a year ago
We want to create a staging environment that is behind a VPN. Is this possible with Railway. This would be three services, React app, GraphQL server, and postgres server. All hosted on railway in one project, one environment. Thanks
2 Replies
a year ago
What do you mean by "behind a vpn"?
Another words you could not access it without a VPN profile if you tried to hit the API, connect to the DB, or go to the webapps address
a year ago
I see. That would be something you would have to build yourself. My first thought would be to set up a single service in front of all three that proxies each other service to a different endpoint on a given domain. The "gate" service would somehow verify that you're using the VPN, letting you through to the requested endpoint if you are. I'm not super familiar with the inner workings of VPNs, but would checking the requestor IP address be enough?
a year ago
@Brody any ideas?
Thanks for the Feedback, the requirements:
Connect from anywhere in the world
Restrict all access to the environment without creds/vpn or whatever it may be
a year ago
Like I said, this is likely going to be something you build out yourself. It'll be worth doing your own research on this
Just wondered if this may be built into Railway already, sounds like its not part of the offering atm. For sure thanks Adam
a year ago
Is this possible on Railway? Definitely, and we'll help you every step of the way with the integration. But the ability to firewall everything is not something Railway provides atm
a year ago
I'll definitely be looking into this, it would need to be a VPN server that supports tunneling in TCP or maybe something like tailscale.
edit, not finding any simple vpn solutions
8 months ago
Hey guys looks like we got some official documentation on how to do this with tailscale https://docs.railway.app/tutorials/set-up-a-tailscale-subnet-router tried following it, cannot seem to get connected to my react/vite railway service using the internal address after following the tutorial + using tailscale client. What is the exact address i would use to hit my internal service say for example test.railway.internal
8 months ago
yep thats what i was going to link, my tailscale guide.
if your internal domain is test.railway.internal then you would hit [http://test.railway.internal](http://test.railway.internal):
If you are on mac / linux you may need to accept the routes in your tailscale client as well.
additionally, since Railway's internal network is IPv6 only, your applications need to listen on IPv6
8 months ago
Daniel, my last message got formatted incorrectly during the bridging, here is the corrected text -
if your internal domain is test.railway.internal then you would hit - http://test.railway.internal:<the port your app listens on>