Skip to content
Start project
Back

functions custom domain issues in self hosted

  • 0
  • 2
  • Self Hosted
View on Discord
sathishzus
17 Jan, 2026, 16:50

I’m running self-hosted Appwrite (Docker) behind Traefik with Cloudflare proxy (Full/Strict).

Main domain works: https://app.printa4.in

Function subdomains fail TLS completely, e.g. https://<functionId>.functions.printa4.in

openssl result:

SSL alert number 40: handshake failure no peer certificate available

This means the origin doesn’t present any cert for function subdomains.

Setup:

Cloudflare terminates TLS

Traefik + Appwrite are HTTP-only

Env vars:

_APP_DOMAIN=app.printa4.in _APP_DOMAIN_FUNCTIONS=functions.printa4.in

Suspected cause: Function subdomains (*.functions.<domain>) don’t inherit routing automatically and require an explicit wildcard HostRegexp router in the reverse proxy.

Question: What is the official / recommended reverse-proxy configuration for Appwrite function subdomains when using Cloudflare + Traefik? Should TLS be handled at the proxy or by Appwrite itself for functions?

Any guidance or docs would be really helpful 🙏

TL;DR
Issue with setting up custom domains for functions in a self-hosted setup. Discusses problems with using Cloudflare proxy for second-layer subdomains and SSL generation by Traefik. Solution: For SSL error 526, check domain configuration using resources provided by Cloudflare support.
sathishzus
18 Jan, 2026, 03:42

<:Auth:1389993762654130246>

computed_fn
25 Apr, 2026, 18:05

Have you find a solution to this yet? I am having the exact same setup and issue right now

Ibaraki Douji
25 Apr, 2026, 19:19

if your using free proxied, iirc it don't support 2nd layer sub domains

Ibaraki Douji
25 Apr, 2026, 19:22

https://community.cloudflare.com/t/use-a-second-level-sub-domains-with-ssl/405833/4

Ibaraki Douji
25 Apr, 2026, 19:31

i also ping you since you also have the issue

computed_fn
25 Apr, 2026, 19:36

Yes, that is correct. But doesn't traefik generate SSL for the function subdomain? Or am I mistaken?

Ibaraki Douji
25 Apr, 2026, 19:37

yes, but you need to disable the proxy, as cloudflare with proxy basicly request itself from the server, then sends it to you with it's own server and ssl cert (if you check the ssl certificate, it's not let's encrypt)

computed_fn
25 Apr, 2026, 19:38

I see. Alright, thanks for the clarification

computed_fn
25 Apr, 2026, 19:39

I think I'll just ditch the first subdomain

Ibaraki Douji
25 Apr, 2026, 19:42

my setup with cloudflare is like this : *.appwrite.example.com > functions/sites > not proxied appwrite.example.com > console/api > proxied

so console shows cloudflare certificate and sites shows let's encrypt

also be carful, if you upload big files (iirc over 100mb) you cannot do it with proxied because of the free limitation (entreprise is 500mb)

computed_fn
25 Apr, 2026, 19:45

Yeah, I prefer to have the proxy on and I know about the size limitation. I wish appwrite would use a different approach to handle file upload via S3 compatible API so that we can use pre-signed url to do the upload directly to R2. But that's a separate matter

1
computed_fn
26 Apr, 2026, 03:19

So I have tried to use my method and it still fails with SSL error (Code 526)

computed_fn
26 Apr, 2026, 03:21

I feel like it has something to do with the config of my domain

Ibaraki Douji
29 Apr, 2026, 16:03

https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-526/

Ibaraki Douji
29 Apr, 2026, 16:03

seams like it's bettween your server and cloudflare

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more