Docker + https

[isetthestandard]

Hello, unfortunately I can't manage to configure affine with https. Affine should run on port 3025 but with https. Certificates are available. How can I switch from http to https?

Thank you!

[affine-issue-bot[bot]]

Issue Status: 🆕 *Untriaged

*🆕 Untriaged**

The team has not yet reviewed the issue. We usually do it within one business day. Docs: https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md

^{_{This is an automatic reply by the bot.}}

[HansAndreManfredson]

Hi @isetthestandard,

Could you show me your Compose file? I am using Affine with a reverse proxy (https://github.com/caddyserver) as well, and it works like a charm!

Greetings"

[isetthestandard]

I use the standard compose.yaml. I only added the flag AFFINE_SERVER_HTTPS. Do you have any instructions on how I can operate caddyserver with the self-hosted version of affine? Server configuration is not my strength. Thank you very much!

[sabirovrinat85]

ADDED: I got it! :) Container itself is running without HTTPS and on port 3010, I had to change only domain name, not a port and protocol, those should be 3010 and HTTPS: FALSE

Suppose I have same issue here.

I'm using Nginx Proxy Manager (Nginx+WebGUI, NPM)

After adding in compose lines like

AFFINE_SERVER_HOST: 'affine.HEREMYDOMAIN.COM' AFFINE_SERVER_PORT: 443 AFFINE_SERVER_HTTPS: true

acquiring letsencrypt certificate by NPM done smoothly

but when I enter by domain name get an error "502 Bad Gateway / openresty"

using local IP address and 'external' docker port give the web page successfully

if I comment out those 3 variables, I can get a web page by its domain name, but then magic links are send with localhost:3010 as target host

[artwist-polyakov]

Hello,

You need to launch Nginx on your server and set up traffic routing from your domain to the server's localhost:3010. After that, you can configure HTTPS using Let's Encrypt.

I plan to write a little manual after this issue is resolved: https://github.com/toeverything/AFFiNE/issues/8015

Thank you!

[artwist-polyakov]

Hi everyone, I’ve published a small guide on deploying self-hosted Affine on a server with domain setup

en: https://docs.polyakov.marketing/share/476a2681-7ede-4b3a-b8b7-291cd9299015/QcEtVycYtB7OB8BP-CP7Z

ru: https://docs.polyakov.marketing/share/476a2681-7ede-4b3a-b8b7-291cd9299015/81Ld3jjqzAeCkPIT3yXZ8

[emerikaji]

I suggest you use Traefik as a container reverse-proxy. Documentation is extensive, and you won't have to doany extra configuration on Affine's end besides adding the config labels for Traefik to route properly.

This will be much easier than setting up nginx/letsencrypt and won't require any extra package installation.

[artwist-polyakov]

@emerikaji there are a lot of same software https://nginxproxymanager.com/guide/ i think, that nginx is very stable, and reliable and has clear logs.

[emerikaji]

@artwist-polyakov I was suggesting a different solution that's suited specifically to the initial topic of using https on a Docker deployment, which Traefik is often used for in production.

The creator of this issue would likely be happier to have a wider assortment of options at their disposal- This is probably not the right discussion feed to debate which one is better.

[opvexe]

I used Caddy and then swapped it to aff, but found that the static page couldn't load?

Caddy

xxx.ai {

    reverse_proxy xxx_svc_affine:3010 {
        header_up X-Real-IP {http.request.remote}
        transport http {
            read_timeout 3m
            write_timeout 3m
        }
    }

docker-compose.yaml

services:
  affine:
    image: ghcr.io/toeverything/affine-graphql:stable
    container_name: affine_selfhosted
    command:
      ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js']
    ports:
      - '3010:3010'
      - '5555:5555'
    depends_on:
      redis:
        condition: service_healthy
      postgres:
        condition: service_healthy
    volumes:
      # custom configurations
      - ~/.affine/self-host/config:/root/.affine/config
      # blob storage
      - ~/.affine/self-host/storage:/root/.affine/storage
    logging:
      driver: 'json-file'
      options:
        max-size: '1000m'
    restart: unless-stopped
    environment:
      - NODE_OPTIONS="--import=./scripts/register.js"
      - AFFINE_CONFIG_PATH=/root/.affine/config
      - REDIS_SERVER_HOST=redis
      - DATABASE_URL=postgres://affine:affine@postgres:5432/affine
      - NODE_ENV=production
      - AFFINE_ADMIN_EMAIL=${AFFINE_ADMIN_EMAIL}
      - AFFINE_ADMIN_PASSWORD=${AFFINE_ADMIN_PASSWORD}
      # Telemetry allows us to collect data on how you use the affine. This data will helps us improve the app and provide better features.
      # Uncomment next line if you wish to quit telemetry.
      # - TELEMETRY_ENABLE=false
  redis:
    image: redis
    container_name: affine_redis
    restart: unless-stopped
    volumes:
      - ~/.affine/self-host/redis:/data
    healthcheck:
      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
      interval: 10s
      timeout: 5s
      retries: 5
  postgres:
    image: postgres
    container_name: affine_postgres
    restart: unless-stopped
    volumes:
      - ~/.affine/self-host/postgres:/var/lib/postgresql/data
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U affine']
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      POSTGRES_USER: affine
      POSTGRES_PASSWORD: affine
      POSTGRES_DB: affine
      PGDATA: /var/lib/postgresql/data/pgdata