4 months ago
It seems like all the websocket traffic on our site "/ws" is being routed to the metal edge domain and not the our proxied domain, which is causing a failure to connect
14 Replies
4 months ago
+1 . Can someone please look into this?
4 months ago
Sorry, I am not sure what this means. Could you elaborate?
4 months ago
WebSocket upgrade requests on the custom domain never reach our service. The Railway Metal edge proxy intercepts the Connection: Upgrade and Upgrade: websocket headers and responds itself 404 instead of forwarding the upgrade to our container.
Direct Railway domain (works):
curl -si https://our-service.up.railway.app/api/ws -X POST
200 OK (server: railway-edge)
Custom domain (broken):
curl -si https://our-custom-domain.example.com/api/ws -X POST
404 Not Found (server: cloudflare, x-railway-edge: railway/europe-west4-drams3a)
4 months ago
Your custom domain is behind a Cloudflare proxy. Do you have any kind of out-of-the-ordinary configuration on Cloudflare?
4 months ago
no out of ordinary config in cloudflare - we didn't make any changes to our cloudflare setup in last few weeks and things were working until few hours ago. Now, the websocket connections through cloudflare LB dont make it to railway service. Hitting the railway domain directly seems to work. Cloudflare LB doens't work for either custom domain endpoint or CNAME host endpoint
4 months ago
Nothing unusual, this setup has been working for months up until an hour ago with no changes on our end.
4 months ago
@brody, any update? anything we can do on our end to resolve this faster?
4 months ago
We are looking into this issue right now!
4 months ago
Hello all,
Update on this from our side: We are still working on a hands-off fix for y'all, but in the meantime, we have found a workaround.
The issue is that your domains behind Cloudflare don't have SSL certificates provisioned on our infrastructure because of incompatible settings in your Cloudflare accounts when you originally set them up. This has worked thus far because Cloudflare, by default, does not care whether the origin certificate matches the hostname, just that there is a valid certificate. However, when we introduced Fastly into the mix, this broke, since they require a matching certificate.
So until we have a fix for that on our end, you can trigger a certificate regeneration by:
- Remove the random CNAME from Cloudflare.
- Make sure your TLS/SSL mode is set to "Full" not "Full (Strict)".
- Remove the domain from your Railway service.
- Add the domain back to the Railway service.
- Set the given CAME and TXT values in your Cloudflare account, or use the one-click button.
4 months ago
Hello all,
Deeply sorry about the wait, this one was tricky to solve for, but it has been fixed and there's no further action needed on your end.
Hello, I was having the same problem and it was fixed, but now I'm getting 404 responses when attempting to connect to my socket server hosted on railway
4 months ago
I'm not quite sure if that is related to OP's issue. It doesn't seem like it is, so please open your own thread!