How Railway Containers Work
Every service on Railway is a container. You provide source code or a Docker image. Railway builds an OCI-compliant container image, deploys it onto managed infrastructure (GCP VMs with Kubernetes-like orchestration), and routes traffic to it through Cloudflare. You get a URL, TLS, and logging without writing any infrastructure config.
The build step is where Railway diverges from raw Docker hosting. Railway's default builder, Railpack, inspects your repository and generates a build plan automatically. Push a Node.js app, and Railpack detects package.json, installs dependencies, runs your build script, and starts the process. Push a Go binary, Python app, or Rust project, and it does the same. No Dockerfile required unless you want one.
Container Lifecycle on Railway
The flow is: push code to GitHub (or provide a Docker image) → Railway triggers a build via Railpack or your Dockerfile → the built image is deployed as a container → Railway handles networking, TLS, health checks, and log aggregation. Services can scale horizontally by adding replicas, and Railway supports auto-sleep for idle containers to reduce costs.
What Railway Gives You
Railway bundles managed databases (Postgres, MySQL, Redis, MongoDB), cron jobs, private networking between services, environment variable management, and deploy previews for pull requests. The value proposition is that you get container-based deployments without the operational overhead of managing Kubernetes clusters, load balancers, or TLS certificates. For teams that want to ship applications without a dedicated DevOps person, this is the pitch.
Deployment Methods
Railway supports three ways to get a container running. Each trades off simplicity against control.
Railpack (Auto-detect)
Push your repo, Railway figures out the rest. Railpack detects your language, framework, and build steps automatically. Zero config. Works for Node.js, Python, Go, Rust, Java, Ruby, and more. Best for standard application structures where you don't need custom build logic.
Custom Dockerfile
Add a Dockerfile to your repo for full control over the build. Multi-stage builds, custom base images, specific system dependencies. Railway detects the Dockerfile and uses it instead of Railpack. Best for applications with complex build requirements or optimized production images.
Pre-built Image
Point Railway at a Docker image on Docker Hub, GHCR, GitLab Registry, or any OCI-compliant registry. Railway skips the build step entirely and runs your image directly. Best for CI/CD pipelines where you build images externally and want Railway purely for hosting.
Railpack: Zero-Config Builds
Railpack replaced Railway's earlier Nixpacks builder. It scans your repository, identifies the runtime, and generates an optimized build plan. For a typical Next.js application, it detects package.json, picks the right Node.js version, runs npm install and npm run build, and configures the start command. You push, it builds, the container runs.
The limitation is that Railpack works best with conventional project structures. If your build needs custom system libraries, specific compiler flags, or multi-stage optimization, you will likely need a Dockerfile.
Dockerfile Deployments
When Railpack is not enough, add a Dockerfile to your repository root. Railway detects it and uses Docker to build your image. This gives you full control: custom base images, multi-stage builds for smaller production images, system-level dependencies, and specific build arguments.
Example: Multi-stage Dockerfile for Railway
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
EXPOSE 3000
CMD ["node", "dist/index.js"]Pre-built Docker Images
If you build images in your own CI pipeline (GitHub Actions, GitLab CI, etc.), you can deploy them directly to Railway. Point the service at a registry URL like ghcr.io/yourorg/yourapp:latest, and Railway pulls and runs it. This decouples your build process from Railway entirely, giving you portability across platforms.
Deploy from GitHub Container Registry
# Build and push in GitHub Actions
docker build -t ghcr.io/yourorg/api:latest .
docker push ghcr.io/yourorg/api:latest
# In Railway: set the service source to
# ghcr.io/yourorg/api:latest
# Railway pulls the image and deploys itRailway Pricing Breakdown
Railway uses a subscription-plus-usage model. You pay a monthly base fee that includes usage credits, then pay per-second for resources consumed beyond those credits.
| Feature | Trial | Hobby ($5/mo) | Pro ($20/mo) | Enterprise |
|---|---|---|---|---|
| Included credits | $5 one-time | $5/month | $20/month | Custom |
| vCPU cost | $0.000278/min | $0.000278/min | $0.000278/min | Volume discounts |
| Memory cost | $0.000139/GB/min | $0.000139/GB/min | $0.000139/GB/min | Volume discounts |
| Egress | $0.05/GB | $0.05/GB | $0.05/GB | Custom |
| Team members | 1 | 1 | Unlimited | Unlimited |
| Auto-sleep | Yes | Yes | Optional | Optional |
| Horizontal scaling | No | No | Yes | Yes |
Cost Examples
Railway bills per second, which means you pay for actual usage, not reserved capacity. Here is what common workloads cost.
The auto-sleep feature matters for cost control. When a service receives no inbound requests for 10 minutes, Railway puts it to sleep and stops billing for compute. This is useful for staging environments, internal tools, and development services. The tradeoff is a cold start delay when the next request arrives.
Hidden Cost: Egress
Egress is billed at $0.05/GB on all plans. For API services with large response payloads or services that transfer data between providers, this adds up. A service returning 1MB responses at 100,000 requests/month generates ~100GB of egress, costing $5/month in network fees alone. Factor this into your cost projections.
Railway for AI Agent Workloads
Railway works well for certain AI workloads and poorly for others. The distinction matters because "deploying AI" covers at least three different use cases with different infrastructure requirements.
Where Railway Fits
Railway is a good choice for always-on AI services: inference APIs, webhook handlers, background workers, and queue consumers. These are long-running processes that benefit from persistent containers, auto-scaling, and managed networking. If you are deploying a FastAPI service that wraps an LLM, a worker that processes document embeddings, or a chatbot backend, Railway handles the infrastructure well.
Railway released a Model Context Protocol (MCP) server in 2025 that lets AI coding agents deploy applications and manage Railway infrastructure directly from code editors. This signals their focus on developer-facing AI tooling.
Where Railway Does Not Fit
Running untrusted, LLM-generated code in isolated sandboxes is a different problem. AI coding agents (Claude Code, Cursor, Devin, Codex) need to execute code that an LLM wrote, which means the code is untrusted by definition. This requires:
- Sub-second cold starts. An agent running code in a loop cannot wait seconds for each container to boot. Purpose-built sandboxes achieve sub-300ms. Railway containers take seconds.
- Strong process isolation. Standard containers share the host kernel. A kernel exploit in LLM-generated code could escape the container. Sandbox platforms use microVMs (Firecracker) or user-space kernels (gVisor) for hardware-level isolation.
- Session-scoped persistence. An agent writes code, installs packages, runs tests, fixes failures, and re-runs. The filesystem must survive between executions but get destroyed when the session ends. Railway containers are either always-on or sleeping, not session-scoped.
- Automatic cleanup. Sandbox platforms destroy the environment after the session. On Railway, you manage container lifecycle yourself.
| Requirement | Railway | Sandbox Platforms (Morph, E2B) |
|---|---|---|
| Cold start | Seconds (container boot) | < 300ms (pre-warmed pools) |
| Isolation level | Linux containers (shared kernel) | MicroVMs / gVisor (hardware-level) |
| Session persistence | Always-on or sleeping | Session-scoped (auto-destroy) |
| Untrusted code safety | Not designed for this | Built for this |
| Streaming output | Logs API | WebSocket real-time streaming |
| Cost model | Per-second compute billing | Included with API / per-sandbox-second |
| Best for | Always-on services, APIs | Agent code execution loops |
Railway vs Sandbox Platforms
The core difference: Railway deploys and runs your applications. Sandbox platforms execute untrusted code inside isolated, ephemeral environments. They solve different problems, but the overlap appears when teams building AI agents look at Railway for code execution.
Morph Sandbox SDK
Designed for AI agent code execution. Sub-300ms cold starts, session-scoped filesystem persistence, WebSocket streaming for real-time output, and automatic cleanup. Included with Morph API plans, so teams already using Morph for LLM inference pay nothing extra. Python and TypeScript SDKs.
Morph Sandbox: Agent executes untrusted code
import { MorphSandbox } from "@anthropic-ai/morph-sandbox";
const sandbox = await MorphSandbox.create({
apiKey: process.env.MORPH_API_KEY,
template: "python-3.12",
timeout: 300,
});
// Agent writes and tests code in a safe environment
await sandbox.filesystem.write("/app/solution.py", llmGeneratedCode);
await sandbox.exec("pip install pytest numpy");
const result = await sandbox.exec("cd /app && python -m pytest -v");
// Filesystem persists between calls — no re-setup needed
if (result.exitCode !== 0) {
// Agent reads errors, fixes code, re-runs
const errors = result.stderr;
// ... fix and retry loop
}
await sandbox.destroy(); // Clean up when doneE2B
Standalone sandbox API for AI tools. Sub-500ms cold starts, session-scoped filesystem, Python and TypeScript SDKs. Separate billing at ~$0.20/hour per sandbox. The most established dedicated sandbox provider. Good documentation and active open-source community.
Railway (as a sandbox alternative)
You could technically spin up Railway services for each agent session, but the platform is not built for this pattern. Cold starts are too slow for interactive agent loops. Isolation is standard Linux containers, not microVMs. There is no SDK for session-scoped sandbox management. You would be building sandbox infrastructure on top of a PaaS instead of using a tool designed for the job.
| Feature | Railway | Morph Sandbox | E2B |
|---|---|---|---|
| Primary purpose | Application hosting | AI agent sandbox | AI agent sandbox |
| Cold start | Seconds | < 300ms | < 500ms |
| Isolation | Linux containers | MicroVM / gVisor | MicroVM |
| Pricing | $5-20/mo + usage | Included with Morph API | ~$0.20/hr per sandbox |
| SDK | CLI + API | Python, TypeScript | Python, TypeScript |
| Managed databases | Yes (Postgres, Redis, etc.) | No | No |
| Auto-scaling | Yes (Pro plan) | Automatic | Automatic |
| Custom domains | Yes | N/A | N/A |
When to Use Railway
Railway solves a specific set of problems well. Knowing where it fits saves you from using it where it doesn't.
Use Railway for
- Web applications and APIs. Deploy Next.js, FastAPI, Express, Rails, or any web framework. Railway handles containers, TLS, custom domains, and deploy previews.
- Background workers and queues. Long-running processes that consume from Redis, SQS, or Kafka. Railway's always-on containers with no timeout ceiling are a fit.
- Internal tools. Admin dashboards, monitoring UIs, and internal APIs that don't need the full complexity of AWS. Railway's auto-sleep keeps costs low for low-traffic services.
- Side projects and prototypes. The $5 Hobby plan with auto-sleep lets you run experiments cheaply. Push code, get a URL.
- AI inference APIs. Deploy a model-serving endpoint (FastAPI + vLLM, for example) that needs to stay warm and handle concurrent requests.
Use a sandbox platform for
- AI agent code execution. Running LLM-generated code in isolated environments with sub-second cold starts and automatic cleanup.
- Code evaluation pipelines. Hiring platforms, benchmarking systems, and automated testing that run untrusted code at scale.
- Multi-step agent workflows. Write code, install deps, run tests, read output, fix, repeat. Session-scoped persistence matters here.
The Right Tool for Each Layer
Many AI applications use both Railway and a sandbox platform. Railway hosts the application layer: the API, the agent orchestrator, the database. A sandbox platform like Morph handles the execution layer: running the code the agent generates. These are complementary, not competing.
Frequently Asked Questions
What are Railway containers?
Railway containers are the deployment units behind Railway's PaaS. When you push code or a Docker image, Railway builds an OCI-compliant container image and runs it on managed infrastructure. You get a running service with a URL, TLS, and networking. Every Railway service is a container under the hood.
How much does Railway cost?
The Hobby plan is $5/month with $5 in included usage credits. The Pro plan is $20/month with $20 in credits. Beyond included credits, vCPU costs $0.000278/minute, memory costs $0.000139/GB/minute, and egress is $0.05/GB. A small API with low traffic runs for roughly $5/month. A production service with 1+ vCPU and moderate traffic is $25-50/month.
Can I deploy Docker containers on Railway?
Yes, three ways. Railpack auto-detects your language and builds without a Dockerfile. You can add a custom Dockerfile for full control. Or you can point Railway at a pre-built image on Docker Hub, GHCR, or any OCI registry. Railway supports public and private registries.
Is Railway good for AI agent deployment?
For hosting AI services (inference APIs, agent orchestrators, background workers), yes. For running untrusted LLM-generated code in isolated sandboxes, no. Railway containers are designed for application hosting, not ephemeral code execution. Use a purpose-built sandbox platform like Morph Sandbox SDK or E2B for agent code execution.
What is Railpack?
Railpack is Railway's automatic build system that replaced Nixpacks. It scans your repo, detects the language and framework, and generates an optimized build plan. Supports Node.js, Python, Go, Rust, Java, Ruby, and more. If you need custom build logic, you can override it with a Dockerfile.
How does Railway compare to Render and Fly.io?
All three deploy containers. Railway emphasizes developer experience with automatic builds, a clean UI, and managed databases. Render offers a similar PaaS experience with free-tier static sites and simpler pricing. Fly.io gives more infrastructure control with global edge deployment and a Machines API for programmatic container management. Railway and Render are easier to start with. Fly.io offers more flexibility at the cost of complexity.
Does Railway support GPU containers?
Railway has introduced GPU-capable instances for compute-heavy workloads. For established GPU container support with A100 and H100 availability, Modal and Lambda Cloud are more mature options. Check Railway's current GPU pricing and region availability before committing to GPU workloads.
What is the cold start time on Railway?
Railway container cold starts are measured in seconds, depending on image size and application startup time. The auto-sleep feature puts idle services to sleep after 10 minutes, which introduces a cold start on the next request. For latency-sensitive applications, disable auto-sleep on the Pro plan to keep containers warm. For sub-second cold starts on ephemeral code execution, use a sandbox platform instead.
Try Morph Sandbox SDK
Run AI agent code in isolated sandboxes with sub-300ms cold starts and session-scoped persistence. Included free with Morph API. Python and TypeScript SDKs with WebSocket streaming.