[SOLVED] How to set up traefik to serve another service alongside appwrite through a subdomain

TypeScript

services:
  traefik:
    image: traefik:2.7
    container_name: appwrite-traefik
    <<: *x-logging
    command:
      - --log.level=DEBUG
      - --api.insecure=true
      - --providers.file.directory=/storage/config
      - --providers.file.watch=true
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
      - --entrypoints.appwrite_web.address=:80
      - --entrypoints.appwrite_websecure.address=:443
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.email=myemail@domain.com
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock
      - appwrite-config:/storage/config:ro
      - appwrite-certificates:/storage/certificates:ro
    depends_on:
      - appwrite
    networks:
      - gateway
      - appwrite
      - tautulli

...

TL;DR

A user was experiencing difficulties setting up traefik to serve another service alongside appwrite through a subdomain. Another user recommended using Nginx Proxy server, providing a step-by-step guide on how to configure Appwrite behind Nginx. The original user was grateful for the guidance. There were some questions regarding running Appwrite on non-standard ports and whether updates would override port changes. The user discovered that `docker-compose.override.yml` does not override ports but extends them. They were able to make it work by modifying the ports in the main `docker-compose.yml` file. Eventually, the user was able to run NPM

TypeScript

...

  tautulli:
    image: ghcr.io/tautulli/tautulli
    container_name: tautulli
    restart: unless-stopped
    networks:
      - tautulli
    volumes:
      - tautulli-config:/config
    environment:
      - PUID=1001
      - PGID=1002
      - TZ=America/Edmonton
    labels:
      - traefik.enable=true
#      - traefik.http.routers.tautulli.tls=true
      - traefik.http.routers.tautulli.tls.certresolver=myresolver
      - traefik.http.routers.tautulli.entrypoints=websecure
      - traefik.http.routers.tautulli.rule=Host(`tautulli.domain.com`)
      - traefik.http.routers.tautulli.service=tautulli
      - traefik.http.services.tautulli.loadbalancer.server.port=8181
#    ports:
#      - 8181:8181

networks:
  gateway:
  appwrite:
  tautulli:
    internal: true
  runtimes:

volumes:
  appwrite-mariadb:
  appwrite-redis:
  appwrite-cache:
  appwrite-uploads:
  appwrite-certificates:
  appwrite-functions:
  appwrite-builds:
  appwrite-influxdb:
  appwrite-config:
  appwrite-executor:
  tautulli-config:

Btw, the error I get after restarting the services is NET::ERR_CERT_AUTHORITY_INVALID.

i highly recommend leaving appwrite's traefik container alone and using another proxy in frotn because upgrades will modify the appwrtie traefik and might wipe away any customizations you make.

I used nginx proxy manager (NPM) in front of my appwrite instance: https://medium.com/@stnguyen90/how-to-run-appwrite-behind-nginx-19348ed34243

Seems like a good read. I'll undo my changes for now and I'll read this after I have dinner. Thanks!

I'm not entirely sure I followed the guide but can you confirm if there are 3 files being discussed here? First would be my existing appwrite's docker-compose.yml file which I want to leave untouched. And then I'll create a docker-compose.override.yml to override some of the default network configurations of appwrite. And then create another docker-compose.yml file for NPM? Am I understanding this correctly? Sorry, I'm fairly new to reverse proxies.

Install NPM as per their instructions

On the appwrite side, you said to install using alternate ports like 8080 and 8443, but on your override settings, they are still on 80 and 443. Should I go ahead and change those to the alternate ports?

What do you mean? What exactly are you looking at?

The article says

Install Appwrite using non-standard ports like 8080 for HTTP and 8443 for HTTPS

But on the override file it shows:

TypeScript

- --entrypoints.appwrite_web.address=:80
- --entrypoints.appwrite_websecure.address=:443

This is correct because inside the container Appwrite runs on those ports

This is referring to the ports Appwrite is exposed on

So for my already running instance of appwrite on ports 80 and 443, I don't make any modifications, I'll just create an override file as shown on the article. And then create a separate docker compose file for NPM as also shown on the article. Then run docker compose up -d on both? And then do the GUI stuff after?

No. You need to look at the ports section of the Appwrite docker compose file

So I now have the NPM running. I'm able to access it either on <server_ip:81> or proxy.domain.com. That part is all good. Now I'm struggling to get appwrite to run. On my docker-compose.override.yml file on the same folder as the appwrite docker compose file, I have this:

TypeScript

version: '3'
services:
  traefik:
    command:
      - --accessLog=true
      - --providers.file.directory=/storage/config
      - --providers.file.watch=true
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
      - --entrypoints.appwrite_web.address=:80
      - --entrypoints.appwrite_websecure.address=:443
      - --entrypoints.appwrite_web.forwardedHeaders.trustedIPs=<server_id>
      - --entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=<server_id>
    ports:
      - 8080:80
      - 8443:443
networks:
  gateway:
    name: npm_gateway
    external: true

But when I restart the services I get:

Bind for 0.0.0.0:443 failed: port is already allocated

I tried 8080:8080 and 8443:8443 but I still got the same error. I'm not sure where it's getting the 443 binding from.

I was finally able to make it work.. but I had to modify the ports from the main docker-compose.yml file. I'm not sure why I couldn't override those settings with the docker-compose.override.yml file?

From the looks of it, docker-compose.override.yml doesn't override ports, it extends them. https://github.com/docker/compose/issues/3729

What's the best practice for running appwrite on non-standard ports? I'm guessing when an update comes along, it will override the port changes I made on the base docker-compose.yml file and I'll have to apply the changes again.

No, as part of the upgrade, you'll be asked what port you want Appwrite to run on. It will default to the previous values

Oh perfect, that means I don’t have to worry about it. Thanks!

@kathelia.dokgu Last week I was also struggling to handle multiple sites in my server. So I ended up using Nginx Proxy server. I have written a complete guide step by step that how you can configure Appwrite behind Nginx and same process can be done with other containers and as many sites as you want. Do contact if you need any further assistance in vps configuration. Guide https://medium.com/@zia-ch/how-to-run-appwrite-with-nginx-professionally-5ba420789ef0

@kathelia.dokgu Is this completely solved?

Yes.

[SOLVED] How to set up traefik to serve another service alongside appwrite through a subdomain

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support