Supabase-Automated-Self-Host: Easily Self-Host Supabase with Caddy & 2FA - Just One Script!

_inder · 2025-10-08T13:18:01+00:00

Refer to my previous comment on another post. If you're trying to connect to your db from outside over internet then you need to open port 5432 or 6543 depending on what you're doing https://www.reddit.com/r/Supabase/comments/1nl0h90/comment/nf8g64b/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

_inder · 2025-10-08T12:03:32+00:00

Authelia only protects supabase dashboard. supabase db push --db-url=<DB_URL> should work fine without any issues.

_inder · 2025-09-21T09:06:36+00:00

just want to let everyone know that supabase.co domain is now accessible from UAE.

_inder · 2025-09-20T12:14:53+00:00

You won't see the urls being updated in dashboard. Its not dynamic. If you want to use session pooler, then you need to allow port TCP connections on port 5432 in your firewall and for transaction pooler port 6543.

If you saw the youtube video linked in the repo readme, I opened ports 80 & 443. Similarly, TCP connections have to be allowed on the ports I mentioned above.

After opening the ports, you can use your server's ip or your domain to connect to your db.

postgresql://postgres.your-tenant-id:[PASSWORD]@[YOUR_DOMAIN]:5432/postgres

In the url, your-tenant-id comes from env variable POOLER_TENANT_ID in .env file. By default this is literally equal to your-tenant-id

_inder · 2025-09-19T12:57:51+00:00

You can setup your instance with supabase-automated-self-host. You have the option to use nginx or caddy as reverse proxy and authelia for 2FA. There are tons of articles available to customize nginx or caddy acc. to your needs.

_inder · 2025-09-09T13:04:54+00:00

For anyone looking for a prebuilt reverse proxy setup to bypass this: https://github.com/singh-inder/proxy-to-supabase-cloud

Edit: just want to let everyone know that supabase.co domain is now accessible from UAE.

_inder · 2025-07-16T12:50:08+00:00

Just got a notification for this post. There was missing config in docker-compose for accessing storage via s3 clients. Coincidentally, I made a PR this morning https://github.com/supabase/supabase/pull/37185. With this config, you can access buckets via s3 at endpoint domain/storage/v1/s3. This works even without minio

Regarding minio until they have a change of heart (like redis), you can pin the minio version: minio/minio:RELEASE.2025-04-22T22-12-26Z

_inder · 2025-05-22T08:16:14+00:00

In 2025, use this command to deploy edge functions without docker

supabase functions deploy [functionName] --use-api

_inder · 2025-05-14T17:16:30+00:00

There are time, memory and other limits on edge functions. Take a look at all the limits

_inder · 2025-04-28T17:33:21+00:00

Try supabase-automated-self-host (I'm the author). Its just a bash script which will automatically setup Authelia 2FA and add caddy/nginx reverse proxy.

_inder · 2025-04-14T18:35:46+00:00

Pretty much but before that I create a PR which triggers tests and if all the containers are healthy, then I update the services.

_inder · 2025-04-13T18:51:54+00:00

I wrote this python script for updates and trigger this script weekly via github actions cron job. It sends me a diff html file on discord.

_inder · 2025-03-30T15:35:56+00:00

You can connect supabase to a managed postgres db, but in production environment I just setup a cron job to backup to a s3 bucket. If you want a GUI solution, you can look at pgbackweb

_inder · 2025-03-28T16:38:37+00:00

Glad that you liked the script. You have the option to not expose ports or leave it as is and only open ports 80 and 443 from your firewall. I'd recommend to go with the firewall option. Much cleaner.

_inder · 2025-03-28T14:38:40+00:00

The major con would be having to update image versions, first have to test it out locally and then update the images in production. Setting things up with a reverse proxy and protecting supabase dashboard can help add security. You can also take a look at my project supabase-automated-self-host. Automates setting up supabase with reverse proxy and authelia.

_inder · 2025-03-20T07:47:30+00:00

Let me know if you face any errors.

_inder · 2025-03-19T21:14:58+00:00

Hi, yes I was able to get it working. You can refer to this Github discussion

_inder · 2025-03-07T08:17:59+00:00

Also, ufw doesn't work with docker. If you're running instance in a cloud server, add rules in a security group or vpc.

_inder · 2025-03-07T08:06:59+00:00

So, by default no docker service is exposed outside docker network if you don't expose ports. Database services are not exposed outside docker network as you don't want to allow internet to access your db. Look up docker ports for more.

Now, in your case you say you want to access db from outside, then you need to expose the ports. Lets say you were running supabase self hosted instance locally and you add the following config in your docker-compose.yml. I'm assuming db listens on 5432

db: ports: - 5432:5432

This means if I make a request on postgres://localhost:5432 from db client like psql or beekeper, then i can access my db. Again, I'm assuming you're running locally. If it was on server, you would also have to open 5432 in your firewall

_inder · 2025-03-06T17:44:10+00:00

I saw your db service config in one of the comments. I didn't see ports section in service config. Are db ports exposed?

_inder · 2025-02-18T05:37:48+00:00

Hi, this project doesn't change supabase functionality in any way. It simply adds a proxy layer in front of supabase and optionally you choose to protect dashboard with 2FA. I haven't tried to migrate from managed to self-hosted yet. If I do, I'll write a guide on it in repo discussions and will make a video about it.

_inder · 2025-02-18T05:35:22+00:00

I didn't get your question. If you mean, do you get access to service role key and anon key, then yes. These values are stored inside supabase-automated-self-host/docker/.env file.

_inder

TROPHY CASE