Appwrite is an open-source backend-as-a-service: authentication, databases, storage, functions, messaging, and realtime, all behind a single API. It's a genuine alternative to Firebase or Supabase when you want to own your stack. Self-hosting it well means understanding that Appwrite is not one process — it's a coordinated set of services.
Understand the architecture first
The standard Appwrite deployment ships as a Docker Compose stack with a dozen-plus containers: the main API gateway (a Traefik proxy), the PHP application, MariaDB for metadata, Redis for caching and queues, and a fleet of worker containers (functions, messaging, builds, certificates, etc.). This matters because Appwrite was designed around Compose, and porting it to any other orchestrator means you take on responsibility for replicating that topology.
| Component | Role |
|---|---|
| Traefik | Ingress / TLS termination |
| Appwrite (PHP) | Main API |
| MariaDB | Primary datastore |
| Redis | Cache + queues |
| Workers | Functions, builds, messaging, certs |
| InfluxDB / Telegraf | Usage stats |
The realistic deployment path
For a managed Kubernetes-style platform, you have two honest options:
- 1Run the official Compose stack on a VM/compute instance you control, then point a domain at it. This is the path Appwrite officially documents and supports.
- 2Deploy the core services as separate managed components — the API container plus an external managed MariaDB-compatible MySQL and managed Redis — which removes two stateful services from the stack but requires more wiring.
On PandaStack, option 2 is attractive because you can attach a managed MySQL (5.7 or 8.x, MariaDB-compatible for Appwrite's needs) and managed Redis instead of running database containers inside your app pod. That keeps your stateful data on a backed-up managed service rather than ephemeral container storage. Be honest with yourself, though: Appwrite's worker containers expect to talk to each other, so a partial deployment needs careful service wiring and is more involved than a one-click app.
Required environment variables
Appwrite is configured almost entirely through environment variables. The critical ones:
_APP_ENV=production
_APP_DOMAIN=appwrite.yourdomain.com
_APP_DOMAIN_TARGET=appwrite.yourdomain.com
_APP_OPENSSL_KEY_V1=long-random-secret # encrypts data at rest
_APP_DB_HOST=your-managed-mysql-host
_APP_DB_PORT=3306
_APP_DB_USER=...
_APP_DB_PASS=...
_APP_DB_SCHEMA=appwrite
_APP_REDIS_HOST=your-managed-redis-host
_APP_REDIS_PORT=6379_APP_OPENSSL_KEY_V1 is non-negotiable: it encrypts sensitive data, and changing it later breaks decryption of existing records. Generate it once and store it as a platform secret.
TLS and domains
The Compose stack uses Traefik to obtain Let's Encrypt certificates. If you front Appwrite with a platform that already terminates TLS and issues SSL automatically (as PandaStack does via its Kong ingress and Cloudflare DNS), you should disable Appwrite's own certificate worker and set _APP_OPTIONS_FORCE_HTTPS=enabled so it trusts the upstream HTTPS. Otherwise you'll get two layers fighting over certificates.
Storage
Appwrite stores uploaded files on disk by default. In a containerized, possibly scale-to-zero environment, local disk is ephemeral — you'll lose files on restart. Configure _APP_STORAGE_DEVICE to use S3-compatible object storage so files persist independently of the container lifecycle. This is the most commonly missed production step.
Resource sizing
Appwrite's many containers are not free. The full stack wants meaningful CPU and memory; the free, smallest compute tiers are fine for kicking the tires but you'll want a compute- or memory-optimized tier once you have real users and active function executions.
References
- [Appwrite self-hosting docs](https://appwrite.io/docs/advanced/self-hosting)
- [Appwrite environment variables](https://appwrite.io/docs/advanced/self-hosting/environment-variables)
- [Appwrite storage configuration](https://appwrite.io/docs/advanced/self-hosting/storage)
- [Appwrite GitHub](https://github.com/appwrite/appwrite)
Self-hosting Appwrite is more involved than a single-container app, but pairing the API with a managed MySQL and managed Redis takes the riskiest stateful pieces off your plate. PandaStack's free tier includes both — explore it at [dashboard.pandastack.io](https://dashboard.pandastack.io).