SSL cert not valid?
Hi! i'm having a problem with my SSL cert showing up as not valid..
it's for api.borrachopescador.org
91 Replies
Project ID:
ecf31465-4b53-4a0a-9ffd-f64b1a514be0ecf31465-4b53-4a0a-9ffd-f64b1a514be0
Is there something else I need to do to configure SSL? I have added the CNAME record for api. to go daddy
show me the domains you have in the railway service
^
Is it something I just need to wait on? I think I set it up a few days ago.
you have not generated a railway domain
I had one earlier, same problem. I deleted it in case that was the issue
i'll generate another one though
It's created now
The domain is definitely working, just not under ssl
set the cname value for the custom domain to
bp-development-production.up.railway.appalrighty, i'll give that a go. Thanks Brody
what do you have your ssl/tls node set to?
Not sure what you mean by this question. I have updated the CNAME record and am still getting an invalid ssl cert
in cloudflare, what do you have your ssl/tls mode set to?
we don't use cloudflare
our domain is hosted on godaddy
your nameservers for that subdomain are set to cloudflares
Perhaps godaddy uses them by default?
no, godaddy has their own
your root domain has godaddys name servers
can you figure out what is going on here?
I am pointing it to the domain that was appropriated by railway.
getting credentials now, i'll get to the bottom of it soon
I'm also having a cors issue, which is a bit strange because it doesn't happen anywhere else. Is there something I need to do with railway in order to effect my cors policies? or do all headers get passed along by default?
well you are getting cert invalid, i think theres bigger issues than cors at the moment
one thing at a time, let me know when you have more information about the nameever stuff
i think that's the name servers of railway
not quite how that works
I don't think he shouldn't add the domain generated by Railway.
instead we should add the dns record provided by Railway when trying to add a custom domain
well, that's how my custom domain is set up
and give it a minute to Railway generate all the ssl things
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Yeah, he should remove the "bp-development-production.up.railway.app" CNAME
and use the custom domain provided one
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
well, mine didn't asked for that
Ok, remove the
api dns record
and go through the process of adding new custom domain again
and then wait for a bit, Railway will take care of the SSL
alrighty
it's been added, now we 🕐
on my machine is already working
not sure about the challenge? is this in the docs somewhere?
Do i still need to do that
works for me too
mine too
you guys rock
thank you
No, Railway takes care of SSL challenges
on to the cors problem lol
Using nestjs?
yep
then just enable cors
app.enableCors
in main.tsapp.enableCors({ credentials: true, origin: process.env.FRONTEND_URL || 'http://localhost:3333', });
I've got that
I'm using jwt in http-cookies
what's
frontend_url?
the value
remove https://
and it should be api too
No the frontend is at base. API is at api.bo...
or use a regex like what i do
/\.borrachopescador\.org$/show me 🙏
oh...
Ok. I can try that
this does not match
borrachopescador.orgwell, mine is exactly like that
and it's been working
not everyones setup is the same
well, let him give it a try, if doesn't work we'll see
I just hard codded the borrachopescador.org
i'll move to the regex and see
redeploying. will have an answer in about 2 min
ok
p.s.
Railway is dope
👆 🧠
i've used kubernetes before Railway, never going back thank god
send me a screenshot of your app.enableCors
where did you put the regex?
I also logged the url variable on the server
I put it in railway. that's the environment variables section
i don't think you should put the regexp as a string
mine is actually a javascript regex
oh I see what you're saying
hm...
just place it in the origin
and it should work
just use the railway provided variable
RAILWAY_STATIC_URL as the originconst re = new RegExp("ab+c");
take mine as an example
yea.. but it's an environent variable, and it's going to be passed as a string
so i need to first set that string as a regex variable and then use the variable
that's probably the problem, as you see in the error message, it shows the regex as a string
so nestjs is taking that regex as a domain and not a regex to handle it
so.. I went straight to
what status code do you get from that request
boys... I think I got it
Thank you for your time. you guys are rockstars
well dont leave us hanging, what was the problem
Haha I user the regex expression from the docs of cors()
/.borrachopescador.org$/
and I added the actual domain as a string. not sure which one is actually making it work, but i'm not touching it 🤞
So...
Do you guys have a recommendation on running them on the same domain? I'm now running into an issue with incognito mode and safari not working due to third-party cookies in CORS...
I need to serve them both from the same domain.... sigh....
How is this best achieved since railway is handling the routing? normally I would set up docker and have NGINX sending requests as a reverse proxy in order for both backend and frontend requests to hit the same url, but i'm not sure if this is a great solution for railway.
Also I'd have to then manage a monorepo in order to have both codebases running in CI/CD.. this seems less than optimal.
Is there something I'm missing on having a seperate SPA and backend running on the same domain?
if the frontend is in the format: domain.com and the backend is api.domain.com
would this setup still run into third party cookie issues?
yea.. that's how I have it, and to my knowledge that won't work under Same-Site
I guess I could try it...
wouldn't you just need to set a cookie for api.domain.com, why do you need to set the cookie for the frontend domain?
I may be wrong.. they may both be same-site...
I will give it a shot.
I'm not sure, I don't do cookie stuff
I am passing JWT tokens in http-only cookies.
For authentication