AFFiNE Docs
Try Online
Try Online

Domain and HTTPS

When sharing your AFFiNE instance with others or publishing docs on the internet, use a recognizable host name instead of exposing your device IP address directly. Add SSL/TLS, also known as HTTPS, for basic transport security.

The most common way to publish AFFiNE under a domain with HTTPS is to use a reverse proxy. Common reverse proxy tools include Nginx, Caddy, and Apache HTTP Server.

This page demonstrates Nginx and Caddy examples.

WebSocket

WebSocket is required for the AFFiNE sync and collaboration system. Make sure your proxy allows WebSocket traffic.

Terms

Domain

Use a host name such as affine.example.com for reverse proxy configuration. Do not include https:// in server_name.

External URL

The external URL is the full public URL prefix for AFFiNE shareable links, such as https://affine.example.com. Set it in the Admin Panel after the reverse proxy is working.

Reverse Proxy

Nginx

Nginx is a common reverse proxy for web applications.

Below is an example Nginx configuration for proxying AFFiNE requests.

server {
  server_name <your-domain>;

  # Maximum allowed upload size.
  client_max_body_size 100m;

  # Set required headers.
  proxy_set_header Host              $http_host;
  proxy_set_header X-Real-IP         $remote_addr;
  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  # WebSocket config for the sync system.
  proxy_http_version 1.1;
  proxy_set_header Upgrade           $http_upgrade;
  proxy_set_header Connection        "upgrade";

  location / {
    # Proxy all requests to the AFFiNE instance.
    # Modify port 3010 if AFFiNE listens on a different port.
    proxy_pass http://<ip-or-localhost>:3010;
  }
}

HTTPS

server {
  listen 80;
  server_name <your-domain>;

  location / {
    return 301 https://$host$request_uri;
  }
}

server {
  listen 443 ssl;
  server_name <your-domain>;

  ssl_certificate /path/to/your_certificate;
  ssl_certificate_key /path/to/your_certificate_key;

  # Maximum allowed upload size.
  client_max_body_size 100m;

  # Set required headers.
  proxy_set_header Host              $http_host;
  proxy_set_header X-Real-IP         $remote_addr;
  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  # WebSocket config for the sync system.
  proxy_http_version 1.1;
  proxy_set_header Upgrade           $http_upgrade;
  proxy_set_header Connection        "upgrade";

  location / {
    proxy_pass http://<ip-or-localhost>:3010;
  }
}

Caddy

Caddy is a straightforward reverse proxy with integrated HTTPS support.

<your-domain> {
  reverse_proxy http://<ip-or-localhost>:3010
}

App links

After setting up the reverse proxy, AFFiNE should be available at your own host, similar to https://app.affine.pro.

One more step is required.

Go to Admin -> Settings -> Server and set external url to the full public URL you used for the reverse proxy, such as https://affine.example.com. AFFiNE uses this value to generate links that other people can access, such as invitation links and public doc links.

External URL setting
ON THIS PAGE