Staging Environment behind VPN
We want to create a staging environment that is behind a VPN. Is this possible with Railway. This would be three services, React app, GraphQL server, and postgres server. All hosted on railway in one project, one environment. Thanks
13 Replies
Project ID:
aa5f6f94-b4b8-4582-bfda-61de1da9b940aa5f6f94-b4b8-4582-bfda-61de1da9b940
What do you mean by "behind a vpn"?
Another words you could not access it without a VPN profile if you tried to hit the API, connect to the DB, or go to the webapps address
I see. That would be something you would have to build yourself. My first thought would be to set up a single service in front of all three that proxies each other service to a different endpoint on a given domain. The "gate" service would somehow verify that you're using the VPN, letting you through to the requested endpoint if you are. I'm not super familiar with the inner workings of VPNs, but would checking the requestor IP address be enough?
@Brody any ideas?
Thanks for the Feedback, the requirements:
1. Connect from anywhere in the world
2. Restrict all access to the environment without creds/vpn or whatever it may be
Like I said, this is likely going to be something you build out yourself. It'll be worth doing your own research on this
Just wondered if this may be built into Railway already, sounds like its not part of the offering atm. For sure thanks Adam
Is this possible on Railway? Definitely, and we'll help you every step of the way with the integration. But the ability to firewall everything is not something Railway provides atm
I'll definitely be looking into this, it would need to be a VPN server that supports tunneling in TCP or maybe something like tailscale.
edit, not finding any simple vpn solutions
New reply sent from Help Station thread:
Hey guys looks like we got some official documentation on how to do this with tailscale https://docs.railway.app/tutorials/set-up-a-tailscale-subnet-router tried following it, cannot seem to get connected to my webapp using the internal address after following the tutorial + using tailscale client. What is the exact address i would use to hit my internal service say for example test.railway.internalYou're seeing this because this thread has been automatically linked to the Help Station thread.
yep thats what i was going to link, my tailscale guide.
if your internal domain is
test.railway.internal then you would hit http://test.railway.internal:<the port your app runs on>
If you are on mac / linux you may need to accept the routes in your tailscale client as well.
additionally, since Railway's internal network is IPv6 only, your applications need to listen on IPv6New reply sent from Help Station thread:
Daniel, my last message got formatted incorrectly during the bridging, here is the corrected text -if your internal domain is test.railway.internal then you would hit - http://test.railway.internal:<the port your app listens on>You're seeing this because this thread has been automatically linked to the Help Station thread.