3 months ago
Hi. I'm new to hosting apps. I've deployed a couple now, but I've always done it from a Railway Template. I've tried doing one from a Github fork, but it failed.
My concern with using a template is they are created by users and not necessarily the developer of the app I want to deploy. Since they aren't official, I worry more about malicious template builders, but I don't know if that's even a thing. What is the template builder capable of? Is the template pulling from Github?
Thank you for helping me understand.
9 Replies
3 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
3 months ago
You can look into the template and see what servers are being hosted. If it's malicious, feel free to make a report to Railway, Github (if it's a Github repository), or the image registry (if the service image is hosted there).
What's the template builder capable of?
Builds a template from the current project
Is the template pulling from Github?
Only if the services are being hosted from Github repositories
3 months ago
Thank you. In one case it's hosted from https://hub.docker.com/r/sissbruecker/linkding. Other than that there's no other meaningful data from the Template. It has a few self explanatory env variables.
3 months ago
https://github.com/sissbruecker/linkding
There's a link in the description that takes you to their documentation, which you can then find a link to the Github.
0x5b62656e5d
https://github.com/sissbruecker/linkdingThere's a link in the description that takes you to their documentation, which you can then find a link to the Github.
3 months ago
I've read their documentation. I know the Github address. I know they have a Docker file (which I can't use at Railway), but didn't know about the Docker repo. Know all of that doesn't really answer my question.
0x5b62656e5d
https://github.com/tianheg/linkding-on-railwayThis was in their documentation...
3 months ago
Yes, I saw that too, and that's how I deployed, but I still don't see how that info answers my question.
3 months ago
I have no idea what you want to ask. I have already answered your two questions.
What is the template builder capable of? Is the template pulling from Github?
0x5b62656e5d
I have no idea what you want to ask. I have already answered your two questions.What is the template builder capable of? Is the template pulling from Github?
3 months ago
You did?
You can look into the template and see what servers are being hosted. If it's malicious, feel free to make a report to Railway, Github (if it's a Github repository), or the image registry (if the service image is hosted there).
This did help me understand where the code is coming from, but I have to assume if it's a public repository (i.e., not theirs) the template builder can't do anything in the middle. That's the code, but can the template builder do anything to the code, can the builder do bad things with the configs (i.e., set variable passwords, keys, etc)? It looks like it, so as a template deploy-er, I have to understand each env setting, and accept what I put in there is what stays in there privately?
Everything after your first post, which I appreciated, was just pointing me to documentation that did not address my questions.