R
Railway•8mo ago
manuai

How can I access to the SLL certificate file? My app config requires it

I have a bun app, that seems to require the full path to a certificate. Where could I get that ? Thanks
53 Replies
Percy
Percy•8mo ago
Project ID: N/A
manuai
manuai•8mo ago
Essentially I need to provide a path here
No description
Brody
Brody•8mo ago
railway handles that for you, do not try to start an https server
manuai
manuai•8mo ago
Thanks Brody, so what am I supposed to return from the server file ?
Brody
Brody•8mo ago
just dont do any tls stuff, start a plain old http server
manuai
manuai•8mo ago
I have a werid issue where all HTTPS call get redirected to HTTP
Brody
Brody•8mo ago
can you give me a link to where i can see that behavior?
Brody
Brody•8mo ago
thats just a 404 though
manuai
manuai•8mo ago
Can't seem to reproduce from the browser, but the Bun app, thinks that request.url is http so whenever url.origin is used, it output http instead of https
Brody
Brody•8mo ago
the bun app that you have deployed to railway thinks that the incoming requests are http?
manuai
manuai•8mo ago
correct
Brody
Brody•8mo ago
well because they are your app would need to trust the proxy headers, X-Forwarded-For and X-Forwarded-Proto X-Forwarded-Proto would always be set to https
manuai
manuai•8mo ago
Any idea on how to do that ?
Brody
Brody•8mo ago
im sure bun has docs for that
manuai
manuai•8mo ago
looking it up
manuai
manuai•8mo ago
Does that look like the right place to do that ?
No description
Brody
Brody•8mo ago
no?
manuai
manuai•8mo ago
Sorry I am lost. Is X-Forwarded-Proto: https a header I should add somewhere ?
Brody
Brody•8mo ago
do some research on trusting proxy headers doesnt need to be in the context of bun, just in general so you get an understanding of what it means
manuai
manuai•8mo ago
God I hate devops 😄 Just for the quick tip, is that a header I should send from the client ?
Brody
Brody•8mo ago
always more stuff to learn eh? no, railway's proxy sets the header, your bun app needs to read from it so that it knows the requests where made from https
Brody
Brody•8mo ago
here's a blurb from some express middleware for trusting the proxy headers https://expressjs.com/en/guide/behind-proxies.html
No description
manuai
manuai•8mo ago
Alright, will do some (more) research. Thanks a lot Brody !
manuai
manuai•8mo ago
Does that look like the right track ? https://hono.dev/middleware/builtin/secure-headers
Secure Headers Middleware - Hono
Ultrafast web framework for Cloudflare Workers, Fastly Compute, Deno, Bun, Vercel, Node.js, and others. Fast, but not only fast.
Brody
Brody•8mo ago
not at all why does it even matter in your case that requests come in as http? is this posing some real problem?
manuai
manuai•8mo ago
Yes it does, a whole lot of headach burnt the whole day on this
Brody
Brody•8mo ago
why does it matter if the incoming requests are http or https
manuai
manuai•8mo ago
As I understand it's the server that has to acknowlege that header right ? Cause the client then send HTTP, which get redirected to HTTPS, which doesn't work for POST request
Brody
Brody•8mo ago
why is their any redirection? the client should make https calls, not http calls
manuai
manuai•8mo ago
Railway does that no ?
Brody
Brody•8mo ago
not unless you are doing something wrong
manuai
manuai•8mo ago
http://castaway-production.up.railway.app/ That gets redirected no ? I am just spining up a container that works fine locally, no fancy config at all
Brody
Brody•8mo ago
why are you making requests with http
manuai
manuai•8mo ago
Because the library I am using, relies on Hono request data to create URLs for the client. If hono says that's HTTP, then all my links are HTTP If you know farcaster, this is a setup for farcaster frames
Brody
Brody•8mo ago
okay now thats a good explanation right so we are back to trusting the proxy headers you figure out how to trust the proxy headers, then hono will see the request as https and make the correct URLs
manuai
manuai•8mo ago
But that's gotta be on Hono side right, if they don't have support for this then I am stucked ?
Brody
Brody•8mo ago
you can always write your own middleware that does this
manuai
manuai•8mo ago
So the idea is, request comes in, check the header, then somehow force Hono to acknowledge this as legitimate https
Brody
Brody•8mo ago
basically yeah, you are able to set values in the request object before hono comes into play, you read the protocol from the header and set the protocol in the request object in a middleware, then when hono comes into play it will read the protocol and create the correct URL
manuai
manuai•8mo ago
That makes. I got the first part down. I get the IP this way, so now I have to check thats its a valid domain (will worry about that later) then update the request, correct?
No description
Brody
Brody•8mo ago
where do domains come into play here also that middleware purely prints the IP, it doesn't actually set the IP in the request object
manuai
manuai•8mo ago
Yes, that's the missing bit I am tryiing to figure that out Never mind the domain (sorry I am being thick here) I haven't touched a container in years, I was hoping devops got easier since then To be fair, Railway is awesome
Brody
Brody•8mo ago
haha this is just normal running your app behind a proxy stuff, I'm surprised there isn't a package to do this for you express has a dead simple way of doing it that's literally one line
manuai
manuai•8mo ago
yea, no info whatsoever on the subject, it's crazy Everything is read only on the request object 😦
manuai
manuai•8mo ago
Ok looks like that did it
No description
Brody
Brody•8mo ago
okay now just read the value from the header and fallback to http if there is no header
manuai
manuai•8mo ago
got it, if x-forwarded-for is in there, the use https Thanks a tone Brody, saved me hours for sure
Brody
Brody•8mo ago
if the header is there, then use the headers value
manuai
manuai•8mo ago
Right, this makes sense
Brody
Brody•8mo ago
if there's no header then don't do anything with it as the default value of http will be correct yo thank you for the trains
Want results from more Discord servers?
Add your server