curiositech/railway-render-deployment
skills/railway-render-deployment/SKILL.md
Indie-friendly cloud deployment on Railway, Render, and Fly.io with autoscaling and cost optimization. Activate on: Railway deployment, Render deploy, Fly.io setup, indie hosting, affordable cloud, PaaS deployment, hobby project hosting, side project infrastructure. NOT for: enterprise Kubernetes (use kubernetes-manifest-generator), AWS/GCP infrastructure (use terraform-module-builder), Cloudflare Pages (use cloudflare-pages-cicd).
development
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add curiositech/windags-skills railway-render-deploymentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 8:40 AM5.0s1 file scanned
SKILL.md
- license:
- Apache-2.0
- name:
- railway-render-deployment
- description:
- Indie-friendly cloud deployment on Railway, Render, and Fly.io with autoscaling and cost optimization. Activate on: Railway deployment, Render deploy, Fly.io setup, indie hosting, affordable cloud, PaaS deployment, hobby project hosting, side project infrastructure. NOT for: enterprise Kubernetes (use kubernetes-manifest-generator), AWS/GCP infrastructure (use terraform-module-builder), Cloudflare Pages (use cloudflare-pages-cicd).
- allowed-tools:
- Read,Write,Edit,Bash(docker:*,kubectl:*,terraform:*,npm:*,npx:*)
- category:
- DevOps & Infrastructure
- - skill:
- docker-multi-stage-optimizer
- reason:
- Optimized Docker images reduce costs on metered platforms
Railway / Render / Fly.io Deployment
Expert in deploying to indie-friendly PaaS platforms with optimal cost, autoscaling, and developer experience.
Activation Triggers
Activate on: "Railway deploy", "Render setup", "Fly.io", "indie hosting", "affordable cloud", "PaaS deployment", "side project hosting", "hobby project", "scale to zero"
NOT for: Enterprise K8s → kubernetes-manifest-generator | AWS/GCP IaC → terraform-module-builder | Cloudflare Pages → cloudflare-pages-cicd
Quick Start
- Choose platform — Railway for simplicity, Fly.io for edge compute, Render for free tier services
- Connect repo — Git push deploys with automatic build detection
- Add services — database, Redis, cron jobs from platform marketplace
- Configure scaling — scale-to-zero for cost, autoscale for traffic
- Set custom domain — CNAME to platform, automatic TLS
Core Capabilities
| Domain | Technologies | |--------|-------------| | Railway | Nixpacks builds, volumes, cron, TCP/HTTP services, templates | | Render | Native runtimes, Blueprints (IaC), disk storage, free tier | | Fly.io | fly.toml, Machines API, volumes, edge regions, Litefs (SQLite) | | Databases | Railway Postgres/MySQL/Redis, Render managed Postgres, Fly Postgres | | Cost | Scale-to-zero, usage-based billing, spend alerts |
Architecture Patterns
Platform Decision Matrix
┌──────────────┬────────────┬────────────┬────────────┐
│ Criteria │ Railway │ Render │ Fly.io │
├──────────────┼────────────┼────────────┼────────────┤
│ Ease of use │ Best │ Great │ Good │
│ Free tier │ $5 trial │ Yes (750h) │ Yes (3 VMs)│
│ Scale-to-0 │ Yes │ No (paid) │ Yes │
│ Edge regions │ No │ No │ Yes (35+) │
│ Databases │ Built-in │ Managed PG │ Fly PG │
│ Docker │ Nixpacks │ Dockerfile │ Dockerfile │
│ SQLite │ Volumes │ Disk │ LiteFS │
│ Best for │ Full-stack │ Static+API │ Edge apps │
└──────────────┴────────────┴────────────┴────────────┘
Fly.io Multi-Region with LiteFS
# fly.toml
app = "my-app"
primary_region = "iad"
[build]
dockerfile = "Dockerfile"
[http_service]
internal_port = 3000
auto_stop_machines = "stop" # Scale to zero
auto_start_machines = true
min_machines_running = 0
[mounts]
source = "data"
destination = "/data"
[[vm]]
size = "shared-cpu-1x"
memory = "256mb"
Railway Service Composition
┌─────────────────────────────────────────┐
│ Railway Project │
├─────────────┬────────────┬──────────────┤
│ Web API │ Worker │ Cron │
│ (Node.js) │ (Python) │ (Go binary) │
│ Port 3000 │ No port │ Schedule │
├─────────────┴────────────┴──────────────┤
│ PostgreSQL │ Redis │ S3 (R2) │
│ (Plugin) │ (Plugin) │ (External) │
└─────────────────────────────────────────┘
All services share internal networking.
Environment variables auto-injected for database URLs.
Deploy via `railway up` or Git push.
Anti-Patterns
- Running databases on Fly.io without backups — Fly Postgres is unmanaged. Set up
pg_dumpcron or use managed databases (Supabase, Neon) instead. - Not enabling scale-to-zero — paying for idle compute. Configure
auto_stop_machineson Fly.io or Railway's scale-to-zero for low-traffic services. - Storing state in ephemeral containers — containers restart and lose local data. Use volumes (persistent disk) or external storage (S3/R2, managed DB).
- Ignoring egress costs — data transfer out can be expensive. Fly.io includes 100GB; Railway meters it. Cache aggressively and compress responses.
- Over-provisioning for hobby projects — starting with 2GB RAM instances for a blog. Start with the smallest tier and scale up based on actual metrics.
Quality Checklist
[ ] Git-push deploy configured and tested
[ ] Health check endpoint defined
[ ] Scale-to-zero enabled for non-critical services
[ ] Database has automated backups (managed or cron pg_dump)
[ ] Custom domain with automatic TLS
[ ] Environment variables set (not hardcoded)
[ ] Spend alerts configured at budget threshold
[ ] Dockerfile optimized (multi-stage, minimal final image)
[ ] Persistent storage on volumes, not ephemeral filesystem
[ ] Preview environments for PRs (Railway/Render)
[ ] Monitoring via platform dashboard or external (Sentry, Axiom)
[ ] Migration strategy documented for platform lock-in escape
Related Skills
curiositech/circuit-breakers-and-retries
tools
VerifiedTrustedCommunity
Building resilient distributed systems with circuit breakers, retries with full-jitter exponential backoff, retry budgets (per-request 3-attempt + per-client 10% ratio per Google SRE), deadline propagation, and the cascading-failure math (4 layers × 3 retries = 64x amplification). Grounded in Resilience4j, Microsoft Cloud Patterns, AWS Architecture Blog (Marc Brooker), and Google SRE Book.
4SKILL.mdUpdated May 6, 2026
curiositech/cdn-cache-control-headers
testing
VerifiedTrustedCommunity
Designing HTTP cache headers that work correctly across browsers, CDNs, and shared proxies — `Cache-Control` directives per RFC 9111, `stale-while-revalidate` and `stale-if-error` per RFC 5861, the Vary header for varying responses, and surrogate keys for tag-based purging. Grounded in IETF RFCs and Cloudflare/Fastly docs.
4SKILL.mdUpdated May 5, 2026
curiositech/content-security-policy-headers
development
VerifiedTrustedCommunity
Use when designing or fixing a Content Security Policy on a real site, choosing between nonce-based and hash-based CSP, adding strict-dynamic, debugging "Refused to execute inline script" errors, deploying CSP in report-only mode first, configuring report-to / report-uri, or auditing an existing policy for unsafe-inline / unsafe-eval / wildcards. Triggers: "CSP blocks legitimate inline script", strict-dynamic, nonce-{RANDOM}, sha256-{HASH}, object-src none, base-uri none, frame-ancestors, Trusted Types, X-Content-Security-Policy obsolete, report-only vs enforced. NOT for general HTTP security headers (HSTS, COOP/COEP), Trusted Types deep dive, CORS configuration, or building a WAF.
3SKILL.mdUpdated May 4, 2026
curiositech/api-versioning-strategy
tools
VerifiedTrustedCommunity
Choosing and operating an HTTP API versioning strategy that doesn't break clients — Stripe's date-based pinned versions, the Deprecation/Sunset header pair (RFC 9745 + RFC 8594), URI vs header vs media-type approaches, and the version-transformer pattern. Grounded in Stripe's published architecture and IETF RFCs.
3SKILL.mdUpdated May 4, 2026