DEV Community

Cover image for Learn How to Run Appwrite With Your Own Custom Proxy or Load Balancer
Damodar Lohani for Appwrite

Posted on • Updated on

Learn How to Run Appwrite With Your Own Custom Proxy or Load Balancer

Appwrite was designed to be flexible and customizable, and that was one of the main reasons we designed it using the Microservices architecture. Thanks to this design, it's very easy to adjust and deploy Appwrite on any existing architecture, especially container-based architectures.

When deploying Appwrite in your own architecture, you might already have your own load balancer or proxy server for handling routing between different services. If this is your case, you might not need to use the Appwrite built-in Traefik load balancer. This post will demonstrate how you can easily replace the Appwrite load balancer with an Nginx proxy. Although we use Nginx for this example, the same can be applied to any proxy or load balancer that your heart desires.

First, in the docker-compose.yml, comment out the traefik service. Now we will add nginx service to replace traefik and act as the entry point for Appwrite stack.

Below the traefik service, add the following.

nginx:
    image: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./config:/etc/nginx
      - appwrite-certificates:/etc/ssl/private
    depends_on:
      - appwrite
    networks:
      - gateway
      - appwrite
Enter fullscreen mode Exit fullscreen mode

Here, we have added ./config volume. It contains the nginx config. Create config/nginx.conf file and add the following code.

events {
    worker_connections 1024;
}

http {
    server {
        listen 80;
        listen 443;

        # config for setting up and handling Appwrite SSL

        # ssl_certificate           /etc/ssl/private/YOUR_DOMAIN/cert.crt;
        # ssl_certificate_key       /etc/ssl/private/YOUR_DOMAIN/cert.key;
        # ssl on;
        # ssl_session_cache  builtin:1000  shared:SSL:10m;
        # ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        # ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        # ssl_prefer_server_ciphers on;

        server_name appwrite;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_pass http://appwrite;
        }

        location /v1/realtime {
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_pass http://appwrite-realtime;
            proxy_http_version 1.1;
            proxy_connect_timeout 7d;
            proxy_send_timeout 7d;
            proxy_read_timeout 7d;
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

Unlike the default Traefik instance that comes with Appwrite, the Nginx container doesn't handle SSL certificates automatically. For having valid SSL connections, you'll need to configure your own certificates or integrate with tools like Letsencrypt.

References

Top comments (2)

Collapse
 
stnguyen90 profile image
Steven

Updated nginx config for realtime

Collapse
 
eldadfux profile image
Eldad A. Fux

I have updated it in the post. Thanks Steven!