From 1148db114bb965bcff39d17d53fe079ee6d4e83d Mon Sep 17 00:00:00 2001 From: Alan Mosko Date: Thu, 25 Jun 2026 18:52:11 -0300 Subject: [PATCH] feat: update supabase production template --- blueprints/supabase/docker-compose.yml | 455 ++++++++----------------- blueprints/supabase/template.toml | 365 ++------------------ meta.json | 2 +- 3 files changed, 165 insertions(+), 657 deletions(-) diff --git a/blueprints/supabase/docker-compose.yml b/blueprints/supabase/docker-compose.yml index 506ddc90..1af10480 100644 --- a/blueprints/supabase/docker-compose.yml +++ b/blueprints/supabase/docker-compose.yml @@ -1,138 +1,117 @@ -# Usage -# Start: docker compose up -# With helpers: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up -# Stop: docker compose down -# Destroy: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans -# Reset everything: ./reset.sh - -name: supabase +version: "3.8" services: - studio: - container_name: ${CONTAINER_PREFIX}-studio - image: supabase/studio:2025.04.21-sha-173cc56 + image: supabase/studio:2026.06.03-sha-0bca601 restart: unless-stopped healthcheck: test: [ - "CMD", - "node", - "-e", - "fetch('http://studio:3000/api/platform/profile').then((r) => {if (r.status !== 200) throw new Error(r.status)})" + "CMD-SHELL", + "node -e \"fetch('http://localhost:3000/api/platform/profile').then((r) => { if (r.status !== 200) throw new Error(r.status) })\"" ] timeout: 10s interval: 5s retries: 3 + start_period: 20s depends_on: - analytics: - condition: service_healthy + meta: + condition: service_started + volumes: + - ../files/volumes/snippets:/app/snippets:z + - ../files/volumes/functions:/app/edge-functions:ro,z environment: + HOSTNAME: "0.0.0.0" STUDIO_PG_META_URL: http://meta:8080 + POSTGRES_PORT: ${POSTGRES_PORT} + POSTGRES_HOST: ${POSTGRES_HOST} + POSTGRES_DB: ${POSTGRES_DB} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - + POSTGRES_USER_READ_WRITE: postgres + PG_META_CRYPTO_KEY: ${PG_META_CRYPTO_KEY} + PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} + PGRST_DB_MAX_ROWS: ${PGRST_DB_MAX_ROWS:-1000} + PGRST_DB_EXTRA_SEARCH_PATH: ${PGRST_DB_EXTRA_SEARCH_PATH:-public} DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION} DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT} OPENAI_API_KEY: ${OPENAI_API_KEY:-} - - SUPABASE_URL: ${SUPABASE_PUBLIC_URL} + SUPABASE_URL: http://kong:8000 SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL} SUPABASE_ANON_KEY: ${ANON_KEY} SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} AUTH_JWT_SECRET: ${JWT_SECRET} - - LOGFLARE_API_KEY: ${LOGFLARE_API_KEY} - LOGFLARE_URL: http://analytics:4000 - NEXT_PUBLIC_ENABLE_LOGS: true - # Comment to use Big Query backend for analytics - NEXT_ANALYTICS_BACKEND_PROVIDER: postgres - # Uncomment to use Big Query backend for analytics - # NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery + SUPABASE_PUBLISHABLE_KEY: ${SUPABASE_PUBLISHABLE_KEY:-} + SUPABASE_SECRET_KEY: ${SUPABASE_SECRET_KEY:-} + ENABLED_FEATURES_LOGS_ALL: "false" + SNIPPETS_MANAGEMENT_FOLDER: /app/snippets + EDGE_FUNCTIONS_MANAGEMENT_FOLDER: /app/edge-functions kong: - container_name: ${CONTAINER_PREFIX}-kong - image: kong:2.8.1 + image: kong/kong:3.9.1 restart: unless-stopped - # ports: - # - ${KONG_HTTP_PORT}:8000/tcp - # - ${KONG_HTTPS_PORT}:8443/tcp - expose: - - 8000 - - 8443 - volumes: - # https://github.com/supabase/supabase/issues/12661 - - ../files/volumes/api/kong.yml:/home/kong/temp.yml:ro,z + healthcheck: + test: ["CMD", "kong", "health"] + interval: 5s + timeout: 5s + retries: 5 + start_period: 20s depends_on: - analytics: + studio: condition: service_healthy + expose: + - "8000" + - "8443" + volumes: + - ../files/volumes/api/kong.yml:/home/kong/temp.yml:ro,z environment: KONG_DATABASE: "off" KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml - # https://github.com/supabase/cli/issues/14 KONG_DNS_ORDER: LAST,A,CNAME - KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth + KONG_DNS_NOT_FOUND_TTL: 1 + KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction,post-function KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k + KONG_PROXY_ACCESS_LOG: /dev/stdout combined SUPABASE_ANON_KEY: ${ANON_KEY} SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} + SUPABASE_PUBLISHABLE_KEY: ${SUPABASE_PUBLISHABLE_KEY:-} + SUPABASE_SECRET_KEY: ${SUPABASE_SECRET_KEY:-} + ANON_KEY_ASYMMETRIC: ${ANON_KEY_ASYMMETRIC:-} + SERVICE_ROLE_KEY_ASYMMETRIC: ${SERVICE_ROLE_KEY_ASYMMETRIC:-} DASHBOARD_USERNAME: ${DASHBOARD_USERNAME} DASHBOARD_PASSWORD: ${DASHBOARD_PASSWORD} - CONTAINER_PREFIX: ${CONTAINER_PREFIX} - # https://unix.stackexchange.com/a/294837 entrypoint: bash -c 'eval "echo \"$$(cat ~/temp.yml)\"" > ~/kong.yml && /docker-entrypoint.sh kong docker-start' auth: - container_name: ${CONTAINER_PREFIX}-auth - image: supabase/gotrue:v2.171.0 + image: supabase/gotrue:v2.189.0 restart: unless-stopped healthcheck: - test: - [ - "CMD", - "wget", - "--no-verbose", - "--tries=1", - "--spider", - "http://localhost:9999/health" - ] + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health"] timeout: 5s interval: 5s retries: 3 + start_period: 10s depends_on: db: - # Disable this if you are using an external Postgres database - condition: service_healthy - analytics: condition: service_healthy environment: - # the next line seems required if you want to be able to send mails from the supabase GUI - GOTRUE_MAILER_EXTERNAL_HOSTS: kong,${SUPABASE_HOST} GOTRUE_API_HOST: 0.0.0.0 GOTRUE_API_PORT: 9999 API_EXTERNAL_URL: ${API_EXTERNAL_URL} - GOTRUE_DB_DRIVER: postgres GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} - GOTRUE_SITE_URL: ${SITE_URL} GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} - GOTRUE_JWT_ADMIN_ROLES: service_role GOTRUE_JWT_AUD: authenticated GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated GOTRUE_JWT_EXP: ${JWT_EXPIRY} GOTRUE_JWT_SECRET: ${JWT_SECRET} - + GOTRUE_JWT_ISSUER: ${API_EXTERNAL_URL}/auth/v1 GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED: ${ENABLE_ANONYMOUS_USERS} GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} - - # Uncomment to bypass nonce check in ID Token flow. Commonly set to true when using Google Sign In on mobile. - # GOTRUE_EXTERNAL_SKIP_NONCE_CHECK: true - - # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true - # GOTRUE_SMTP_MAX_FREQUENCY: 1s GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} GOTRUE_SMTP_HOST: ${SMTP_HOST} GOTRUE_SMTP_PORT: ${SMTP_PORT} @@ -143,79 +122,47 @@ services: GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION} GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY} GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE} - GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} - # Uncomment to enable custom access token hook. Please see: https://supabase.com/docs/guides/auth/auth-hooks for full list of hooks and additional details about custom_access_token_hook - - # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true" - # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook" - # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS: "" - - # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED: "true" - # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/mfa_verification_attempt" - - # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED: "true" - # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/password_verification_attempt" - - # GOTRUE_HOOK_SEND_SMS_ENABLED: "false" - # GOTRUE_HOOK_SEND_SMS_URI: "pg-functions://postgres/public/custom_access_token_hook" - # GOTRUE_HOOK_SEND_SMS_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n" - - # GOTRUE_HOOK_SEND_EMAIL_ENABLED: "false" - # GOTRUE_HOOK_SEND_EMAIL_URI: "http://host.docker.internal:54321/functions/v1/email_sender" - # GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n" rest: - container_name: ${CONTAINER_PREFIX}-rest - image: postgrest/postgrest:v12.2.11 + image: postgrest/postgrest:v14.12 restart: unless-stopped depends_on: db: - # Disable this if you are using an external Postgres database - condition: service_healthy - analytics: condition: service_healthy + healthcheck: + test: ["CMD", "postgrest", "--ready"] + interval: 5s + timeout: 5s + retries: 3 + start_period: 10s environment: PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} + PGRST_DB_MAX_ROWS: ${PGRST_DB_MAX_ROWS:-1000} + PGRST_DB_EXTRA_SEARCH_PATH: ${PGRST_DB_EXTRA_SEARCH_PATH:-public} PGRST_DB_ANON_ROLE: anon - PGRST_JWT_SECRET: ${JWT_SECRET} + PGRST_ADMIN_SERVER_PORT: 3001 + PGRST_ADMIN_SERVER_HOST: localhost + PGRST_JWT_SECRET: ${JWT_JWKS:-${JWT_SECRET}} PGRST_DB_USE_LEGACY_GUCS: "false" PGRST_APP_SETTINGS_JWT_SECRET: ${JWT_SECRET} PGRST_APP_SETTINGS_JWT_EXP: ${JWT_EXPIRY} - command: - [ - "postgrest" - ] + command: ["postgrest"] realtime: - # This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain - container_name: realtime-dev.${CONTAINER_PREFIX}-realtime - image: supabase/realtime:v2.34.47 + image: supabase/realtime:v2.102.3 restart: unless-stopped depends_on: db: - # Disable this if you are using an external Postgres database - condition: service_healthy - analytics: condition: service_healthy healthcheck: - test: - [ - "CMD", - "curl", - "-sSfL", - "--head", - "-o", - "/dev/null", - "-H", - "Authorization: Bearer ${ANON_KEY}", - "http://localhost:4000/api/tenants/realtime-dev/health" - ] + test: ["CMD-SHELL", "curl -sSfL --head -o /dev/null -H \"Authorization: Bearer ${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"] timeout: 5s - interval: 5s + interval: 30s retries: 3 + start_period: 10s environment: PORT: 4000 DB_HOST: ${POSTGRES_HOST} @@ -227,209 +174,131 @@ services: DB_ENC_KEY: supabaserealtime API_JWT_SECRET: ${JWT_SECRET} SECRET_KEY_BASE: ${SECRET_KEY_BASE} + METRICS_JWT_SECRET: ${JWT_SECRET} ERL_AFLAGS: -proto_dist inet_tcp DNS_NODES: "''" RLIMIT_NOFILE: "10000" APP_NAME: realtime - SEED_SELF_HOST: true - RUN_JANITOR: true + SEED_SELF_HOST: "true" + RUN_JANITOR: "true" + DISABLE_HEALTHCHECK_LOGGING: "true" - # To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up storage: - container_name: ${CONTAINER_PREFIX}-storage - image: supabase/storage-api:v1.22.7 + image: supabase/storage-api:v1.60.4 restart: unless-stopped - volumes: - - ../files/volumes/storage:/var/lib/storage:z - healthcheck: - test: - [ - "CMD", - "wget", - "--no-verbose", - "--tries=1", - "--spider", - "http://storage:5000/status" - ] - timeout: 5s - interval: 5s - retries: 3 depends_on: db: - # Disable this if you are using an external Postgres database condition: service_healthy rest: condition: service_started imgproxy: condition: service_started + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://storage:5000/status"] + timeout: 5s + interval: 5s + retries: 3 + start_period: 10s + volumes: + - ../files/volumes/storage:/var/lib/storage:z environment: ANON_KEY: ${ANON_KEY} SERVICE_KEY: ${SERVICE_ROLE_KEY} POSTGREST_URL: http://rest:3000 - PGRST_JWT_SECRET: ${JWT_SECRET} + AUTH_JWT_SECRET: ${JWT_SECRET} DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} - FILE_SIZE_LIMIT: 52428800 - STORAGE_BACKEND: file + STORAGE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL} + REQUEST_ALLOW_X_FORWARDED_PATH: "true" + FILE_SIZE_LIMIT: ${STORAGE_FILE_SIZE_LIMIT:-52428800} + STORAGE_BACKEND: ${STORAGE_BACKEND:-file} + GLOBAL_S3_BUCKET: ${GLOBAL_S3_BUCKET} FILE_STORAGE_BACKEND_PATH: /var/lib/storage - TENANT_ID: stub - # TODO: https://github.com/supabase/storage-api/issues/55 - REGION: stub - GLOBAL_S3_BUCKET: stub + TENANT_ID: ${STORAGE_TENANT_ID} + REGION: ${REGION} ENABLE_IMAGE_TRANSFORMATION: "true" IMGPROXY_URL: http://imgproxy:5001 + S3_PROTOCOL_ACCESS_KEY_ID: ${S3_PROTOCOL_ACCESS_KEY_ID} + S3_PROTOCOL_ACCESS_KEY_SECRET: ${S3_PROTOCOL_ACCESS_KEY_SECRET} imgproxy: - container_name: ${CONTAINER_PREFIX}-imgproxy - image: darthsim/imgproxy:v3.8.0 + image: darthsim/imgproxy:v3.30.1 restart: unless-stopped volumes: - ../files/volumes/storage:/var/lib/storage:z healthcheck: - test: - [ - "CMD", - "imgproxy", - "health" - ] + test: ["CMD", "imgproxy", "health"] timeout: 5s interval: 5s retries: 3 + start_period: 10s environment: IMGPROXY_BIND: ":5001" IMGPROXY_LOCAL_FILESYSTEM_ROOT: / IMGPROXY_USE_ETAG: "true" - IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION} + IMGPROXY_AUTO_WEBP: ${IMGPROXY_AUTO_WEBP} + IMGPROXY_MAX_SRC_RESOLUTION: 16.8 meta: - container_name: ${CONTAINER_PREFIX}-meta - image: supabase/postgres-meta:v0.88.9 + image: supabase/postgres-meta:v0.96.6 restart: unless-stopped depends_on: db: - # Disable this if you are using an external Postgres database - condition: service_healthy - analytics: condition: service_healthy environment: PG_META_PORT: 8080 PG_META_DB_HOST: ${POSTGRES_HOST} PG_META_DB_PORT: ${POSTGRES_PORT} PG_META_DB_NAME: ${POSTGRES_DB} - PG_META_DB_USER: supabase_admin + PG_META_DB_USER: postgres PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} + CRYPTO_KEY: ${PG_META_CRYPTO_KEY} functions: - container_name: ${CONTAINER_PREFIX}-edge-functions - image: supabase/edge-runtime:v1.67.4 + image: supabase/edge-runtime:v1.74.0 restart: unless-stopped - volumes: - - ../files/volumes/functions:/home/deno/functions:Z depends_on: - analytics: + kong: condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "timeout 1 bash -c 'mounts section', -'############', -'CONTAINER_PREFIX=${container_name_prefix}', -'', -'############', -'# Secrets', -'# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION', -'# https://supabase.com/docs/guides/self-hosting/docker#securing-your-services', -'# In this version of the template they are generated randomly by dokploy helpers', -'# so you do not need to change them manually', -'# Go to https://supabase.com/docs/guides/self-hosting for more information', +'# Production Supabase configuration for Dokploy.', +'# Configure SUPABASE_PUBLIC_URL/API_EXTERNAL_URL with https after assigning a Dokploy domain.', +'# Configure SMTP_* before enabling production auth emails.', '############', '', 'SUPABASE_HOST=${main_domain}', @@ -59,61 +43,36 @@ env = [ 'DASHBOARD_PASSWORD=${dashboard_password}', 'SECRET_KEY_BASE=${secret_key_base}', 'VAULT_ENC_KEY=${vault_enc_key}', -'', -'', -'############', -'# Database - You can change these to any PostgreSQL database that has logical replication enabled.', -'############', +'PG_META_CRYPTO_KEY=${pg_meta_crypto_key}', '', 'POSTGRES_HOST=db', 'POSTGRES_DB=postgres', 'POSTGRES_PORT=5432', -'# default user is postgres', '', -'', -'############', -'# Supavisor -- Database pooler', -'############', 'POOLER_PROXY_PORT_TRANSACTION=6543', 'POOLER_DEFAULT_POOL_SIZE=20', 'POOLER_MAX_CLIENT_CONN=100', -'POOLER_TENANT_ID=your-tenant-id', -'', -'', -'############', -'# API Proxy - Configuration for the Kong Reverse proxy.', -'# Following ports should not be changed for a dokploy config unless you know what you are doing.', -'############', +'POOLER_DB_POOL_SIZE=5', +'POOLER_TENANT_ID=default', '', 'KONG_HTTP_PORT=8000', 'KONG_HTTPS_PORT=8443', '', -'', -'############', -'# API - Configuration for PostgREST.', -'############', -'', 'PGRST_DB_SCHEMAS=public,storage,graphql_public', +'PGRST_DB_MAX_ROWS=1000', +'PGRST_DB_EXTRA_SEARCH_PATH=public', '', -'', -'############', -'# Auth - Configuration for the GoTrue authentication server.', -'############', -'', -'## General', 'SITE_URL=http://localhost:3000', 'ADDITIONAL_REDIRECT_URLS=http://${main_domain}/*,http://localhost:3000/*', 'JWT_EXPIRY=3600', 'DISABLE_SIGNUP=false', 'API_EXTERNAL_URL=http://${main_domain}', '', -'## Mailer Config', -'MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"', -'MAILER_URLPATHS_INVITE="/auth/v1/verify"', -'MAILER_URLPATHS_RECOVERY="/auth/v1/verify"', -'MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"', +'MAILER_URLPATHS_CONFIRMATION=/auth/v1/verify', +'MAILER_URLPATHS_INVITE=/auth/v1/verify', +'MAILER_URLPATHS_RECOVERY=/auth/v1/verify', +'MAILER_URLPATHS_EMAIL_CHANGE=/auth/v1/verify', '', -'## Email auth', 'ENABLE_EMAIL_SIGNUP=true', 'ENABLE_EMAIL_AUTOCONFIRM=false', 'SMTP_ADMIN_EMAIL=admin@example.com', @@ -124,52 +83,27 @@ env = [ 'SMTP_SENDER_NAME=fake_sender', 'ENABLE_ANONYMOUS_USERS=false', '', -'## Phone auth', 'ENABLE_PHONE_SIGNUP=true', 'ENABLE_PHONE_AUTOCONFIRM=true', '', -'', -'############', -'# Studio - Configuration for the Dashboard', -'############', -'', 'STUDIO_DEFAULT_ORGANIZATION=Default Organization', 'STUDIO_DEFAULT_PROJECT=Default Project', -'', -'STUDIO_PORT=3000', -'# replace if you intend to use Studio outside of localhost', 'SUPABASE_PUBLIC_URL=http://${main_domain}', -'', -'# Enable webp support', -'IMGPROXY_ENABLE_WEBP_DETECTION=true', -'', -'# Add your OpenAI API key to enable SQL Editor Assistant', +'SUPABASE_PUBLISHABLE_KEY=', +'SUPABASE_SECRET_KEY=', 'OPENAI_API_KEY=', '', -'', -'############', -'# Functions - Configuration for Functions', -'############', -'# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.', 'FUNCTIONS_VERIFY_JWT=false', '', +'STORAGE_FILE_SIZE_LIMIT=52428800', +'STORAGE_BACKEND=file', +'STORAGE_TENANT_ID=stub', +'GLOBAL_S3_BUCKET=stub', +'REGION=local', +'S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}', +'S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}', '', -'############', -'# Logs - Configuration for Logflare', -'# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction', -'############', -'', -'LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key', -'', -'# Change vector.toml sinks to reflect this change', -'LOGFLARE_API_KEY=${logflare_api_key}', -'', -'# Docker socket location - this value will differ depending on your OS', -'DOCKER_SOCKET_LOCATION=/var/run/docker.sock', -'', -'# Google Cloud Project details', -'GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID', -'GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER'] +'IMGPROXY_AUTO_WEBP=true'] [[config.mounts]] filePath = "/volumes/api/kong.yml" @@ -309,7 +243,7 @@ services: ## Secure Realtime routes - name: realtime-v1-ws _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*' - url: http://realtime-dev.${CONTAINER_PREFIX}-realtime:4000/socket + url: http://realtime:4000/socket protocol: ws routes: - name: realtime-v1-ws @@ -329,7 +263,7 @@ services: - anon - name: realtime-v1-rest _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*' - url: http://realtime-dev.${CONTAINER_PREFIX}-realtime:4000/api + url: http://realtime:4000/api protocol: http routes: - name: realtime-v1-rest @@ -371,15 +305,6 @@ services: plugins: - name: cors - ## Analytics routes - - name: analytics-v1 - _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*' - url: http://analytics:4000/ - routes: - - name: analytics-v1-all - strip_path: true - paths: - - /analytics/v1/ ## Secure Database routes - name: meta @@ -813,242 +738,6 @@ serve(async (req: Request) => { }) """ -[[config.mounts]] -filePath = "/volumes/logs/vector.yml" -content = """api: - enabled: true - address: 0.0.0.0:9001 - -sources: - docker_host: - type: docker_logs - exclude_containers: - - ${container_name_prefix}-vector - -transforms: - project_logs: - type: remap - inputs: - - docker_host - source: |- - .project = "default" - .event_message = del(.message) - .appname = replace!(del(.container_name), "${container_name_prefix}", "supabase") - del(.container_created_at) - del(.container_id) - del(.source_type) - del(.stream) - del(.label) - del(.image) - del(.host) - del(.stream) - router: - type: route - inputs: - - project_logs - route: - kong: '.appname == "supabase-kong"' - auth: '.appname == "supabase-auth"' - rest: '.appname == "supabase-rest"' - realtime: '.appname == "realtime-dev.${CONTAINER_PREFIX}-realtime"' - storage: '.appname == "supabase-storage"' - functions: '.appname == "supabase-edge-functions"' - db: '.appname == "supabase-db"' - # Ignores non nginx errors since they are related with kong booting up - kong_logs: - type: remap - inputs: - - router.kong - source: |- - req, err = parse_nginx_log(.event_message, "combined") - if err == null { - .timestamp = req.timestamp - .metadata.request.headers.referer = req.referer - .metadata.request.headers.user_agent = req.agent - .metadata.request.headers.cf_connecting_ip = req.client - .metadata.request.method = req.method - .metadata.request.path = req.path - .metadata.request.protocol = req.protocol - .metadata.response.status_code = req.status - } - if err != null { - abort - } - # Ignores non nginx errors since they are related with kong booting up - kong_err: - type: remap - inputs: - - router.kong - source: |- - .metadata.request.method = "GET" - .metadata.response.status_code = 200 - parsed, err = parse_nginx_log(.event_message, "error") - if err == null { - .timestamp = parsed.timestamp - .severity = parsed.severity - .metadata.request.host = parsed.host - .metadata.request.headers.cf_connecting_ip = parsed.client - url, err = split(parsed.request, " ") - if err == null { - .metadata.request.method = url[0] - .metadata.request.path = url[1] - .metadata.request.protocol = url[2] - } - } - if err != null { - abort - } - # Gotrue logs are structured json strings which frontend parses directly. But we keep metadata for consistency. - auth_logs: - type: remap - inputs: - - router.auth - source: |- - parsed, err = parse_json(.event_message) - if err == null { - .metadata.timestamp = parsed.time - .metadata = merge!(.metadata, parsed) - } - # PostgREST logs are structured so we separate timestamp from message using regex - rest_logs: - type: remap - inputs: - - router.rest - source: |- - parsed, err = parse_regex(.event_message, r'^(?P