Appwrite was designed to be flexible and customizable, and that was one of the main reasons we designed it using the Microservices architecture. Thanks to this design, it's very easy to adjust and deploy Appwrite on any existing architecture, especially container-based architectures.
When deploying Appwrite in your own architecture, you might already have your own load balancer or proxy server for handling routing between different services. If this is your case, you might not need to use the Appwrite built-in Traefik load balancer. This post will demonstrate how you can easily replace the Appwrite load balancer with an Nginx proxy. Although we use Nginx for this example, the same can be applied to any proxy or load balancer that your heart desires.
First, in the docker-compose.yml, comment out the traefik service. Now we will add nginx service to replace traefik and act as the entry point for Appwrite stack.
Below the traefik service, add the following.
nginx:
image: nginx
ports:
- 80:80
- 443:443
volumes:
- ./config:/etc/nginx
- appwrite-certificates:/etc/ssl/private
depends_on:
- appwrite
networks:
- gateway
- appwrite
Here, we have added ./config volume. It contains the nginx config. Create config/nginx.conf file and add the following code.
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen 443;
# config for setting up and handling Appwrite SSL
# ssl_certificate /etc/ssl/private/YOUR_DOMAIN/cert.crt;
# ssl_certificate_key /etc/ssl/private/YOUR_DOMAIN/cert.key;
# ssl on;
# ssl_session_cache builtin:1000 shared:SSL:10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
# ssl_prefer_server_ciphers on;
server_name appwrite;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://appwrite;
}
location /v1/realtime {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://appwrite-realtime;
proxy_http_version 1.1;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
}
Unlike the default Traefik instance that comes with Appwrite, the Nginx container doesn't handle SSL certificates automatically. For having valid SSL connections, you'll need to configure your own certificates or integrate with tools like Letsencrypt.
Top comments (2)
Updated nginx config for realtime
I have updated it in the post. Thanks Steven!