thread, but it seems they didn't get anywhere.

So it seems to me that this is not possible to do on the Railroad.

On Railway no, on Cloudflare, yes.

Okay, but I use Cloudflare for SaaS. How can I point to the application? How do I do that in Cloudflare?

I'm sorry but we cannot provide support for 3rd party services, I'll let the community assist with that.

I'm unfamiliar with Cloudflare SaaS, but I'm testing how it would work on your specific setup, give me a minute.

I've managed to figure it out, but be aware, it's quite complicated to follow.

1. Since Cloudflare only allows Host header rewrites on Enterprise plans, we'll not be able to use Railway's proxy so deploy an Nginx instance on Railway and expose it via TCP proxy to access its port directly.

2. Configure Cloudflare SaaS. When defining your fallback origin (where traffic routes), specify your TCP proxy's domain without the port number as a CNAME.

3. Create an origin rule in Cloudflare to route all incoming traffic to Railway's TCP proxy port.

4. Under Cloudflare's SSL/TLS settings, enable Flexible encryption mode to allow the HTTP traffic.

If you really want to proceed with it, let me know and I can guide you through their dashboard using screenshots. However, I completely understand if you choose not to, as unfortunately, I don't think Railway is the best option for you in this situation.

Maybe the team can increase your domain limits, after which you'll be able to complete the task either manually or via API until Railway develops a more effective solution for this issue.

1. You can do it with snippets -

Only available on Pro Plans and above. I won't be able to help here on how to set up the snippets as I don't have the Pro Plan. But in theory, it should be a simple script to rewrite the Host header to be yours and then include an extra header to identify which domain it is.

Humm

I am interested in continuing, as Ralway is a good place to deploy and I already have several applications with them. If you could help me with step-by-step instructions on printing 🙂 That would even help the community.

Cloudflare Snippets is only available on the Pro plan. I am currently on Cloudflare's free plan. I only pay for their SaaS.

I think if you are running a business and you use Cloudflare it would be reasonable to be on their Pro plan?

If I can do it for free, there's no reason to pay for it. I don't have that many customers. I only use their routing for SaaS and some blocking rules. But I intend to pay for it. I just don't see much reason to do so yet.

Great, just give me sometime to get off work (might take awhile), i'll mention you here.

Okay, thanks for your help. I look forward to hearing from you!

Hey, are you available now?

Hi

I wasn't home at that time, but if you want, you can send it and I'll take a look. I don't think we'll be able to synchronize due to the time zones, haha.

@Lucca Bassoli Are you able to follow it? If you have any questions, just send them here. I'll be active.

How do I upgrade nginx? The Railway template I saw here doesn't save the data correctly.

Can you send me your DNS record settings? Mine already has flexible SSL.

Sorry for delay, I would recommend using the Nginx Proxy Manager as it offers a nice UI to manage it

I installed that one, but it isn't saving the data. It seems that when it restarts, it loses the credentials and settings. How did you solve that?

Mine is like that too.

I reinstalled nginx proxy manager. How are your settings in it?

It isn't? will confirm

Instead of Nginx Proxy Manager, use something else

Instead of Nginx Proxy Manager, use the Caddy template.

1. Deploy the template

2. Click on the service created, go to settings and then eject, follow instructions to eject

3. On the repository created by Railway, modify the Caddyfile to be something like this:

:{$PORT} {
    reverse_proxy :
}

What is the caddy template? I don't understand.

This template? https://railway.com/deploy/7uDSyj

This one https://railway.com/deploy/TETV8z

Try that first and then I'll get you a better config that handles service replicas and more

Ok

It seems to me that what I sent is the same, isn't it?

Change made

remove everything else

just keep the lines from 1-3

Removed

Now should I point the CNAME to this service?

Great, did you already enable Cloudflare SaaS?

Yes

Now, you'll add a TCP proxy to your Caddy application

This?

Yep, first add the PORT environment variable to your service, PORT=8080 is define

A gente está falando em ingles e agora vi que vc é br 😐

On here, each customer you add will need to be added there, you can remove your CNAME

Ok

Yeah, but Railway wants to keep every message in here in English. It keeps things more organized.

Ok

The custom host name cname.hyren.net has been deleted.

Which door should I put here?

Set 8080

Done

Railway will give you a combination of domain:port, create a CNAME pointing to the domain only

Ok

Done

Now, add that CNAME as a fallback origin

No, sorry

give me a minute

Ok

After you've added that CNAME, create another one that points to that one

So if you've created proxy-fallback.hyren.net thats points to Railway for example, create another CNAME that points to that, for example customers.hyren.net points to proxy-fallback.hyren.net

And then add the proxy-fallback.hyren.net into Cloudflare SaaS as a fallback origin

Like this?

Oops, cname.hyren.net is missing go to proxy-fallback.hyren.net.

Done

No, on Railway remove the custom domain

you should get the combination below it shuttle.<…>

And then create a CNAME to it

That way?

Great, just fix this

Fixed

Now we'll create a page rule to redirect all traffic to that Railway port

Can you find where we can create that? I don't have the URL unfortunately

It should be in the sidebar, named as "rules" or "origin rules"

Yes

I am on the page.

No, it's another one

Should be in the same category in the sidebar

Try "Visão geral"

Click on "Nova Regra"

Sorry, go to "Modelos" and then navigate to the last page, where you should find a "Change Port" template.

For me, that option is not available.

It does not appear on the list.

It's the last page, first item

Can you click on it and send me the link it redirected you to? I'll change the parameters according to my account.

https://dash.cloudflare.com/SOMERANDOMHASH/MY_DOMAIN/rules/origin-rules/new?template=change-port

Good!

It worked haha, I'm here.

Great, now on Rewrite to set 23113 (the same as Railway), also make sure to set the following Custom Filter Expression

Done

That should've been the last step but I'm unable to connect to your Caddy service, are you sure it's up? http://shuttle.proxy.rlwy.net:23113/

Yes, but it seems that it is not on the correct port where the TCP proxy was generated. From what I can see in the logs, it is running on another port.

2019 or 80?

Definitely weird, you added the PORT environment variable, right?

If not, maybe try 2019 on Railway

True, I hadn't seen the email. It's running at 80.

http://shuttle.proxy.rlwy.net:23113/

working now

I'm seeing it's working https://hyren.luccabassoli.com/ 👀

One question: do I need to register cname.hyren.net in the application?

In the application, it is as follows

No, cname.hyren.net is not used.

Ok

Every customer that you add simply needs to be added on Cloudflare

If you want to automate that, Cloudflare has APIs for that.

I can no longer access the main domain. Do I need to point it to the CNAME?

Maybe it's related to the SSL/TLS flexible option as Cloudflare is now sending HTTP traffic instead of HTTPS

ERRTOOMANY_REDIRECTS is occurring

What you can do is turn on the Full option.

And then change your Caddy config to generate a self signed certificate
Something like this should do the trick:

{
    acme_ca internal
}

:${PORT} {
    tls internal
    reverse_proxy :
}

To be sure, turn on the Full option first and see if it recovers the main domain

I activated Full, the main domain came back, but the one using cname stopped working.

yeah, then follow my instructions here

Ok

change :${PORT} to :{$PORT}

A new error occurred

Error: adapting config using caddyfile: automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: []certmagic.Issuer(nil) != []certmagic.Issuer{(*caddytls.InternalIssuer)(0xc0002d3560)}

Resolved

Great, any more issues that you're having?

None, thank you very much for your help! 🤝 🇧🇷

https://tenor.com/view/brasil-mentioned-brasil-mentioned-brahma-anime-gif-15357834161136461942