3 months ago
I have a project (https://railway.com/project/e3464d1e-7a9d-4dad-ae70-08e9b454f87f?) that I'm trying to access via tailscale. I've followed the tailscale subnet router tutorial (https://docs.railway.com/tutorials/set-up-a-tailscale-subnet-router) and can reach the subnet router from elsewhere on my tailnet. That is,ping jobradar-production responds. (jobradar-production is the name in tailscale so this makes ense.) However, ping ping tailscale.railway.internal, which should be the same machine does not work. It looks like the Tailscale Subnet Router template does not include a TUN device:
# railway ssh --project=e3464d1e- ... "tailscale status --json" | tailscale status --json | grep TUN
"TUN": false,which The tailscale docker guide (https://hub.docker.com/r/tailscale/tailscale), suggests I need for outgoing connections (see bottom of the page). I've approved the subnets and added split routing (as outlined in the railway tutorial) in my tailscale admin console. Am I missing something here? Am I trying to do this all wrong?
8 Replies
3 months ago
The subnet router has a lot of pitfalls, I would instead recommend setting up the Tailscale Forwarder -
3 months ago
Let me know if you have any questions!
I have it working, but I had to hard-code the connection mapping as 80:jobradar.railway.internal:8080 When I tried to use variables like ${{Web Server.PORT}} they were undefined and the deployment failed.
3 months ago
Ah yes, PORT would need to be defined on the target service, but you would not need to hardcode the private domain; you can (and should) still reference that.
So If I have a section in my railway.toml like:
[[services]]
name = "web"
...Then I can write 80:${{web.RAILWAY_PRIVATE_DOMAIN}}:8080? is that right?
3 months ago
That is not valid syntax for a railway.toml file.