Deploy and Host Gophish on Railway

Gophish is an open-source phishing simulation framework for pentesters and security teams. It lets you build phishing email templates, define target user groups, launch scheduled campaigns, and track responses in near real-time — helping organisations test and improve their resilience to phishing attacks.

About Hosting Gophish

Gophish runs as a single Go binary served via Docker with two interfaces: an admin server for managing campaigns and a phishing server that handles the actual email links and landing pages. This Railway template deploys the official Gophish Docker image with environment variables pre-configured for Railway's networking model. The admin interface is exposed on Railway's public domain; the phishing server runs on a separate internal port. No database or persistent volume is required for basic use — Gophish uses a SQLite database stored inside the container.

⚠️ Gophish should only be used against systems and users you have explicit, written authorisation to test. Unauthorised phishing simulations may be illegal.

Common Use Cases

• Employee security awareness training — run realistic phishing simulations against your own organisation to identify users most susceptible to phishing, then use results to target security awareness training where it's needed most
• Red team and penetration testing — simulate credential harvesting, malware delivery, and spear-phishing campaigns as part of authorised offensive security engagements, with full tracking of who clicked, who submitted credentials, and who reported the email
• Phishing defence benchmarking — establish a baseline click rate across departments and track improvement over time as awareness programmes take effect

Dependencies for Gophish Hosting

• Gophish Docker image — used directly by this template
• No database service or persistent volume required for basic use — Gophish stores data in an embedded SQLite database

Deployment Dependencies

• Gophish official website
• Gophish GitHub repository
• alphasec guide: Phishing Attack Simulation with Gophish

Implementation Details

Gophish generates a random admin password on first launch. After deployment, go to your service → Deployments → View Logs, and look for an entry like:

Please login with the username admin and the password 0f564d8fxd9161d25

Use these credentials to log into the admin interface. You will be prompted to change the password on first login.

Why Deploy Gophish on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying Gophish on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.