Skip to content

Deployment Overview of Appwrite on Server

Prerequisites and Basic Requirements

  • Operating System: Debian-based Linux distribution (APT package manager required).

  • Privileges: Root or sudo access to install system packages and manage Docker containers.

  • Domain Configuration: The domain must resolve to the server's public IP address.

  • Ports: Ports 80 (HTTP) and 443 (HTTPS) must be open on the firewall for external access.

  • Software: Docker Engine and Docker Compose must be installed.

FQDN Configuration

The application is configured to be accessible via the following Fully Qualified Domain Name (FQDN): appwrite<Server ID>.hostkey.in

The system utilizes the hostkey.in zone with the appwrite prefix. The final URL structure depends on the specific Server ID assigned to the instance.

File and Directory Structure

The application files, configurations, and data are stored in the following locations:

  • Installation Directory: /opt/appwrite

  • Docker Compose File: /opt/appwrite/docker-compose.yml

  • Environment Configuration: /opt/appwrite/.env

  • Storage Volumes: Managed internally by Docker as named volumes (e.g., appwrite-uploads, appwrite-config, appwrite-mariadb).

Application Installation Process

The installation process involves downloading the official Docker Compose template and environment file, configuring the domain settings, and launching the services.

  • Docker Compose Version: The system installs docker-compose via the APT package manager.

  • Application Version: Appwrite 1.5.10.

  • Execution:

    1. The directory /opt/appwrite is created.

    2. The docker-compose.yml is downloaded from https://appwrite.io/install/compose.

    3. The .env file is downloaded from https://appwrite.io/install/env.

    4. The _APP_DOMAIN variable is set to appwrite<Server ID>.hostkey.in.

    5. The _APP_EMAIL_CERTIFICATES variable is set to [email protected].

    6. Services are started using the docker compose up -d command.

Access Rights and Security

  • Network Mode: The Traefik proxy container uses host network mode to bind directly to ports 80 and 443.

  • Constraints: Docker labels are used to constrain Traefik routing to services with the traefik.constraint-label-stack=appwrite label.

  • Exposed Services: Only the Traefik container exposes ports 80 and 443 externally; other containers are internal only.

  • SSL/TLS: HTTPS is enforced for the main API and WebSocket connections via Traefik routing rules.

Databases

The application uses two primary database services:

  • MariaDB:

    • Image: mariadb:10.11

    • Volume: appwrite-mariadb (mounted at /var/lib/mysql)

    • Configuration: Configured with --innodb-flush-method=fsync.

  • Redis:

    • Image: redis:7.2.4-alpine

    • Volume: appwrite-redis (mounted at /data)

    • Settings: Max memory set to 512MB with allkeys-lru eviction policy.

Docker Containers and Their Deployment

The application consists of multiple containers orchestrated via Docker Compose. All containers use the logging driver json-file with a maximum of 5 files and 10MB per file.

Core Services

  • Traefik: Reverse proxy and load balancer (traefik:2.11).

  • Appwrite API: Main application service (appwrite/appwrite:1.5.10).

  • Appwrite Realtime: WebSocket handler (appwrite/appwrite:1.5.10 with entrypoint realtime).

  • MariaDB: Database (mariadb:10.11).

  • Redis: Cache and message broker (redis:7.2.4-alpine).

  • Appwrite Assistant: AI assistant service (appwrite/assistant:0.4.0).

  • OpenRuntimes Executor: Function execution environment (openruntimes/executor:0.5.7).

Worker and Task Containers

The following workers handle background processes:

  • appwrite-worker-audits

  • appwrite-worker-webhooks

  • appwrite-worker-deletes

  • appwrite-worker-databases

  • appwrite-worker-builds

  • appwrite-worker-certificates

  • appwrite-worker-functions

  • appwrite-worker-mails

  • appwrite-worker-messaging

  • appwrite-worker-migrations

  • appwrite-worker-usage

  • appwrite-worker-usage-dump

  • appwrite-task-maintenance

  • appwrite-task-scheduler-functions

  • appwrite-task-scheduler-messages

Docker Volumes

The following named volumes are defined to persist data:

  • appwrite-mariadb

  • appwrite-redis

  • appwrite-cache

  • appwrite-uploads

  • appwrite-certificates

  • appwrite-functions

  • appwrite-builds

  • appwrite-config

Proxy Servers

  • Proxy Software: Traefik (traefik:2.11).

  • Configuration Location: /storage/config (mapped from appwrite-config volume).

  • Entry Points:

    • appwrite_web: Port 80 (HTTP).

    • appwrite_websecure: Port 443 (HTTPS).

  • Routing:

    • HTTP traffic on port 80 is routed to the Appwrite API and WebSocket services.

    • HTTPS traffic on port 443 is routed with TLS enabled.

  • Constraints: Traefik only manages containers labeled with traefik.constraint-label-stack=appwrite.

Location of Configuration Files and Data

  • Main Configuration: /opt/appwrite/docker-compose.yml

  • Environment Variables: /opt/appwrite/.env

  • SSL Certificates: Stored in the appwrite-certificates volume.

  • User Configs for Nginx: /data/nginx/user_conf.d (Referenced in external Nginx setup).

  • Letsencrypt Secrets: /data/nginx (Referenced in external Nginx setup).

Available Ports for Connection

Port Protocol Service Description
80 TCP Traefik HTTP entry point for API and WebSockets.
443 TCP Traefik HTTPS entry point with TLS.

Starting, Stopping, and Updating

The application is managed using Docker Compose commands executed from the /opt/appwrite directory.

Start Services

To start the application stack in detached mode: 

cd /opt/appwrite
docker compose up -d

Stop Services

To stop the application stack: 

cd /opt/appwrite
docker compose stop

Restart Services

To restart all services: 

cd /opt/appwrite
docker compose restart

Update Images

To pull the latest images defined in the Docker Compose file: 

cd /opt/appwrite
docker compose pull

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×