Appwrite with Nginx

Question

I installed Appwrite on an debian-server. The https-port for Appwrite is 444 (443 was already used). Nginx redirects my subdomain to this port. I have a custom SSL-certificate which is working for this domain and subdomains. I can open the appwrite via the subdomain but when I click "Sign Up" to create a root account for appwrite, I get the following Error:

Invalid Origin. Register your new client (appwrite.domain.de) as a new Web platform on your project console dashboard

First I thought I have to set proxy_set_header Host $host; in the server-config, but then I am not able to open Appwrite... instead I get the Error

{"message":"Error: Server Error","code":500,"version":"1.0.1"}

Does someone has another idea or already fixed the same problem?

This is my Server-configuration in Nginx:

server {
server_name appwrite.domain.de;
location / {
    proxy_pass https://localhost:444;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
}

server {
    listen 80;
        server_name     domain.de
                        www.domain.de
                        ;
    return 301 https://$host$request_uri;
}

server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
        ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name     domain.de
                        www.domain.de
                        ;
        location / {
                try_files $uri $uri/ =404;
        }

Thanks for the help ;)

score 2 · Accepted Answer · answered Sep 27 '22 at 02:43

2

You're right, you need to include the proxy_set_header Host $host; directive. You might also want to include the following under server:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

and the following under location:

add_header       X-Served-By $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-Host   $host;
proxy_set_header X-Forwarded-Port   $port;
proxy_set_header X-Forwarded-For    $remote_addr;
proxy_set_header X-Real-IP          $remote_addr;
proxy_pass       $forward_scheme://$server:$port$request_uri;

If you're seeing a 500 error, it would be best to check the docker logs for the appwrite container to see what the problem is.

On a side note, if you're looking for an easier way to manage Nginx, I highly recommend Nginx Proxy Manager (NPM). I use NPM in front of my Appwrite.

answered Sep 27 '22 at 02:43

Steven Nguyen

452
4
4

I did not get it running with the "normal" Nginx but your side note with Nginx Proxy Manager was the perfect solution and solved my problem. Maybe I had another mistake with my Nginx configuration which I do not need with the NPM :) Thank you so much – Tilman Sep 27 '22 at 20:28
@Tilman, did you disable the traefik proxy? I have a couple of domains (e.g.: appwrite.xyz.com and appwrite.zyx.com ) i am planning to serve via the main appwrite.abc domain. For what i read if i use NPM as the proxy I need to disable traefik. I tried without and could not get the certificates and custom subdomains verified. – Alberto L. Bonfiglio Oct 10 '22 at 01:36
@AlbertoL.Bonfiglio, I use both the Appwrite traefik and NPM in front. I think NPM actually handles the certificate generation so Appwrite doesn't need to generate the certificate. – Steven Nguyen Oct 10 '22 at 05:09
@StevenNguyen, must be something with my setup. What I found out is that for some reason NPM was requesting the certificate based on a webroot (appwrite.xyz.com/acme-challenge etc...), but appwrite was not responding to that. So I generated the certificate with npm pointing to a simple nginx docker instance, then used the certificate in the appwrite proxy. We'll see how it works when it's time to renew. Also, I didn't set up a CAA DNS record for the subdomain. Tried with "issuewild" but didn't work, so I just added one for the precise domain and voila' everything is working. – Alberto L. Bonfiglio Oct 11 '22 at 00:48
1

@AlbertoL.Bonfiglio No, I did not disable the traefik proxy. I use NPM with a custom certificate so appwrite doesn't need to create any certificate. Another custom domain with another custom certificate is added in NPM and in the Appwrite "Custom Domains"-Settings. To validate the custom domain with appwrite I had to set the CNAME in the domains Dns-Settings. – Tilman Oct 12 '22 at 11:01

Appwrite with Nginx

1 Answers1