10 months ago
PID: f9ec452d-2faf-4231-b569-992e4b5ae37c
I've got 3 services (FE, BE, DB)
I need the FE to be accessible from outside, and it should access the BE - but the BE should be private and inaccesible from the outside.
The services are already up and running and I don't want to break prod so pls help š
12 Replies
sorry, i'm not a support guy, just some other random user..
First, are you certain BE & DB are already accessible from outside?
In any case, the way railway networking works is that by default (maybe depends on the template you used?) none of your services are exposed to the internet unless you explicitly allow public access in the service configuration, by assigning a domain name under "public networking"
If you want the services to not be accessible, but have already assigned public domain/public access - simply remove that under the "Public networking" section on each service
and make sure that your public services that should have access to the private services are accessing the private services on the private network - easiest/simplest is to use the provided internal names.. (see section under "private networking" where there's a text "You can simply call me XXXXX")
and of course, i recommend doing this first on your development environment
If you want a more official response from somebody else, you can feel free to ignore this commentā¦ I'm just some guy
this kinda confirmes what i already suspected, which might be exactly what i needed
the easiest thing you can do is to just open eg. BE's service configuration panel. look at what it says under "Public networking"..
for my services that are private, the public networking section looks like this:
i suppose the interface might be more clear about static explicitly that this service is not accessible from the public internet with the current configuration
Hm I've tried doing that and now the FE doesn't get responses from the BE LOL. š
Technically, the FE gives the user a Vue page, and the Vue page pings the BE - which means the requests are coming from outside Railway.
10 months ago
Unfortunately since the requests arenāt coming from the frontend service but rather from a userās computer, you will not be able to use the private network for the FE <-> BE communication. The BE <-> DB communication should absolutely be on the private network though
10 months ago
You could set up a middleware or set a header for all requests sent from your frontend so that your backend knows which requests to let through and which to throw out
in that case I would consider your BE service a public one, and secure it appropriately.