Skip to content

Instantly share code, notes, and snippets.

@sujaykumarh

sujaykumarh/.env

Created April 18, 2023 09:37
Show Gist options
  • Save sujaykumarh/292fec0885a7e28475f39e9ffdfe9a80 to your computer and use it in GitHub Desktop.
Save sujaykumarh/292fec0885a7e28475f39e9ffdfe9a80 to your computer and use it in GitHub Desktop.
Download ZIP
supabase-bug-report
Raw
.env
############
# Docker - docker specific config. uncomment for update default values
############
# DK_CONTAINER_NAME=supabase
# Container Versions
# SUPABASE_META_VER=v0.60.7
# IMGPROXY_VER=v3.13
# SUPABASE_STORAGEAPI_VER=v0.28.2
# SUPABASE_REALTIME_VER=v2.5.1
# POSTGREST_VER=v10.1.2
# SUPABASE_GOTRUE_VER=v2.47.0
# KONG_VER=2.8.1
# SUPABASE_STUDIO_VER=20230330-99fed3d
# POSTGRES_VER=15-alpine
# SUPABASE_POSTGRES_VER=15.1.0.54-rc0
############
# Secrets
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
############
JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
############
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
############
POSTGRES_HOST=db
POSTGRES_DB=supabase
POSTGRES_USER=supabase
POSTGRES_PASSWORD=postgres
POSTGRES_PORT=5432
# default user is postgres
############
# API Proxy - Configuration for the Kong Reverse proxy.
############
KONG_HTTP_PORT=8000
KONG_HTTPS_PORT=8443
############
# API - Configuration for PostgREST.
############
PGRST_DB_SCHEMAS=public,storage,graphql_public
############
# Auth - Configuration for the GoTrue authentication server.
############
## General
SITE_URL=http://supabase.localhost
API_EXTERNAL_URL=http://supabase.localhost
SUPABASE_KONG_URL=http://kong:8000
# SUPABASE_KONG_URL=http://supabase.localhost
ADDITIONAL_REDIRECT_URLS=
JWT_EXPIRY=3600
DISABLE_SIGNUP=false
MFA_ENABLED=false
## Mailer Config
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
MAILER_URLPATHS_INVITE="/auth/v1/verify"
MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
## Email auth
ENABLE_EMAIL_SIGNUP=true
ENABLE_EMAIL_AUTOCONFIRM=true
[email protected]
SMTP_HOST=supabase-mail
SMTP_PORT=2500
SMTP_USER=fake_mail_user
SMTP_PASS=fake_mail_password
SMTP_SENDER_NAME=fake_sender
## Phone auth
ENABLE_PHONE_SIGNUP=false
ENABLE_PHONE_AUTOCONFIRM=true
############
# Studio - Configuration for the Dashboard
############
STUDIO_DEFAULT_ORGANIZATION=Acme Inc
STUDIO_DEFAULT_PROJECT=Test Project
STUDIO_PORT=3000
# replace if you intend to use Studio outside of localhost
SUPABASE_PUBLIC_URL=http://supabase.localhost
# Enable webp support
IMGPROXY_ENABLE_WEBP_DETECTION=true
# Enable logging and observability in the UI
# NEXT_PUBLIC_ENABLE_LOGS=true
############
# Logs - Configuration for Logflare
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
############
LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key
# LOGFLARE_URL=http://localhost:54329
LOGFLARE_URL=http://logflare.localhost
# Change vector.toml sinks to reflect this change
LOGFLARE_HTTP_PORT=4001
LOGFLARE_API_KEY=your-super-secret-and-long-logflare-key
# Change vector.toml sources.docker_syslog to reflect this change
VECTOR_PORT=9000
VECTOR_API_PORT=9001
# Google Cloud Project details
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
Raw
README.md

volumes directory is exact copy at supabase/supabase/docker/volumes

when a file is uploaded to storage bucket public/private in the test i used a public bucket supabase the url should have been http://supabase.localhost/storage/v1/object/public/test/sample.png insted it generates http://kong:8000/storage/v1/object/public/test/sample.png

By default SUPABASE_PUBLIC_URL for url gen should have been used. The env variable SUPABASE_KONG_URL was added for testing.

Raw
docker-compose.yml
version: '3.8'
# refrence fixes for supabase selfhosting with traefik https://github.com/orgs/supabase/discussions/11228#discussioncomment-4727494
networks:
# for traefik
traefik-public:
name: traefik-public
external: true
# for supabase
supabase_net:
volumes:
supabase_data:
pg_data:
services:
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
# supabase studio
studio:
container_name: ${DK_CONTAINER_NAME:-supabase}_studio
image: supabase/studio:${SUPABASE_STUDIO_VER:-20230330-99fed3d}
depends_on:
- db
networks:
- traefik-public
- supabase_net
security_opt:
- no-new-privileges:true
labels:
traefik.enable: "true"
traefik.docker.network: traefik-public
traefik.http.routers.supabase-studio.entrypoints: http
traefik.http.routers.supabase-studio.service: supabase-studio
traefik.http.services.supabase-studio.loadbalancer.server.port: "3000"
traefik.http.routers.supabase-studio.rule: Host(`studio.supabase.localhost`)
environment:
STUDIO_PG_META_URL: http://meta:8080
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}
DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}
SUPABASE_URL: ${SUPABASE_KONG_URL}
# SUPABASE_URL: http://kong:8000
SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL}
SUPABASE_ANON_KEY: ${ANON_KEY}
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
kong:
image: kong:${KONG_VER:-2.8.1}
container_name: ${DK_CONTAINER_NAME:-supabase}_kong
restart: unless-stopped
networks:
- traefik-public
- supabase_net
security_opt:
- no-new-privileges:true
# ports:
# - ${KONG_HTTP_PORT}:8000/tcp
# - ${KONG_HTTPS_PORT}:8443/tcp
environment:
KONG_DATABASE: "off"
KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml
# https://github.com/supabase/cli/issues/14
KONG_DNS_ORDER: LAST,A,CNAME
KONG_PLUGINS: request-transformer,cors,key-auth,acl
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
volumes:
# https://github.com/supabase/supabase/issues/12661
- ./volumes/kong.yml:/var/lib/kong/kong.yml:ro
labels:
traefik.enable: "true"
traefik.docker.network: traefik-public
traefik.http.routers.supabase-kong.entrypoints: http
traefik.http.routers.supabase-kong.service: supabase-kong
traefik.http.services.supabase-kong.loadbalancer.server.port: "8000"
traefik.http.routers.supabase-kong.rule: Host(`supabase.localhost`)
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
auth:
container_name: ${DK_CONTAINER_NAME:-supabase}_auth
image: supabase/gotrue:${SUPABASE_GOTRUE_VER:-v2.47.0}
depends_on:
db: # Disable this if you are using an external Postgres database
condition: service_healthy
healthcheck:
test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ]
timeout: 5s
interval: 5s
retries: 3
restart: unless-stopped
networks:
# - traefik-public
- supabase_net
security_opt:
- no-new-privileges:true
environment:
GOTRUE_API_HOST: 0.0.0.0
GOTRUE_API_PORT: 9999
API_EXTERNAL_URL: ${API_EXTERNAL_URL}
GOTRUE_DB_DRIVER: postgres
GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
GOTRUE_SITE_URL: ${SITE_URL}
GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS}
GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP}
GOTRUE_JWT_ADMIN_ROLES: service_role
GOTRUE_JWT_AUD: authenticated
GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated
GOTRUE_JWT_EXP: ${JWT_EXPIRY}
GOTRUE_JWT_SECRET: ${JWT_SECRET}
GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP}
GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM}
# GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true
# GOTRUE_SMTP_MAX_FREQUENCY: 1s
GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL}
GOTRUE_SMTP_HOST: ${SMTP_HOST}
GOTRUE_SMTP_PORT: ${SMTP_PORT}
GOTRUE_SMTP_USER: ${SMTP_USER}
GOTRUE_SMTP_PASS: ${SMTP_PASS}
GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME}
GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE}
GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION}
GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY}
GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE}
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}
MFA_ENABLED: ${MFA_ENABLED}
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
rest:
container_name: ${DK_CONTAINER_NAME:-supabase}_rest
image: postgrest/postgrest:${POSTGREST_VER:-v10.1.2}
depends_on:
db: # Disable this if you are using an external Postgres database
condition: service_healthy
restart: unless-stopped
networks:
- supabase_net
security_opt:
- no-new-privileges:true
environment:
PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS}
PGRST_DB_ANON_ROLE: anon
PGRST_JWT_SECRET: ${JWT_SECRET}
PGRST_DB_USE_LEGACY_GUCS: "false"
realtime:
container_name: ${DK_CONTAINER_NAME:-supabase}_realtime
image: supabase/realtime:${SUPABASE_REALTIME_VER:-v2.5.1}
depends_on:
db: # Disable this if you are using an external Postgres database
condition: service_healthy
healthcheck:
test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ]
timeout: 5s
interval: 5s
retries: 3
restart: unless-stopped
networks:
- supabase_net
security_opt:
- no-new-privileges:true
environment:
PORT: 4000
DB_HOST: ${POSTGRES_HOST}
DB_PORT: ${POSTGRES_PORT}
DB_USER: supabase_admin
DB_PASSWORD: ${POSTGRES_PASSWORD}
DB_NAME: ${POSTGRES_DB}
DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime'
DB_ENC_KEY: supabaserealtime
API_JWT_SECRET: ${JWT_SECRET}
FLY_ALLOC_ID: fly123
FLY_APP_NAME: realtime
SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
ERL_AFLAGS: -proto_dist inet_tcp
ENABLE_TAILSCALE: "false"
DNS_NODES: "''"
command: >
sh -c "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server"
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
storage:
container_name: ${DK_CONTAINER_NAME:-supabase}_storage
image: supabase/storage-api:${SUPABASE_STORAGEAPI_VER:-v0.28.2}
depends_on:
db: # Disable this if you are using an external Postgres database
condition: service_healthy
rest:
condition: service_started
imgproxy:
condition: service_started
healthcheck:
test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/status" ]
timeout: 5s
interval: 5s
retries: 3
restart: unless-stopped
networks:
- supabase_net
security_opt:
- no-new-privileges:true
environment:
ANON_KEY: ${ANON_KEY}
SERVICE_KEY: ${SERVICE_ROLE_KEY}
POSTGREST_URL: http://rest:3000
PGRST_JWT_SECRET: ${JWT_SECRET}
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
FILE_SIZE_LIMIT: 52428800
STORAGE_BACKEND: file
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
TENANT_ID: stub
# TODO: https://github.com/supabase/storage-api/issues/55
REGION: stub
GLOBAL_S3_BUCKET: stub
ENABLE_IMAGE_TRANSFORMATION: "true"
IMGPROXY_URL: http://imgproxy:5001
volumes:
- supabase_data:/var/lib/storage:z
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
imgproxy:
container_name: ${DK_CONTAINER_NAME:-supabase}_imgproxy
image: darthsim/imgproxy:${IMGPROXY_VER:-v3.13}
healthcheck:
test: [ "CMD", "imgproxy", "health" ]
timeout: 5s
interval: 5s
retries: 3
environment:
IMGPROXY_BIND: ":5001"
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
IMGPROXY_USE_ETAG: "true"
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
volumes:
- supabase_data:/var/lib/storage:z
networks:
- supabase_net
security_opt:
- no-new-privileges:true
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
meta:
container_name: ${DK_CONTAINER_NAME:-supabase}_meta
image: supabase/postgres-meta:${SUPABASE_META_VER:-v0.60.7}
depends_on:
db: # Disable this if you are using an external Postgres database
condition: service_healthy
restart: unless-stopped
networks:
- supabase_net
security_opt:
- no-new-privileges:true
environment:
PG_META_PORT: 8080
PG_META_DB_HOST: ${POSTGRES_HOST}
PG_META_DB_PORT: ${POSTGRES_PORT}
PG_META_DB_NAME: ${POSTGRES_DB}
PG_META_DB_USER: supabase_admin
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #
# Comment out everything below this point if you are using an external Postgres database
db:
container_name: ${DK_CONTAINER_NAME:-supabase}_db
image: supabase/postgres:${SUPABASE_POSTGRES_VER:-15.1.0.54-rc0}
healthcheck:
test: pg_isready -U postgres -h localhost
interval: 5s
timeout: 5s
retries: 10
command:
- postgres
- -c
- config_file=/etc/postgresql/postgresql.conf
- -c
- log_min_messages=fatal # prevents Realtime polling queries from appearing in logs
restart: unless-stopped
networks:
- supabase_net
security_opt:
- no-new-privileges:true
# ports:
# # Pass down internal port because it's set dynamically by other services
# - ${POSTGRES_PORT}:${POSTGRES_PORT}
environment:
POSTGRES_HOST: /var/run/postgresql
PGPORT: ${POSTGRES_PORT}
POSTGRES_PORT: ${POSTGRES_PORT}
PGPASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATABASE: ${POSTGRES_DB}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
# Must be superuser to create event trigger
- ./volumes/db/webhooks.sql:/docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql:Z
# Must be superuser to alter reserved role
- ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/init-scripts/99-roles.sql:Z
# PGDATA directory is persisted between restarts
- pg_data:/var/lib/postgresql/data:Z
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment