New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃摎 Documentation: setup https #2481
Comments
Appwrite supports auto generation of SSL certificates using LetsEncrypt's CertBot. CertBot only support SSL on port 443. If your Appwrite instance have problems issuing a new certificate, you can use the following gist to debug the issue: https://gist.github.com/eldadfux/eb3ed1c4e5f43b7f7259469dd29312c5 |
Hi, thanks for your quick reply. Is there docs that deal with how to isntall appwrite on a server that already has https on port 443? I absolutely LOVE AppWrite (I moved from Firebase to AppWrite, and it's easier to setup than Parse), but it really needs more docs. Thanks |
@jenniestrongbow As per my experience, there's a way to install Appwrite on a server that already has ports 80 and 443 occupied. In my project, I had Apache installed on my server. I've installed Appwrite on Port 5500 (non-SSL) and Port 5501 (SSL) just select that during setup and select sudo a2enmod vhost_alias After that, add a new vHost for Appwrite by editing the
After that, add an sudo apt-get install python-certbot-apache Then, enable HTTPS by running the following command: certbot --apache -d appwrite.example.com Then the last and most important step, restart Apache: sudo apachectl restart The command may differ a bit, you can also restart apache by running the command:
If you're using NGINX, there's also something similar available but I don't have experience with that so just Google about that! |
Absolutely awesome!! Thanks a million. I'll try that and let you know if I succeeded. |
For nginx do the following: cd /etc/nginx/sites-available sudo touch appwrite.example.com // replace with own domain you created A record sudo vi appwrite.example.com paste the following: server {
} Then symlink: sudo ln -s /etc/nginx/sites-available/appwrite.example.com /etc/nginx/sites-enabled/ confirm nginx confirm: reload nginx conf: sudo service nginx reload install certbot: sudo apt install certbot python3-certbot-nginx obtain the ssl certificate: sudo certbot --nginx -d appwrite.example.com |
@jenniestrongbow Did my solution work? |
Hi Rajdeep, sorry I've been busy on so many other things. I just tried now, and https does not work. I installed appwrite on port 85. https on 444. I'm using Ubuntu.
Here is my content of the file (XXX replaces my real domain name): <VirtualHost *:80> Thanks |
I think that one of the issues is that I don't know how to install appwrite on a subdomain. I can only access it on http://[XXX].com:85 |
|
You'll need to edit the |
Thanks for your quick reply. I managed to install it on a subdomain. http://appwrite[XXX].com works fine. To do this, I edited my custom .conf file I created for my domain (I host several domain names on the same server). I didn't have any extra folder in my apache2. My default https is 443. I set 44 as my appwrite https. I entered the certbot command you suggested and I did not see any error. However https://appwrite[XXX].com doesn't work. Can you please help? |
Progress, I entered the certbot command for my subdomain and https://appwrite.[XXX].com/ now works, but it does not point to my appwrite server. http://appwrite.[XXX].com/ does though. |
What output you could see from certbot? |
Congratulations! You have successfully enabled https://appwrite.[XXX].com IMPORTANT NOTES:
|
That means everything is successful: Domain pointing, Proxying, vHosts, Certbot. So what's the issue now? |
https://appwrite.[XXX].com/ points to my homepage When http://appwrite.[XXX].com or http://appwrite.[XXX].com/console work fine |
You can't access your console on Domain. |
You can only use it as endpoint. |
I'm confused. I can access my console using my domain on http. What I really want to do is create an endpoint that works on https. But nothing I tried works. |
You can access your console with your IP (and port) as well. Can you try to use |
Actually, now every time I want to access http://[XXX].com, it redirects me to https://[XXX].com with a "Your connection is not private" (NET::ERR_CERT_COMMON_NAME_INVALID). It's like it's not even using the SSL certificate I created initially before using certbot. |
The only thing that work is http://appwrite.[XXX].com/. It shows the console. Nothing else works. |
Is it because I added the confirguration to my domain name .conf file? |
The other thing that works is http://[XXX].com:85/ . It shows my console too. |
Is it because I added the configuration below to my domain name .conf and not to the extra folder? <VirtualHost *:80> |
I made a mistake. Now... https://appwrite.[XXX].com/ points to my homepage When http://appwrite.[XXX].com or http://appwrite.[XXX].com/console work fine |
https://appwrite.[XXX].com/ should redirect to /console |
Nope, it stays on the main website. |
So you're using appwrite.[XXX].com for your main website? I think you're using both Appwrite and your website on the same subdomain |
yes, unfortunately. What I want is: http://[XXX].com and https://[XXX].com to lead to my main domain's content. |
Are you sure that there is no |
Yes, there was none when I started. |
Can you show me the output of |
apache2: Could not open configuration file DUMP_VHOSTS/apache2.conf: No such file or directory |
Try |
Or, |
FYI, I'm new to Ubuntu. I'm more of a Windows user. This worked: sudo apachectl -S [DOMAIN2] is the one I'm trying to setup appwrite SSL on. AH00112: Warning: DocumentRoot [/var/www/[DOMAIN1]/public_html/api] does not exist |
Can you try to restart Apache with |
And why you've set |
I restarted apache countless times. I need the www do redirect to my main domain, when appwrite.[DOMAIN2].com should redirect to my appwrite installation. |
If you're either proxying appwrite.[DOMAIN2].com and www.[DOMAIN2].com to your main domain or proxying both to your Appwrite Installation. www.[DOMAIN2].com is an alias of your Appwrite vHosts. |
Ok, I'll restart everything from scratch. I reverted my config to its original state. I'll let you know. Thanks a MILLION for your patience!! |
Ok, let me know once you're done! |
I think that what I'm trying to do is a lot simpler than I thought. My first problem is that I can't setup a subdomain on SSL. Once I've done that, I guess I can use the proxypass functions. But I'm struggling to setup a subdomain on SSL. I'll read about it and try to complete my task here. Thanks |
Hi, thanks to your help, I finally managed to make appwrite available on https. I always bought SSL certificates from Godaddy. I didn't know I could use Certbot!!! The key for me was to remove the conf file I created for my domain and start fresh following your example. I also had to add a vritual host (to the same file) for 443. This allowed me to access appwrite via a subdomain on https while my main website works too. I could also create my own endpoint!! Thanks |
Actually, when I add an endpoint, the console keeps showing in progress.
TLS are still "in progress" for both. Can you pls tell me what's wrong? Thanks |
You're using vHosts because you already have Port 80 and 443 occupied by Apache. So, they're doing the proxying for you and Certificate is also generated by Certbot for that vHost. So, Appwrite requires you to run it on Port 80 (non-SSL) and 443 (SSL) to generate Certificates as Certbot challenges can only be passed on these ports. So the there are 2 options: Run Appwrite on Port 80 and 443 OR Use vHosts AND use vHosts only. |
You can't use both Appwrite's custom domain feature and vHosts together. |
I got the same issue with Appwrite and vHosts saved me. |
I'm sure it makes sense to you :-) But not to me. :-) I removed the .conf file I created for my domain. Here is the conf cerbot created. Am I correct in assuming I'm only using virtual hosts? Do I need to change the ports of Appwrite (in my case 85/444)? Thanks: `
|
If I setup AppWrite on port s 80/443, does it mean the entire domain must be dedicated to AppWrite? Or can I also use it to serve my main website? |
If you set up Appwrite on Ports 80/443 then your entire server isn't fully dedicated to Appwrite. You can't set up other vHosts or use Apache but you can still run Python/Node.js apps on other ports and access them directly without pointing to any Domain. As per what I can see, it is proxying port 85 (make sure you can access Appwrite on this port) to both [DOMAIN].com and appwrite.[DOMAIN].com so do you want to use Appwrite on your Root Domain as well? If not, change ServerName to |
Thanks for your help, I made the changes you mentioned. I removed references to serveralias. I didn't see any change. Can you please tell me:
In a nutshell, I want all the appwrite functionalities (console and endpoint) to work on https://appwrite.[domain].com. And the rest of my website to work on https://[domain].com or other subdomains. At the moment, only my console works on https://appwrite.[domain].com. It should be easy to do and well documented but that's not the case unfortunately. I'm aware I'm a newbie to Linux though, but I doubt I'm the only one. Thanks |
When I set up vHosts, the API endpoint was working with HTTPS but in the Console, I can see Login Page though it was just saying "Incorrect Credentials" for some reason and the possible fix is to use Console by visiting vHosts (in Apache) setup is the only way to run Appwrite on the domain without running it in the default port. |
We have added more docs for Appwrite certificates here: https://appwrite.io/docs/certificates - this page also include instructions for debugging issues. |
Thank you a lot @Rajdeep-TG ! It works great ! |
馃挱 Description
Hi, I could not find in your documentation how to set up an https endpoint on an Ubuntu server. I have already set up my 443 port for my ssl certificate. How can I allow an appwrite endpoint on an SSL url (e.g. port 444). Thanks
馃憖 Have you spent some time to check if this issue has been raised before?
馃彚 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: