whitelist, access limitation
pasiekak
PROOP

a year ago

Hello, can i somehow limit access to deployed application through railway dashboard app. I want to share my app to friend but i want only him to be able to access my application

Thanks in advance

Solved$10 Bounty

19 Replies

pasiekak
PROOP

a year ago

N/A


a year ago

No, there is no option in the Railway dashboard to whitelist access to your application from the public.


a year ago

You would need some sort of middleware that checks IPs, or implement user authentication


pasiekak
PROOP

a year ago

I dont have much experience in devops tasks but usually this could be easily done in nginx right?


pasiekak
PROOP

a year ago

without touching codebase of the application


scxr
PRO

a year ago

its pretty easy to implement tbh, at least in express you just do

app.use((req, res, next) => {

  let validIps = [...]
  if (validIps.includes(req.connection.remoteAddress)) {
      next()
  } else {
      const err = new Error("IP not in whitelist")
      next(err)
  }
}

i would assume whatever framework you are using will have something similar


pasiekak
PROOP

a year ago

yeah, sure, just trying to block any calls from outside. If i create such whitelist in the app it will be still handling requests. Also wanted not to create a special feature for this


scxr
PRO

a year ago

your server is handling requests regardless of what stage the rejection is happening at, i see what u mean however


a year ago

Railway uses Caddy, you may setup basic auth with a Caddyfile https://caddyserver.com/docs/caddyfile/directives/basic_auth


pasiekak
PROOP

a year ago

seems like something to work with definitely


pasiekak
PROOP

a year ago

it's about separation, btw. i see sometimes on my deployment weird requests like:

/GET /.env 404

or

/GET /.config 404

I have deployed app long time ago for test purposes but none of these requests worked

Can i do something with that?


a year ago

Sounds like you're looking for middleware.


a year ago

Railway does not support this natively, we've given you the solutions for your problem. If you don't want this controlled within the same app, then you'll need to develop another solution


scxr
PRO

a year ago

hmm not so sure, middleware (which is what app.use() is in express) is a common and often criticial part of backend dev 🤷‍♂️


scxr
PRO

a year ago

the get .env looks like bots trying to find creds


a year ago

As long as your app is setup correctly, you have nothing to worry about from bots scraping your site


pasiekak
PROOP

a year ago

Okay, i'll do some research about caddy, I want to use it along with my react app and nest on backend. I have one more question though

I'm planning to upgrade from hobby to pro because i will need database backups and probably more memory.

Will I be able to export the database to my computer easily? How often are backups made?


a year ago

You cannot download the backups (you can restore them), however you can always back them up locally using something like pg_dump (assuming you are using postgres). The available backup schedules are daily, weekly and monthly, visit the docs for more information: https://docs.railway.com/reference/backups#backup-schedules.


pasiekak
PROOP

a year ago

Okay, thanks for help guys


Status changed to Solved brody about 1 year ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...