Ubuntu's noble-security package-index CDN is returning hash-sum
mismatches (2026-04-17), causing ALL Railway NIXPACKS builds to fail
at the 'apt-get update && apt-get install curl' layer with exit
code 100. Multiple Railway services are red.
NIXPACKS' aptPkgs = ['curl'] generates a strict
'apt-get update && apt-get install -y' that fails hard on any
mirror error. Fix: replace aptPkgs with manual cmds that:
1. Allow apt-get update to partially fail (|| true)
2. Use --fix-missing on apt-get install so packages from healthy
mirrors still install even if one mirror is broken
Same treatment for consumer-prices-core/Dockerfile.
Files changed:
- nixpacks.toml (root — used by ais-relay + standalone cron seeders)
- scripts/nixpacks.toml (used by bundled seed services)
- consumer-prices-core/Dockerfile
The || true on apt-get update is safe because:
1. curl is the only package we install and it's often already present
in the NIXPACKS base image (nix-env provides it)
2. If curl genuinely isn't available, the seeder will fail at runtime
with a clear 'curl: not found' error — not a silent degradation
Node 20's fetch() (undici) tries IPv6 first. Railway containers don't
support IPv6 (IPV6_NDISC failures in network trace), causing all seed
services to crash.
Fix: set NODE_OPTIONS=--dns-result-order=ipv4first via nixpacks.toml
so all Railway services prefer IPv4. Keeps Node 20 for import attributes.
* fix(usni-fleet): add Node.js HTTP CONNECT proxy fallback, detect Cloudflare HTML
curl is not available in Railway's Railpack v0.18.0 containers. The seed
was failing with ENOENT on curl, then getting Cloudflare-blocked on
Node.js direct.
- Add fetchViaHttpProxy: Node.js HTTP CONNECT tunnel through residential
proxy (no curl dependency). Uses the same RESIDENTIAL_PROXY_AUTH env.
- Add Cloudflare HTML detection: reject early when response starts with
<!DOCTYPE instead of passing HTML to JSON.parse.
- Fallback chain: curl direct -> curl+proxy -> Node.js+proxy -> Node.js direct
- Add nixpacks.toml with curl for future Railpack builds
* fix: use ESM import for node:http (require breaks in .mjs)
Railway uses Railpack (not Nixpacks). nixpacks.toml in scripts/ was
silently skipped. Use railpack.json at repo root with deploy.aptPackages
to install curl at runtime for OREF polling.
