Hey there! We've found the following might help you get unblocked faster:

• 🧵 Mixed Content: was loaded over HTTPS, but requested an insecure script This request has been blocked;

• 🧵 Mixed Content error when requesting to backend over railway internal

• 🧵 Error css or javascript files are loaded using http instead of https when deploy

• 📚 Errors

If you find the answer from one of these, please let us know by solving the thread!

Hi,

internal Railway URLs (.railway.internal) are HTTP-only and are meant for backend-to-backend communication inside Railway’s private network — they don’t support HTTPS.

That’s why:

• When your frontend (in the browser) tries to access them, you’ll get a mixed content error if your frontend is served over HTTPS but the internal URL is HTTP. Browsers block that for security reasons.

• Backend-to-backend calls should work fine with internal URLs, but only if both services are in the same Railway environment and there’s no HTTPS expectation.

So, to answer your questions:

1. Yes, internal URLs work between services in the same environment — but not from the browser, only from backend code.

2. To avoid mixed content errors in the browser, call your backend via its public HTTPS domain from the frontend, and let your backend internally talk to other services via their internal URLs.

3. If the frontend must directly call a service, then yes — you’ll need to use the public HTTPS URL.

set up a reverse proxy in the frontend service that routes API calls internally.

For example: /api → proxy to backend internal URL via server-side logic (avoids direct browser → HTTP call).

Is your ChromaDB instance and backend instance in the same Railway project? If not you will need to use the public url.

If they are in the same project. check whether the ports are right. Https should not affect your connection to cromaDB. Can you specify what error you are getting.

Is your ChromaDB instance and backend instance in the same Railway project? If not you will need to use the public url.

YES they are in the same railway project

The Core Concept: Public vs. Private Network

Think of your Railway project as having two networks:

• Public Network: This is the open internet. Any service with a public URL (e.g., my-app.up.railway.app) is accessible here. This network is secured with SSL, so all traffic must be HTTPS.

• Private Network: This is a secure, internal network that only the services within your project can access. Communication here is faster and doesn't count against usage limits. Because it's already secure, traffic on this network is plain HTTP.

The errors you're seeing are because you're attempting to use the wrong network for the job.

1. Frontend to Backend: The "Mixed Content" Error

This error happens on the client-side (in the user's browser).

• The Cause: Your frontend is loaded into the user's browser via its public, secure HTTPS address (https://your-frontend.up.railway.app). The JavaScript on that page then tries to make an API call to your backend's privateHTTP address (http://your-backend.railway.internal). Browsers have a strict security policy that forbids a secure page (HTTPS) from loading insecure resources (HTTP). This is what triggers the "mixed content" error.

• The Solution: All communication originating from a user's browser must go through the public network. You need to configure your frontend to call your backend's public HTTPS URL.

Action: In your frontend's environment variables, set the API endpoint to your backend's public domain.

VITE_API_URL=https://your-backend-service.up.railway.app

2. Backend to ChromaDB: Internal Connection Failure

This connection is happening on the server-side, entirely within Railway's infrastructure.

• The Cause: Your backend is trying to connect to ChromaDB using an incorrect URL. You might be attempting to use https (https://chroma.railway.internal) or the public URL. As explained above, the private network uses HTTP, not HTTPS. Internal services don't have SSL certificates for their .internal domains.

• The Solution: For any server-to-server communication, you must use the private network variables that Railway automatically provides. These point to the correct internal http address.

Action: In your backend code, build your connection string using the environment variables Railway injects for your ChromaDB service. For a service named chromadb, Railway provides variables like:

• RAILWAY_PRIVATE_DOMAIN (e.g., chromadb.railway.internal)

• PORT or CHROMA_PORT (e.g., 8000)

Your backend should connect to an address like: http://${RAILWAY_PRIVATE_DOMAIN}:${PORT}. Always use http.

Answering Your Questions Directly

1. Is it possible to use Railway’s internal service URLs between services?Yes, absolutely. It's the recommended, faster, and more secure way for backend-to-backend communication (like your backend talking to ChromaDB).

2. What’s the recommended way to avoid mixed content errors? For any connection initiated from a user's browser (frontend -> backend), you must use the backend's public HTTPS URL.

3. Is the only option to use the public HTTPS URLs? No. It's a "horses for courses" situation:

   • Browser to Server (Frontend -> Backend): Use Public HTTPS URL.

   • Server to Server (Backend -> DB): Use Private HTTP URL via environment variables.

what port shd i use for internal services ?