NGINX proxy to private service
Hi folks. π
New to Railway and struggling to understand the networking aspect. I have deployed NGINX proxy manager and a nodejs service. I want the nodejs service private, only accessible through NGINX so I can use basic auth. Here are the steps I have taken after combing through the docs and web search results.
- Added a custom domain (e.g. app.mydomain.com) to NGINX.
- Configured DNS to point this domain to the URL Railway provides for the NGINX service.
- That domain now takes me to the NGINX admin UI. So far so good.
- Add a variable to the nodejs service. PORT: 3000
- In NGINX configure a proxy host pointing to the internal URL of the nodejs service on port 3000.
- Now I expected that app.mydomain.com would take me to the nodejs app and the NGINX admin UI would only be available on the Railway URL, but it's still just going to the NGINX admin UI.
There's clearly something else I'm not understanding. Thanks!
Solution:Jump to solution
or, just use this template, it will get you 98% of the way there https://railway.app/template/7uDSyj
nginx is not easy to setup perfectly with how the internal networking and dns works on railway...
13 Replies
Project ID:
13786ec6-d2d4-4a9f-a080-033faaee3b5c13786ec6-d2d4-4a9f-a080-033faaee3b5c
you'd need to have them deployed as 2 separate services, where the node one only connected to a private network an talks to nginx over it
https://docs.railway.app/reference/private-networking
is that what you have at the moment?
Yes, two separate services.
NGINX proxy manager is public, connected to a custom domain, and the nodejs service is private.
If I was doing this locally in docker compose, I'd have the proxy server spun up in one container and the app in another. The compose file would not expose any ports for the app container, while the proxy container would expose 80 and 443. Both containers would be on the same docker network and the proxy config would route app.mydomain.com to the app container name with its internal port. That's the mental image of what I'm trying to replicate, but maybe it's not quite the same.
just to clarify, what the internal url looks like?
big-agi.railway.internal
there are some gotchas with internal networking
the docs state that you'd need to listen on ipv6 port
so it's
::1 instead of 127.0.0.1Hm, I'll have to look into that more. The app is not something I wrote. Just seemed like a decent thing to test this basic setup.
yeah, it's a good idea to check
usually people just use ipv4 addresses for localhost
Oh, right, when I looked under the Observability tab, I do now remember seeing an IPV4 address
it says localhost:3000
it's possible that node just converts localhost into an ipv4 loopback address, but I can't be sure about it
do you have an option to manually set the hostname?
for example, replace
app.listen(3000, 'localhost') with app.listen(3000, '::1')I'll look. This may be more trouble than it's worth. This is not the app I'm working on, just something I thought would be a quick and easy test of how to set something up on Railway. Might make more sense to just wait until I'm further along on my own project, keeping in mind this little gotcha.
Sounds though like the basic setup I have of one public and one private service, with the custom domain pointing to the proxy is more or less correct.
Thank you!
Solution
or, just use this template, it will get you 98% of the way there https://railway.app/template/7uDSyj
nginx is not easy to setup perfectly with how the internal networking and dns works on railway