N/A

No, there is no option in the Railway dashboard to whitelist access to your application from the public.

You would need some sort of middleware that checks IPs, or implement user authentication

I dont have much experience in devops tasks but usually this could be easily done in nginx right?

without touching codebase of the application

its pretty easy to implement tbh, at least in express you just do

app.use((req, res, next) => {

  let validIps = [...]
  if (validIps.includes(req.connection.remoteAddress)) {
      next()
  } else {
      const err = new Error("IP not in whitelist")
      next(err)
  }
}

i would assume whatever framework you are using will have something similar

yeah, sure, just trying to block any calls from outside. If i create such whitelist in the app it will be still handling requests. Also wanted not to create a special feature for this

your server is handling requests regardless of what stage the rejection is happening at, i see what u mean however

Railway uses Caddy, you may setup basic auth with a Caddyfile https://caddyserver.com/docs/caddyfile/directives/basic_auth

seems like something to work with definitely

it's about separation, btw. i see sometimes on my deployment weird requests like:
/GET /.env 404
or
/GET /.config 404
I have deployed app long time ago for test purposes but none of these requests worked
Can i do something with that?

Sounds like you're looking for middleware.

Railway does not support this natively, we've given you the solutions for your problem. If you don't want this controlled within the same app, then you'll need to develop another solution

hmm not so sure, middleware (which is what app.use() is in express) is a common and often criticial part of backend dev 🤷‍♂️

the get .env looks like bots trying to find creds

As long as your app is setup correctly, you have nothing to worry about from bots scraping your site

Okay, i'll do some research about caddy, I want to use it along with my react app and nest on backend. I have one more question though
I'm planning to upgrade from hobby to pro because i will need database backups and probably more memory.
Will I be able to export the database to my computer easily? How often are backups made?

You cannot download the backups (you can restore them), however you can always back them up locally using something like pg_dump (assuming you are using postgres). The available backup schedules are daily, weekly and monthly, visit the docs for more information: https://docs.railway.com/reference/backups#backup-schedules.

Okay, thanks for help guys