doc: Added "Appwrite using NGINX as Reverse Proxy" resource

[WilfredAlmeida]

Added blog resource on how to deploy Appwrite on VPS server using NGINX as a reverse proxy

[stnguyen90]

Thanks for creating this PR! 🙏🏼 The content is very detailed and helpful!

Some things are missing, though.

1. Enabling SSL is very important, and it's best to have HTTPS traffic routed to Appwrite's HTTPS port. Missing that can cause problems with cookies.
2. Without some additional configuration on the traefik container, Appwrite will detect IPs as the Nginx proxy rather than the actual client (for example, in the audit logs or sessions
3. The Nginx config is missing some directives for realtime so the realtime API won't work.

[WilfredAlmeida]

Thanks for pointing it out. Will update the blog and let you know for further review.

[adityaoberai]

@WilfredAlmeida were you able to make the requested changes?

[WilfredAlmeida]

@stnguyen90 @adityaoberai

Enabling SSL is very important, and it's best to have HTTPS traffic routed to Appwrite's HTTPS port. Missing that can cause problems with cookies.

SSL from client -> server gateway can be enabled using certbot or any desired method.
Can SSL from NGINX to Appwrite on localhost be enabled by routing traffic to the HTTPS port? Like the below NGINX directive change

from
proxy_pass http://localhost:2021;

to
proxy_pass https://localhost:2022;

The Nginx config is missing some directives for realtime so the realtime API won't work.

The NGINX directives you suggested have been added.

I have updated my config as mentioned above and Appwrite loads fine. Will update more on testing its individual functionalities.

Without some additional configuration on the traefik container, Appwrite will detect IPs as the Nginx proxy rather than the actual client (for example, in the audit logs or sessions

I don't quite understand what config changes to do here. I found this blog post however it uses NGINX Proxy Manager. Need more help with this.

[stnguyen90]

@WilfredAlmeida,

1. Yes, proxy_pass https://localhost:2022; is good.
2. Yes, the services.traefik.command section is the relevant part. Btw, you should be able to test this by logging in to the console and looking at the activity for your user. The IP Address should show your public IP if it's working correctly.
3. I don't see the directives for realtime/websockets. Did you test if realtime works?

[adityaoberai]

@WilfredAlmeida did you get a chance to review the aforementioned points and update your blog?

[WilfredAlmeida]

@stnguyen90 @adityaoberai

No, I don't have any project workload yet to test the changes for traefik & realtime directives.

I'm open to some collaboration on this, as to I can provide an Appwrite instance for someone with an existing project to use it and I can make the changes to get all things working, or you can point out the exact things to add in which I can add in directly.

[adityaoberai]

@WilfredAlmeida, you can take this discussion (collaboration request) to the Appwrite Discord server.
In the meantime, since the collaboration + testing process might take some time, I'll close the PR until you can test the solution and update the blog as needed.