#How can I access to the SLL certificate file? My app config requires it

I have a bun app, that seems to require the full path to a certificate. Where could I get that ?

Thanks

https://bun.sh/guides/http/tls

Essentially I need to provide a path here

railway handles that for you, do not try to start an https server

Thanks Brody, so what am I supposed to return from the server file ?

just dont do any tls stuff, start a plain old http server

I have a werid issue where all HTTPS call get redirected to HTTP

can you give me a link to where i can see that behavior?

There it is https://castaway-production.up.railway.app

thats just a 404 though

https://castaway-production.up.railway.app/castaway/cast

Can't seem to reproduce from the browser, but the Bun app, thinks that request.url is http

so whenever url.origin is used, it output http instead of https

the bun app that you have deployed to railway thinks that the incoming requests are http?

correct

well because they are

your app would need to trust the proxy headers, X-Forwarded-For and X-Forwarded-Proto

X-Forwarded-Proto would always be set to https

Any idea on how to do that ?

im sure bun has docs for that

looking it up

Does that look like the right place to do that ?

no?

Sorry I am lost. Is X-Forwarded-Proto: https a header I should add somewhere ?

do some research on trusting proxy headers

doesnt need to be in the context of bun, just in general so you get an understanding of what it means

God I hate devops 😄

Just for the quick tip, is that a header I should send from the client ?

always more stuff to learn eh?

no, railway's proxy sets the header, your bun app needs to read from it so that it knows the requests where made from https

here's a blurb from some express middleware for trusting the proxy headers
https://expressjs.com/en/guide/behind-proxies.html

Alright, will do some (more) research. Thanks a lot Brody !

Does that look like the right track ? https://hono.dev/middleware/builtin/secure-headers

not at all

why does it even matter in your case that requests come in as http? is this posing some real problem?

Yes it does, a whole lot of headach

burnt the whole day on this

why does it matter if the incoming requests are http or https

As I understand it's the server that has to acknowlege that header right ?

Cause the client then send HTTP, which get redirected to HTTPS, which doesn't work for POST request

why is their any redirection?

the client should make https calls, not http calls

Railway does that no ?

not unless you are doing something wrong

http://castaway-production.up.railway.app/

That gets redirected no ? I am just spining up a container that works fine locally, no fancy config at all

why are you making requests with http

Because the library I am using, relies on Hono request data to create URLs for the client. If hono says that's HTTP, then all my links are HTTP

If you know farcaster, this is a setup for farcaster frames

okay now thats a good explanation

right so we are back to trusting the proxy headers

you figure out how to trust the proxy headers, then hono will see the request as https and make the correct URLs

But that's gotta be on Hono side right, if they don't have support for this then I am stucked ?

you can always write your own middleware that does this

So the idea is, request comes in, check the header, then somehow force Hono to acknowledge this as legitimate https

basically yeah, you are able to set values in the request object before hono comes into play, you read the protocol from the header and set the protocol in the request object in a middleware, then when hono comes into play it will read the protocol and create the correct URL

That makes. I got the first part down. I get the IP this way, so now I have to check thats its a valid domain (will worry about that later) then update the request, correct?

where do domains come into play here

also that middleware purely prints the IP, it doesn't actually set the IP in the request object

Yes, that's the missing bit I am tryiing to figure that out

Never mind the domain (sorry I am being thick here)

I haven't touched a container in years, I was hoping devops got easier since then

To be fair, Railway is awesome

haha this is just normal running your app behind a proxy stuff, I'm surprised there isn't a package to do this for you

express has a dead simple way of doing it that's literally one line

yea, no info whatsoever on the subject, it's crazy

Everything is read only on the request object 😦

Ok looks like that did it

okay now just read the value from the header and fallback to http if there is no header

got it, if x-forwarded-for is in there, the use https

Thanks a tone Brody, saved me hours for sure

if the header is there, then use the headers value

Right, this makes sense

if there's no header then don't do anything with it as the default value of http will be correct