Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Recovery Email URL ignores any environment variable that declares hostname/FQDN, uses URL of user insteadΒ #11391

New issue
New issue
Open
Bug
Open
Recovery Email URL ignores any environment variable that declares hostname/FQDN, uses URL of user instead#11391
Bug
Labels
product / authFixes and upgrades for the Appwrite Auth / Users / Teams services.product / databasesFixes and upgrades for the Appwrite Database.product / domainsFixes and upgrades for the Appwrite Domains.product / functionsFixes and upgrades for the Appwrite Functions.product / sitesFixes and upgrades for Appwrite Sites.product / storageFixes and upgrades for the Appwrite Storage.
@BloodyIron

Description

@BloodyIron
BloodyIron
opened on Feb 24, 2026

πŸ‘Ÿ Reproduction steps

Version: v1.8.1
Docker compose method, latest image of course

I have multiple declarations declaring the FQDN in the .env file, so far as I can tell all variables are set to it (whatever.domain.com). This includes:

  1. _APP_DOMAIN
  2. _APP_DOMAIN_TARGET
  3. _APP_DOMAIN_TARGET_CNAME

But when I send a recovery password E-Mail, the link that is E-Mailed to me IGNORES these values, and only uses the URL of the user triggering the password reset.

The way I can tell this is I'm in the later stages of setting up a Dev AppWrite environment, so there's an external NGINX Reverse proxy on the LAN in-front of it. I wanted it to do TLS termination, and just run HTTP/80 from the AppWrite host (VM with Docker Compose).

So in testing to try and figure out why the recovery E-Mail messages kept sending the wrong message, I kept using:

http://xx.xx.xx.xx/

As in, xx.xx.xx.xx is the LAN IP of the AppWrite system.

The webGUI works (with HTTPS forced off, of course), and when I trigger the recovery E-Mail in that context the link in the E-Mail for recovering passwords is http://xx.xx.xx.xx/ INSTEAD of the FQDN (which is what I want every time.

Turning on forced HTTPS and going to https://xx.xx.xx.xx:443/ does not result in the recovery URL being the FQDN, it instead now is https://xx.xx.xx.xx/

The recovery E-Mail link DOES NOT use the FQDN until I access the host via https://whatever.domain.com/ and trigger the password recovery process, THEN the E-Mailed URL is https://whatever.domain.com

So to me this is a bug as the multiple domain declarations are being ignored. This probably includes invites, but I haven't fully tested that yet.

πŸ‘ Expected behavior

I expected all E-Mailed URLs to explicitly use some form of the environment variable declared domains. Also this scenario isn't documented anywhere, how am I the first to encounter this?

πŸ‘Ž Actual Behavior

Already described

🎲 Appwrite version

Version 1.8.x

πŸ’» Operating system

Linux

🧱 Your Environment

Ubuntu Server 24.04 with common Docker packages and using the docker compose + .env file method as per AppWrite documentation.

πŸ‘€ Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏒 Have you read the Code of Conduct?

Metadata

Metadata

Assignees

No one assigned

    Labels

    product / authFixes and upgrades for the Appwrite Auth / Users / Teams services.product / databasesFixes and upgrades for the Appwrite Database.product / domainsFixes and upgrades for the Appwrite Domains.product / functionsFixes and upgrades for the Appwrite Functions.product / sitesFixes and upgrades for Appwrite Sites.product / storageFixes and upgrades for the Appwrite Storage.

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions