Deployment Overview of Appwrite on Server¶
Prerequisites and Basic Requirements¶
To deploy the application, the following system requirements must be met:
-
Operating System: Linux (Debian/Ubuntu based preferred for
aptpackage management). -
Privileges: Root or sudo access is required to install packages and manage Docker.
-
Docker Components:
docker-compose-pluginmust be installed.
-
Network Ports:
-
Port
80: HTTP traffic (Internal/External). -
Port
443: HTTPS traffic (External). -
Port
8080: Traefik management interface (Localhost only).
-
FQDN of the final panel on the hostkey.in domain if avalible in format 'Server ID'.hostkey.in:¶
The application uses a dynamic subdomain based on the configured prefix and server ID:
- Format:
appwrite<ServerID>.hostkey.in
File and Directory Structure¶
The following directories are used for configuration, data persistence, and certificates:
| Path | Description |
|---|---|
/opt/appwrite | Main application directory containing deployment files |
/data/nginx/user_conf.d | Custom Nginx user configurations |
/var/run/docker.sock | Docker socket for container orchestration |
/tmp | Shared host mount for executor and runtimes |
Application installation process¶
The application is deployed using a docker-compose based deployment method. The core application version used in the primary configuration is appwrite/appwrite:1.9.0.
Deployment involves:
-
Creating the
/opt/appwritedirectory with permissions set to0755. -
Deploying the
docker-compose.ymland.envfiles to the application root. -
Executing
docker compose up -d --remove-orphanswithin the/opt/appwritedirectory.
Access Rights and Security¶
-
File Permissions:
-
Configuration files in
/opt/appwrite/.envare restricted with mode0600. -
The main application directory is set to
0755.
-
-
Network Isolation: Containers communicate via dedicated Docker networks:
gateway,appwrite, andruntimes. -
Traefik Security: Traefik is configured to listen on the host loopback interface for management (
127.0.0.1:8080) and standard ports for public traffic.
Databases¶
The application utilizes two primary database systems:
| Database | Image | Role |
|---|---|---|
| MongoDB | mongo:8.2.5 | Primary data storage (supports Replica Set) |
| Redis | redis:7.4.7-alpine | Caching and session management |
The MongoDB instance is initialized as a replica set (rs0) with authentication enabled via a generated keyfile for secure inter-container communication.
Docker Containers and Their Deployment¶
The deployment consists of several functional containers managed via docker compose.
| Container Name | Image | Role |
|---|---|---|
appwrite-traefik | traefik:3.6 | Edge router and SSL termination |
appwrite | appwrite/appwrite:1.9.0 | Core application logic |
appwrite-console | appwrite/console:7.8.26 | Administrative web interface |
appwrite-realtime | appwrite/appwrite:1.9.0 | Realtime WebSocket service |
appwrite-worker-* | appwrite/appwrite:1.9.0 | Various background workers (Audits, Webhooks, etc.) |
appwrite-assistant | appwrite/assistant:0.4.0 | AI Assistant integration |
openruntimes-executor | openruntimes/executor:0.7.22 | Function execution engine |
appwrite-mongodb | mongo:8.2.5 | Database service |
appwrite-redis | redis:7.4.7-alpine | Cache service |
Proxy Servers¶
The system utilizes Traefik as the primary reverse proxy and load balancer.
-
SSL/TLS: Traefik handles HTTPS termination using certificates stored in the
appwrite-certificatesvolume. -
Routing Rules:
-
The console is accessible via the
/consolepath prefix. -
Realtime services are accessible via the
/v1/realtimepath prefix. -
All other traffic is routed to the core Appwrite API.
-
Location of configuration files and data¶
Configuration and persistent data are managed through Docker volumes:
| Volume Name | Purpose |
|---|---|
appwrite-mongodb | MongoDB database files |
appwrite-redis | Redis data |
appwrite-uploads | User uploaded files |
appwrite-config | Application configuration and certificates |
appwrite-functions | Function source code and builds |
appwrite-builds | Compiled function binaries |
appwrite-sites | Static site content |
Available ports for connection¶
| Port | Service | Access Type |
|---|---|---|
80 | HTTP (Traefik) | Public |
443 | HTTPS (Traefik) | Public |
27017 | MongoDB | Internal/Local |
8080 | Traefik Dashboard | Localhost only |
Starting, Stopping, and Updating¶
Service management is performed using the following commands from within the /opt/appwrite directory:
-
Start Services:
docker compose up -d -
Stop Services:
docker compose down -
Update Configuration: After modifying
.envordocker-compose.yml, rundocker compose up -d --remove-orphans.