For starters, do not use your public URL. Those should be set to your private domain.

Second, the line resolver 127.0.0.1; indicates that Nginx should look exclusively on itself its DNS. You can just remove that line in both places.

If you want to use nginx, you have to specify a ipv6 dns resolver in your config to resolve your private domains, please see:

https://station.railway.com/questions/nginx-with-private-networking-upstream-8d7ce3c3

thanks loudbook for the quick response, what you said is true. just placing public domains to test this is actually working
I changed them to private with ports...
despite that, nginx service is alive now and it is redirecting to my frontend
however is still failing with backend... i already set my proxy public domain in ALLOWED_HOST but this didnt work

with some debugging functions added to nginx now it returns

2025/05/24 14:58:23 [error] 8#8: *9 no resolver defined to resolve backend, client: 100.64.0.3, server: _, request: "GET /admin HTTP/1.1", host: "proxy-production-87bf.up.railway.app"

May 24 11:58:24

100.64.0.3 - - [24/May/2025:14:58:23 +0000] "GET /admin HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

hi mjablonski, i made the changes you said:

Still not being able to connect to backend and had the following error on proxy logs:
2025/05/24 15:08:30 [error] 2#2: *1 backend could not be resolved (3: Host not found), client: 100.64.0.2, server: localhost, request: "GET /admin HTTP/1.1", host: "proxy-production-87bf.up.railway.app"

this is my nginx.conf:

```

server {
    listen 8080;
    server_name localhost;

    # Internal DNS server
    resolver [fd12::10] ipv6=on valid=1s;
    set $proxy_pass_url http://backend:8000;

    # SSL configuration for upstream connections
    proxy_ssl_server_name on;
    proxy_ssl_protocols TLSv1.2 TLSv1.3;
    proxy_ssl_verify off;  # Only use this in development/testing

    # Backend routes
    location ~ ^/(api/v1|admin|static/static|media|ping) {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass $proxy_pass_url;
    }

    # Frontend routes
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://frontend:8080;
    }
}
```

is that server_name config the problem?

Could be a problem, it should be save to remove it.

Maybe you should try to use backend.railway.internal?

no, that didnt worked either :(

maybe im missing something here:
my proxy public url (https://<proxy.RAILWAY_PUBLIC_DOMAIN>/) is working fine... its redirecting to frontend which also is making requests to my backend public url (https://<backend.RAILWAY_PUBLIC_DOMAIN>) with /api/v1 requests

HINT:
this is django stuff:
i also configured backend's ALLOWED_HOST and CSRF_TRUSTED_ORIGINS also has both public proxy/frontend urls
```
ALLOWED_HOSTS=".railway.app, 0.0.0.0, localhost, 127.0.0.1, backend.railway.internal, ${{RAILWAY_PUBLIC_DOMAIN}}, proxy.railway.internal, ${{proxy.RAILWAY_PUBLIC_DOMAIN}}"

CSRF_TRUSTED_ORIGINS="https://${{RAILWAY_PUBLIC_DOMAIN}}, http://*, https://${{proxy.RAILWAY_PUBLIC_DOMAIN}}"
```

but i dont understand why it fails when trying to connect from my proxy public host directly using my browser:
example:
https://{proxy.RAILWAY_PUBLIC_DOMAIN}/admin FAILS
https://{proxy.RAILWAY_PUBLIC_DOMAIN}/api/v1 FAILS

```
2025/05/24 16:03:03 [error] 5#5: *12 connect() failed (111: Connection refused) while connecting to upstream, client: 100.64.0.4, server: , request: "GET /api/v1 HTTP/1.1", upstream: "http://[<some_random_IP>]:8000/api/v1", host: "<proxy.RAILWAY_PUBLIC_DOMAIN>"
```

never mind guys...
this last thing i mention is something related to Remix SSR i still don't dominate...
i have configured vite to reverse proxy to using backend.RAILWAY_PUBLIC_DOMAIN

that means /api/v1 requests from backend are using vite proxy config rather than using nginx, that's why frontend app is working using backend requests.

but nginx is still not redirecting to my backend

Using just backend and frontend won't work either, by the way. You have to use the private IPs as given to you by each Railway service.

proxy app is currently redirecting to http://frontend:8080 when i use 80 port

ok, i made several tests right now and the main problem is in connecting my django app (backend) with nginx.
This is my final nginx.conf:

events {
    worker_connections 1024;
}

http {
    server {
        listen 8080;

        location /ping {
            access_log off;
            add_header 'Content-Type' 'text/plain';
            return 200 "pong";
        }

        # Backend routes
        location ~ ^/(api/v1|admin|static/static|media) {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://backend:8000;
        }

        # Frontend routes
        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://frontend:8080;
        }
    }
}

backend is perfectly running on PORT 8000. Also has a $PORT variable and when deployed is running with gunicorn:
this is log after immediately being deployed
*** I replaced backend.RAILWAY_PUBLIC_DOMAIN and proxy.RAILWAY_PUBLIC_DOMAIN values***
```
****************************************************************************************************

DEBUG False

ALLOWED_HOSTS ['.railway.app', '0.0.0.0', 'localhost', '127.0.0.1', 'backend.railway.internal', <backend.RAILWAY_PUBLIC_DOMAIN>, 'proxy.railway.internal', <proxy.RAILWAY_PUBLIC_DOMAIN>]

PORT 8000

****************************************************************************************************
Starting gunicorn 23.0.0
Listening at: http://0.0.0.0:8000 (5)
Using worker: sync
Booting worker with pid: 6
```

When deployed proxy service is running:
https://<proxy.RAILWAY_PUBLIC_DOMAIN>/ping. -> IS WORKING
https://<proxy.RAILWAY_PUBLIC_DOMAIN>/ -> IS WORKING

https://<proxy.RAILWAY_PUBLIC_DOMAIN>/admin -> NOT WORKING
```
[error] 15#15: *1 upstream timed out (110: Operation timed out) while connecting to upstream, client: 100.64.0.2, server: , request: "GET /admin HTTP/1.1", upstream: "http://[<my_backend_IP>]:8000/admin", host: "<proxy.RAILWAY_PUBLIC_DOMAIN>"
"GET /admin HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

```
https://<proxy.RAILWAY_PUBLIC_DOMAIN>/api/v1 -> NOT WORKING

```
[error] 15#15: *8 upstream timed out (110: Operation timed out) while connecting to upstream, client: 100.64.0.3, server: , request: "GET /api/v1 HTTP/1.1", upstream: "http://[<my_backend_IP>]:8000/api/v1", host: "<proxy.RAILWAY_PUBLIC_DOMAIN>"
"GET /api/v1 HTTP/1.1" 504 569 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
```

You will definitely need the resolver in nginx config, otherwise it is not able to resolve the internal ipv6 domain names.

resolver [fd12::10] ipv6=on valid=1s;

A lot of people run into problems with nginx and Railway, so the recommended best practice is to use Caddy (https://caddyserver.com), which is much easier to setup.

You'll likely need to make gunicorn listen on the ipv6 network:

--bind [::]:5000

And put the resolver line in your server block.