Back to Blog
Tutorial11 min read2026-06-30

How to Self-Host Appwrite on PandaStack

Appwrite is a full backend-as-a-service you can run yourself. Here's how its multi-container architecture maps onto a managed platform, the required env vars, and what to watch for in production.

Ajay Kumar
Ajay Kumar
Founder & DevOps, PandaStack

Appwrite is an open-source backend-as-a-service: authentication, databases, storage, functions, messaging, and realtime, all behind a single API. It's a genuine alternative to Firebase or Supabase when you want to own your stack. Self-hosting it well means understanding that Appwrite is not one process — it's a coordinated set of services.

Understand the architecture first

The standard Appwrite deployment ships as a Docker Compose stack with a dozen-plus containers: the main API gateway (a Traefik proxy), the PHP application, MariaDB for metadata, Redis for caching and queues, and a fleet of worker containers (functions, messaging, builds, certificates, etc.). This matters because Appwrite was designed around Compose, and porting it to any other orchestrator means you take on responsibility for replicating that topology.

ComponentRole
TraefikIngress / TLS termination
Appwrite (PHP)Main API
MariaDBPrimary datastore
RedisCache + queues
WorkersFunctions, builds, messaging, certs
InfluxDB / TelegrafUsage stats

The realistic deployment path

For a managed Kubernetes-style platform, you have two honest options:

  1. 1Run the official Compose stack on a VM/compute instance you control, then point a domain at it. This is the path Appwrite officially documents and supports.
  2. 2Deploy the core services as separate managed components — the API container plus an external managed MariaDB-compatible MySQL and managed Redis — which removes two stateful services from the stack but requires more wiring.

On PandaStack, option 2 is attractive because you can attach a managed MySQL (5.7 or 8.x, MariaDB-compatible for Appwrite's needs) and managed Redis instead of running database containers inside your app pod. That keeps your stateful data on a backed-up managed service rather than ephemeral container storage. Be honest with yourself, though: Appwrite's worker containers expect to talk to each other, so a partial deployment needs careful service wiring and is more involved than a one-click app.

Required environment variables

Appwrite is configured almost entirely through environment variables. The critical ones:

_APP_ENV=production
_APP_DOMAIN=appwrite.yourdomain.com
_APP_DOMAIN_TARGET=appwrite.yourdomain.com
_APP_OPENSSL_KEY_V1=long-random-secret   # encrypts data at rest
_APP_DB_HOST=your-managed-mysql-host
_APP_DB_PORT=3306
_APP_DB_USER=...
_APP_DB_PASS=...
_APP_DB_SCHEMA=appwrite
_APP_REDIS_HOST=your-managed-redis-host
_APP_REDIS_PORT=6379

_APP_OPENSSL_KEY_V1 is non-negotiable: it encrypts sensitive data, and changing it later breaks decryption of existing records. Generate it once and store it as a platform secret.

TLS and domains

The Compose stack uses Traefik to obtain Let's Encrypt certificates. If you front Appwrite with a platform that already terminates TLS and issues SSL automatically (as PandaStack does via its Kong ingress and Cloudflare DNS), you should disable Appwrite's own certificate worker and set _APP_OPTIONS_FORCE_HTTPS=enabled so it trusts the upstream HTTPS. Otherwise you'll get two layers fighting over certificates.

Storage

Appwrite stores uploaded files on disk by default. In a containerized, possibly scale-to-zero environment, local disk is ephemeral — you'll lose files on restart. Configure _APP_STORAGE_DEVICE to use S3-compatible object storage so files persist independently of the container lifecycle. This is the most commonly missed production step.

Resource sizing

Appwrite's many containers are not free. The full stack wants meaningful CPU and memory; the free, smallest compute tiers are fine for kicking the tires but you'll want a compute- or memory-optimized tier once you have real users and active function executions.

References

  • [Appwrite self-hosting docs](https://appwrite.io/docs/advanced/self-hosting)
  • [Appwrite environment variables](https://appwrite.io/docs/advanced/self-hosting/environment-variables)
  • [Appwrite storage configuration](https://appwrite.io/docs/advanced/self-hosting/storage)
  • [Appwrite GitHub](https://github.com/appwrite/appwrite)

Self-hosting Appwrite is more involved than a single-container app, but pairing the API with a managed MySQL and managed Redis takes the riskiest stateful pieces off your plate. PandaStack's free tier includes both — explore it at [dashboard.pandastack.io](https://dashboard.pandastack.io).

Ready to deploy?

Start free on PandaStack.

Start free on PandaStack

More in Tutorial

Browse all Tutorial articles →

See also