functions custom domain issues in self hosted

I’m running self-hosted Appwrite (Docker) behind Traefik with Cloudflare proxy (Full/Strict).

Main domain works: https://app.printa4.in

Function subdomains fail TLS completely, e.g. https://<functionId>.functions.printa4.in

openssl result:

SSL alert number 40: handshake failure no peer certificate available

This means the origin doesn’t present any cert for function subdomains.

Setup:

Cloudflare terminates TLS

Traefik + Appwrite are HTTP-only

Env vars:

_APP_DOMAIN=app.printa4.in _APP_DOMAIN_FUNCTIONS=functions.printa4.in

Suspected cause: Function subdomains (*.functions.<domain>) don’t inherit routing automatically and require an explicit wildcard HostRegexp router in the reverse proxy.

Question: What is the official / recommended reverse-proxy configuration for Appwrite function subdomains when using Cloudflare + Traefik? Should TLS be handled at the proxy or by Appwrite itself for functions?

Any guidance or docs would be really helpful 🙏

TL;DR

Self-hosted Appwrite behind Traefik with Cloudflare proxy. Main domain works, but function subdomains fail TLS. Origin doesn't have a cert for function subdomains. Need wildcard HostRegexp router for function subdomains in reverse proxy. Need guidance on recommended config for function subdomains with Cloudflare + Traefik.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support