Compare commits
2 Commits
09-02-2026
...
09-03-2026
| Author | SHA1 | Date | |
|---|---|---|---|
| 34f81ffc2f | |||
| c8467d2d11 |
@@ -62,6 +62,9 @@ LANG=C.UTF-8
|
|||||||
LC_ALL=C.UTF-8
|
LC_ALL=C.UTF-8
|
||||||
PYTHONIOENCODING=utf-8
|
PYTHONIOENCODING=utf-8
|
||||||
|
|
||||||
|
# Set UV cache directory to avoid permission issues with non-existent home directory
|
||||||
|
UV_CACHE_DIR=/tmp/.uv-cache
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# Server Configuration
|
# Server Configuration
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
@@ -346,6 +349,9 @@ REDIS_SSL_CERTFILE=
|
|||||||
REDIS_SSL_KEYFILE=
|
REDIS_SSL_KEYFILE=
|
||||||
# Path to client private key file for SSL authentication
|
# Path to client private key file for SSL authentication
|
||||||
REDIS_DB=0
|
REDIS_DB=0
|
||||||
|
# Optional: limit total Redis connections used by API/Worker (unset for default)
|
||||||
|
# Align with API's REDIS_MAX_CONNECTIONS in configs
|
||||||
|
REDIS_MAX_CONNECTIONS=
|
||||||
|
|
||||||
# Whether to use Redis Sentinel mode.
|
# Whether to use Redis Sentinel mode.
|
||||||
# If set to true, the application will automatically discover and connect to the master node through Sentinel.
|
# If set to true, the application will automatically discover and connect to the master node through Sentinel.
|
||||||
@@ -384,6 +390,8 @@ CELERY_USE_SENTINEL=false
|
|||||||
CELERY_SENTINEL_MASTER_NAME=
|
CELERY_SENTINEL_MASTER_NAME=
|
||||||
CELERY_SENTINEL_PASSWORD=
|
CELERY_SENTINEL_PASSWORD=
|
||||||
CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
|
CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
|
||||||
|
# e.g. {"tasks.add": {"rate_limit": "10/s"}}
|
||||||
|
CELERY_TASK_ANNOTATIONS=null
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# CORS Configuration
|
# CORS Configuration
|
||||||
@@ -1068,6 +1076,8 @@ WORKFLOW_LOG_CLEANUP_ENABLED=false
|
|||||||
WORKFLOW_LOG_RETENTION_DAYS=30
|
WORKFLOW_LOG_RETENTION_DAYS=30
|
||||||
# Batch size for workflow log cleanup operations (default: 100)
|
# Batch size for workflow log cleanup operations (default: 100)
|
||||||
WORKFLOW_LOG_CLEANUP_BATCH_SIZE=100
|
WORKFLOW_LOG_CLEANUP_BATCH_SIZE=100
|
||||||
|
# Comma-separated list of workflow IDs to clean logs for
|
||||||
|
WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS=
|
||||||
|
|
||||||
# Aliyun SLS Logstore Configuration
|
# Aliyun SLS Logstore Configuration
|
||||||
# Aliyun Access Key ID
|
# Aliyun Access Key ID
|
||||||
@@ -1518,6 +1528,7 @@ AMPLITUDE_API_KEY=
|
|||||||
# Sandbox expired records clean configuration
|
# Sandbox expired records clean configuration
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL=200
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -63,7 +63,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -102,7 +102,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -132,7 +132,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.12.1
|
image: langgenius/dify-web:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -149,7 +149,6 @@ services:
|
|||||||
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
||||||
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
||||||
PM2_INSTANCES: ${PM2_INSTANCES:-2}
|
|
||||||
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
||||||
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
||||||
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
LANG: ${LANG:-C.UTF-8}
|
LANG: ${LANG:-C.UTF-8}
|
||||||
LC_ALL: ${LC_ALL:-C.UTF-8}
|
LC_ALL: ${LC_ALL:-C.UTF-8}
|
||||||
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
||||||
|
UV_CACHE_DIR: ${UV_CACHE_DIR:-/tmp/.uv-cache}
|
||||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||||
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
||||||
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
||||||
@@ -89,6 +90,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
REDIS_SSL_CERTFILE: ${REDIS_SSL_CERTFILE:-}
|
REDIS_SSL_CERTFILE: ${REDIS_SSL_CERTFILE:-}
|
||||||
REDIS_SSL_KEYFILE: ${REDIS_SSL_KEYFILE:-}
|
REDIS_SSL_KEYFILE: ${REDIS_SSL_KEYFILE:-}
|
||||||
REDIS_DB: ${REDIS_DB:-0}
|
REDIS_DB: ${REDIS_DB:-0}
|
||||||
|
REDIS_MAX_CONNECTIONS: ${REDIS_MAX_CONNECTIONS:-}
|
||||||
REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
|
REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
|
||||||
REDIS_SENTINELS: ${REDIS_SENTINELS:-}
|
REDIS_SENTINELS: ${REDIS_SENTINELS:-}
|
||||||
REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
|
REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
|
||||||
@@ -105,6 +107,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
|
CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
|
||||||
CELERY_SENTINEL_PASSWORD: ${CELERY_SENTINEL_PASSWORD:-}
|
CELERY_SENTINEL_PASSWORD: ${CELERY_SENTINEL_PASSWORD:-}
|
||||||
CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
|
CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
|
||||||
|
CELERY_TASK_ANNOTATIONS: ${CELERY_TASK_ANNOTATIONS:-null}
|
||||||
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
|
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
|
||||||
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
|
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
|
||||||
COOKIE_DOMAIN: ${COOKIE_DOMAIN:-}
|
COOKIE_DOMAIN: ${COOKIE_DOMAIN:-}
|
||||||
@@ -468,6 +471,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
WORKFLOW_LOG_CLEANUP_ENABLED: ${WORKFLOW_LOG_CLEANUP_ENABLED:-false}
|
WORKFLOW_LOG_CLEANUP_ENABLED: ${WORKFLOW_LOG_CLEANUP_ENABLED:-false}
|
||||||
WORKFLOW_LOG_RETENTION_DAYS: ${WORKFLOW_LOG_RETENTION_DAYS:-30}
|
WORKFLOW_LOG_RETENTION_DAYS: ${WORKFLOW_LOG_RETENTION_DAYS:-30}
|
||||||
WORKFLOW_LOG_CLEANUP_BATCH_SIZE: ${WORKFLOW_LOG_CLEANUP_BATCH_SIZE:-100}
|
WORKFLOW_LOG_CLEANUP_BATCH_SIZE: ${WORKFLOW_LOG_CLEANUP_BATCH_SIZE:-100}
|
||||||
|
WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS: ${WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS:-}
|
||||||
ALIYUN_SLS_ACCESS_KEY_ID: ${ALIYUN_SLS_ACCESS_KEY_ID:-}
|
ALIYUN_SLS_ACCESS_KEY_ID: ${ALIYUN_SLS_ACCESS_KEY_ID:-}
|
||||||
ALIYUN_SLS_ACCESS_KEY_SECRET: ${ALIYUN_SLS_ACCESS_KEY_SECRET:-}
|
ALIYUN_SLS_ACCESS_KEY_SECRET: ${ALIYUN_SLS_ACCESS_KEY_SECRET:-}
|
||||||
ALIYUN_SLS_ENDPOINT: ${ALIYUN_SLS_ENDPOINT:-}
|
ALIYUN_SLS_ENDPOINT: ${ALIYUN_SLS_ENDPOINT:-}
|
||||||
@@ -682,6 +686,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
AMPLITUDE_API_KEY: ${AMPLITUDE_API_KEY:-}
|
AMPLITUDE_API_KEY: ${AMPLITUDE_API_KEY:-}
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL:-200}
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
||||||
PUBSUB_REDIS_URL: ${PUBSUB_REDIS_URL:-}
|
PUBSUB_REDIS_URL: ${PUBSUB_REDIS_URL:-}
|
||||||
PUBSUB_REDIS_CHANNEL_TYPE: ${PUBSUB_REDIS_CHANNEL_TYPE:-pubsub}
|
PUBSUB_REDIS_CHANNEL_TYPE: ${PUBSUB_REDIS_CHANNEL_TYPE:-pubsub}
|
||||||
@@ -712,7 +717,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -754,7 +759,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -793,7 +798,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.12.1
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -823,7 +828,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.12.1
|
image: langgenius/dify-web:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -840,7 +845,6 @@ services:
|
|||||||
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
||||||
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
||||||
PM2_INSTANCES: ${PM2_INSTANCES:-2}
|
|
||||||
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
||||||
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
||||||
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
||||||
|
|||||||
@@ -91,6 +91,9 @@ MYSQL_INNODB_FLUSH_LOG_AT_TRX_COMMIT=2
|
|||||||
# -----------------------------
|
# -----------------------------
|
||||||
REDIS_HOST_VOLUME=./volumes/redis/data
|
REDIS_HOST_VOLUME=./volumes/redis/data
|
||||||
REDIS_PASSWORD=difyai123456
|
REDIS_PASSWORD=difyai123456
|
||||||
|
# Optional: limit total Redis connections used by API/Worker (unset for default)
|
||||||
|
# Align with API's REDIS_MAX_CONNECTIONS in configs
|
||||||
|
REDIS_MAX_CONNECTIONS=
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# Environment Variables for sandbox Service
|
# Environment Variables for sandbox Service
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
APP_DOMAIN=$(PRIMARY_DOMAIN)
|
APP_DOMAIN=$(PRIMARY_DOMAIN)
|
||||||
APP_RELEASE=v1.2.1
|
APP_RELEASE=v1.2.3
|
||||||
|
|
||||||
WEB_REPLICAS=1
|
WEB_REPLICAS=1
|
||||||
SPACE_REPLICAS=1
|
SPACE_REPLICAS=1
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ x-app-env: &app-env
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
web:
|
||||||
image: artifacts.plane.so/makeplane/plane-frontend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-frontend:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${WEB_REPLICAS:-1}
|
replicas: ${WEB_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -73,7 +73,7 @@ services:
|
|||||||
- worker
|
- worker
|
||||||
|
|
||||||
space:
|
space:
|
||||||
image: artifacts.plane.so/makeplane/plane-space:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-space:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${SPACE_REPLICAS:-1}
|
replicas: ${SPACE_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -84,7 +84,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
admin:
|
admin:
|
||||||
image: artifacts.plane.so/makeplane/plane-admin:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-admin:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${ADMIN_REPLICAS:-1}
|
replicas: ${ADMIN_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -94,7 +94,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
live:
|
live:
|
||||||
image: artifacts.plane.so/makeplane/plane-live:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-live:${APP_RELEASE:-v1.2.3}
|
||||||
environment:
|
environment:
|
||||||
<<: [ *live-env, *redis-env ]
|
<<: [ *live-env, *redis-env ]
|
||||||
deploy:
|
deploy:
|
||||||
@@ -106,7 +106,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
api:
|
api:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-api.sh
|
command: ./bin/docker-entrypoint-api.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${API_REPLICAS:-1}
|
replicas: ${API_REPLICAS:-1}
|
||||||
@@ -122,7 +122,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-worker.sh
|
command: ./bin/docker-entrypoint-worker.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${WORKER_REPLICAS:-1}
|
replicas: ${WORKER_REPLICAS:-1}
|
||||||
@@ -139,7 +139,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
beat-worker:
|
beat-worker:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-beat.sh
|
command: ./bin/docker-entrypoint-beat.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${BEAT_WORKER_REPLICAS:-1}
|
replicas: ${BEAT_WORKER_REPLICAS:-1}
|
||||||
@@ -156,7 +156,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
migrator:
|
migrator:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-migrator.sh
|
command: ./bin/docker-entrypoint-migrator.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
@@ -218,7 +218,7 @@ services:
|
|||||||
|
|
||||||
# Comment this if you already have a reverse proxy running
|
# Comment this if you already have a reverse proxy running
|
||||||
proxy:
|
proxy:
|
||||||
image: artifacts.plane.so/makeplane/plane-proxy:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-proxy:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
restart_policy:
|
restart_policy:
|
||||||
|
|||||||
Regular → Executable
+195
-37
@@ -1,70 +1,126 @@
|
|||||||
############
|
############
|
||||||
# Secrets
|
# Secrets
|
||||||
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
|
#
|
||||||
|
# YOU MUST CHANGE ALL THE DEFAULT VALUES BELOW BEFORE STARTING
|
||||||
|
# THE CONTAINERS FOR THE FIRST TIME!
|
||||||
|
#
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#configuring-and-securing-supabase
|
||||||
|
#
|
||||||
|
# To generate secrets and API keys:
|
||||||
|
# sh ./utils/generate-keys.sh
|
||||||
|
#
|
||||||
############
|
############
|
||||||
|
|
||||||
|
# Postgres
|
||||||
POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
|
POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
|
||||||
|
|
||||||
|
# Symmetric encryption key and JWT API keys
|
||||||
JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
|
JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
|
||||||
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
|
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
|
||||||
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
|
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
|
||||||
|
|
||||||
|
# Access to Dashboard
|
||||||
DASHBOARD_USERNAME=supabase
|
DASHBOARD_USERNAME=supabase
|
||||||
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
||||||
|
|
||||||
|
# Used by Realtime and Supavisor
|
||||||
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
||||||
|
|
||||||
|
# Used by Supavisor
|
||||||
VAULT_ENC_KEY=your-32-character-encryption-key
|
VAULT_ENC_KEY=your-32-character-encryption-key
|
||||||
|
|
||||||
|
# Used by Studio to access Postgres via postgres-meta
|
||||||
PG_META_CRYPTO_KEY=your-encryption-key-32-chars-min
|
PG_META_CRYPTO_KEY=your-encryption-key-32-chars-min
|
||||||
|
|
||||||
|
# Analytics - API tokens for log ingestion/querying, and for management
|
||||||
|
LOGFLARE_PUBLIC_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-public
|
||||||
|
LOGFLARE_PRIVATE_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-private
|
||||||
|
|
||||||
|
# Access to Storage via S3 protocol endpoint (see below)
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_ID=625729a08b95bf1b7ff351a663f3a23c
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET=850181e4652dd023b7a98c58ae0d2d34bd487ee0cc3254aed6eda37307425907
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
|
# URLs - Configure hostnames below to reflect your actual domain name
|
||||||
############
|
############
|
||||||
|
|
||||||
|
# Access to Dashboard and REST API
|
||||||
|
SUPABASE_PUBLIC_URL=http://localhost:8000
|
||||||
|
|
||||||
|
# Full external URL of the Auth service, used to construct OAuth callbacks,
|
||||||
|
# SAML endpoints, and email links
|
||||||
|
API_EXTERNAL_URL=http://localhost:8000
|
||||||
|
|
||||||
|
# See also the Auth section below for Site URL and Redirect URLs configuration
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# Database - Postgres configuration
|
||||||
|
############
|
||||||
|
|
||||||
|
# Using default user (postgres)
|
||||||
POSTGRES_HOST=db
|
POSTGRES_HOST=db
|
||||||
POSTGRES_DB=postgres
|
POSTGRES_DB=postgres
|
||||||
|
|
||||||
|
# Default configuration includes Supavisor exposing POSTGRES_PORT
|
||||||
|
# Postgres uses POSTGRES_PORT inside the container
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#accessing-postgres-through-supavisor
|
||||||
POSTGRES_PORT=5432
|
POSTGRES_PORT=5432
|
||||||
# default user is postgres
|
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Supavisor -- Database pooler
|
# Supavisor - Database pooler
|
||||||
############
|
############
|
||||||
# Port Supavisor listens on for transaction pooling connections
|
|
||||||
|
# Supavisor exposes POSTGRES_PORT and POOLER_PROXY_PORT_TRANSACTION,
|
||||||
|
# POSTGRES_PORT is used for session mode pooling
|
||||||
|
#
|
||||||
|
# Port to use for transaction mode pooling connections
|
||||||
POOLER_PROXY_PORT_TRANSACTION=6543
|
POOLER_PROXY_PORT_TRANSACTION=6543
|
||||||
|
|
||||||
# Maximum number of PostgreSQL connections Supavisor opens per pool
|
# Maximum number of PostgreSQL connections Supavisor opens per pool
|
||||||
POOLER_DEFAULT_POOL_SIZE=20
|
POOLER_DEFAULT_POOL_SIZE=20
|
||||||
|
|
||||||
# Maximum number of client connections Supavisor accepts per pool
|
# Maximum number of client connections Supavisor accepts per pool
|
||||||
POOLER_MAX_CLIENT_CONN=100
|
POOLER_MAX_CLIENT_CONN=100
|
||||||
# Unique tenant identifier
|
|
||||||
|
# Unique Supavisor tenant identifier
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#accessing-postgres
|
||||||
POOLER_TENANT_ID=your-tenant-id
|
POOLER_TENANT_ID=your-tenant-id
|
||||||
|
|
||||||
# Pool size for internal metadata storage used by Supavisor
|
# Pool size for internal metadata storage used by Supavisor
|
||||||
# This is separate from client connections and used only by Supavisor itself
|
# This is separate from client connections and used only by Supavisor itself
|
||||||
POOLER_DB_POOL_SIZE=5
|
POOLER_DB_POOL_SIZE=5
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# API Proxy - Configuration for the Kong Reverse proxy.
|
# Studio - Configuration for the Dashboard
|
||||||
############
|
############
|
||||||
|
|
||||||
KONG_HTTP_PORT=8000
|
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
||||||
KONG_HTTPS_PORT=8443
|
STUDIO_DEFAULT_PROJECT=Default Project
|
||||||
|
|
||||||
|
# Add your OpenAI API key to enable AI Assistant
|
||||||
|
OPENAI_API_KEY=sk-proj-xxxxxxxx
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# API - Configuration for PostgREST.
|
# Auth - Configuration for the authentication server
|
||||||
############
|
############
|
||||||
|
|
||||||
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
## General settings
|
||||||
|
|
||||||
|
# Equivalent to "Site URL" and "Redirect URLs" platform configuration options
|
||||||
############
|
# Documentation: https://supabase.com/docs/guides/auth/redirect-urls
|
||||||
# Auth - Configuration for the GoTrue authentication server.
|
|
||||||
############
|
|
||||||
|
|
||||||
## General
|
|
||||||
SITE_URL=https://$(PRIMARY_DOMAIN)
|
SITE_URL=https://$(PRIMARY_DOMAIN)
|
||||||
ADDITIONAL_REDIRECT_URLS=
|
ADDITIONAL_REDIRECT_URLS=
|
||||||
|
|
||||||
JWT_EXPIRY=3600
|
JWT_EXPIRY=3600
|
||||||
DISABLE_SIGNUP=false
|
DISABLE_SIGNUP=false
|
||||||
API_EXTERNAL_URL=http://localhost:8000
|
|
||||||
|
|
||||||
## Mailer Config
|
## Mailer Config
|
||||||
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
|
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
|
||||||
@@ -87,40 +143,107 @@ ENABLE_ANONYMOUS_USERS=false
|
|||||||
ENABLE_PHONE_SIGNUP=true
|
ENABLE_PHONE_SIGNUP=true
|
||||||
ENABLE_PHONE_AUTOCONFIRM=true
|
ENABLE_PHONE_AUTOCONFIRM=true
|
||||||
|
|
||||||
|
## OAuth / Social login providers
|
||||||
|
|
||||||
############
|
# Uncomment and fill in the providers you want to enable.
|
||||||
# Studio - Configuration for the Dashboard
|
# You must ALSO uncomment the matching GOTRUE_EXTERNAL_* lines in docker-compose.yml.
|
||||||
############
|
# Documentation: https://supabase.com/docs/guides/self-hosting/self-hosted-oauth
|
||||||
|
# GOOGLE_ENABLED=false
|
||||||
|
# GOOGLE_CLIENT_ID=
|
||||||
|
# GOOGLE_SECRET=
|
||||||
|
|
||||||
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
# GITHUB_ENABLED=false
|
||||||
STUDIO_DEFAULT_PROJECT=Default Project
|
# GITHUB_CLIENT_ID=
|
||||||
|
# GITHUB_SECRET=
|
||||||
|
|
||||||
# replace if you intend to use Studio outside of localhost
|
# AZURE_ENABLED=false
|
||||||
SUPABASE_PUBLIC_URL=http://localhost:8000
|
# AZURE_CLIENT_ID=
|
||||||
|
# AZURE_SECRET=
|
||||||
|
|
||||||
# Enable webp support
|
# Phone / SMS provider configuration
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION=true
|
# Uncomment to configure SMS delivery for phone auth and phone MFA.
|
||||||
|
# You must ALSO uncomment the matching GOTRUE_SMS_* lines in docker-compose.yml.
|
||||||
|
# Documentation: https://supabase.com/docs/guides/self-hosting/self-hosted-phone-mfa
|
||||||
|
# SMS_PROVIDER=twilio
|
||||||
|
# SMS_OTP_EXP=60
|
||||||
|
# SMS_OTP_LENGTH=6
|
||||||
|
# SMS_MAX_FREQUENCY=60s
|
||||||
|
# SMS_TEMPLATE=Your code is {{ .Code }}
|
||||||
|
|
||||||
# Add your OpenAI API key to enable SQL Editor Assistant
|
# SMS_TWILIO_ACCOUNT_SID=
|
||||||
OPENAI_API_KEY=
|
# SMS_TWILIO_AUTH_TOKEN=
|
||||||
|
# SMS_TWILIO_MESSAGE_SERVICE_SID=
|
||||||
|
|
||||||
|
# Test OTP: map phone numbers to fixed OTP codes for development
|
||||||
|
# Format: phone1:code1,phone2:code2
|
||||||
|
# SMS_TEST_OTP=
|
||||||
|
|
||||||
|
# Multi-factor authentication (MFA)
|
||||||
|
# Uncomment to change MFA defaults.
|
||||||
|
# You must ALSO uncomment the matching GOTRUE_MFA_* lines in docker-compose.yml.
|
||||||
|
|
||||||
|
# App Authenticator (TOTP) - enabled by default
|
||||||
|
# MFA_TOTP_ENROLL_ENABLED=true
|
||||||
|
# MFA_TOTP_VERIFY_ENABLED=true
|
||||||
|
|
||||||
|
# Phone MFA - disabled by default (opt-in)
|
||||||
|
# MFA_PHONE_ENROLL_ENABLED=false
|
||||||
|
# MFA_PHONE_VERIFY_ENABLED=false
|
||||||
|
|
||||||
|
## Maximum MFA factors a user can enroll
|
||||||
|
# MFA_MAX_ENROLLED_FACTORS=10
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Functions - Configuration for Functions
|
# Storage - Configuration for Storage
|
||||||
############
|
############
|
||||||
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
|
|
||||||
|
# Check the S3_PROTOCOL_ACCESS_KEY_ID/SECRET above, and
|
||||||
|
# refer to the documentation at:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-s3
|
||||||
|
# to learn how to configure the S3 protocol endpoint
|
||||||
|
|
||||||
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET=stub
|
||||||
|
|
||||||
|
# Used for S3 protocol endpoint configuration
|
||||||
|
REGION=stub
|
||||||
|
|
||||||
|
# Used by MinIO when added via:
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.s3.yml up -d
|
||||||
|
MINIO_ROOT_USER=supa-storage
|
||||||
|
MINIO_ROOT_PASSWORD=secret1234
|
||||||
|
|
||||||
|
# Equivalent to project_ref as described here:
|
||||||
|
# https://supabase.com/docs/guides/storage/s3/authentication#session-token
|
||||||
|
STORAGE_TENANT_ID=stub
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# Functions - Configuration for Edge functions
|
||||||
|
############
|
||||||
|
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-functions
|
||||||
|
|
||||||
|
# NOTE: VERIFY_JWT applies to all functions
|
||||||
FUNCTIONS_VERIFY_JWT=false
|
FUNCTIONS_VERIFY_JWT=false
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Logs - Configuration for Analytics
|
# API - Configuration for PostgREST
|
||||||
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
|
|
||||||
############
|
############
|
||||||
|
|
||||||
# Change vector.toml sinks to reflect this change
|
# Postgres schemas exposed via the REST API
|
||||||
# these cannot be the same value
|
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
||||||
LOGFLARE_PUBLIC_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-public
|
|
||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-private
|
|
||||||
|
############
|
||||||
|
# Analytics - Configuration for Logflare
|
||||||
|
############
|
||||||
|
|
||||||
|
# Check the LOGFLARE_* access token configuration above.
|
||||||
|
# If Logflare is externally exposed, configure securely!
|
||||||
|
|
||||||
# Docker socket location - this value will differ depending on your OS
|
# Docker socket location - this value will differ depending on your OS
|
||||||
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
||||||
@@ -128,3 +251,38 @@ DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
|||||||
# Google Cloud Project details
|
# Google Cloud Project details
|
||||||
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
|
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
|
||||||
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
|
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# API Proxy - Configuration for the Kong API gateway
|
||||||
|
############
|
||||||
|
|
||||||
|
KONG_HTTP_PORT=8000
|
||||||
|
KONG_HTTPS_PORT=8443
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# imgproxy
|
||||||
|
############
|
||||||
|
|
||||||
|
# Enable webp support
|
||||||
|
IMGPROXY_ENABLE_WEBP_DETECTION=true
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# TLS Proxy - Optional Caddy or Nginx reverse proxy with Let's Encrypt
|
||||||
|
############
|
||||||
|
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-proxy-https
|
||||||
|
|
||||||
|
# Usage:
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
|
||||||
|
|
||||||
|
# Domain name for the proxy (must point to your server)
|
||||||
|
PROXY_DOMAIN=your-domain.example.com
|
||||||
|
|
||||||
|
# Email for Let's Encrypt certificate notifications (nginx only, Caddy uses PROXY_DOMAIN).
|
||||||
|
# This should be a valid email, not a placehoder (otherwise Certbot may fail to start).
|
||||||
|
CERTBOT_EMAIL=admin@example.com
|
||||||
|
|||||||
+113
-2
@@ -15,6 +15,117 @@ Check updates for each service to learn more.
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## [2026-02-18]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated `supabase/storage-api` to `v1.37.8` in `docker-compose.s3.yml`
|
||||||
|
- Changed MinIO image in `docker-compose.s3.yml` to use Chainguard [minio](https://images.chainguard.dev/directory/image/minio/overview) and [minio-client](https://images.chainguard.dev/directory/image/minio-client/overview) (requires `docker-compose.s3.yml` update) - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
- Removed `imgproxy` service from `docker-compose.s3.yml` to minimize redundancy - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
- Fixed inconsistent `storage` service entry ordering in `docker-compose.yml` and `docker-compose.s3.yml` to improve diff readability (requires `docker-compose.yml` and `docker-compose.s3.yml` update) - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Added a `deno-cache` named volume to to avoid re-downloading dependencies (requires `docker-compose.yml` and `volumes/functions/*` update) - PR [#40822](https://github.com/supabase/supabase/pull/40822)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-02-16]
|
||||||
|
|
||||||
|
⚠️ **Note:** This update includes several breaking changes, including a security fix for Analytics. Please check the details below. The following configuration files have been updated: `docker-compose.yml`, `.env.example`, `docker-compose.s3.yml`, `volumes/api/kong.yml`, and `volumes/logs/vector.yml`.
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2026.02.16-sha-26c615c`
|
||||||
|
- Added Edge Functions management UI (requires `docker-compose.yml` update) - PR [#40690](https://github.com/supabase/supabase/pull/40690), PR [#42322](https://github.com/supabase/supabase/pull/42322), PR [#42349](https://github.com/supabase/supabase/pull/42349), PR [#42350](https://github.com/supabase/supabase/pull/42350)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
- Updated to `v0.6.3` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.6.3)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
|
||||||
|
- Updated to `v2.186.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.186.0)
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
|
||||||
|
- Updated to `v14.5` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.5)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
|
||||||
|
- Updated to `v2.76.5` - [Release](https://github.com/supabase/realtime/releases/tag/v2.76.5)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
|
||||||
|
- Updated to `v1.37.8` - [Release](https://github.com/supabase/storage/releases/tag/v1.37.8)
|
||||||
|
- ⚠️ Added configuration to access buckets via `/storage/v1/s3` endpoint (requires `docker-compose.s3.yml` update) - PR [#37185](https://github.com/supabase/supabase/pull/37185)
|
||||||
|
- ⚠️ Changed environment variable configuration for Storage (requires `docker-compose.yml`, `.env.example` and `.env` update) - PR [#37185](https://github.com/supabase/supabase/pull/37185), PR [#42862](https://github.com/supabase/supabase/pull/42862)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Updated to `v1.70.3` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.70.3)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
|
||||||
|
- Updated to `v1.31.2` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.31.2)
|
||||||
|
- ⚠️ Changed default configuration to disable Logflare on `0.0.0.0:4000` to prevent access to `/dashboard` (requires `docker-compose.yml` update). Read more in "Production Recommendations" section of Logflare [documentation](https://supabase.com/docs/reference/self-hosting-analytics/introduction) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
- ⚠️ Changed Kong routes to not include `/analytics/v1` by default (requires `/volumes/api/kong.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
|
||||||
|
### Vector
|
||||||
|
|
||||||
|
- Updated to `0.53.0-alpine` - [Changelog](https://vector.dev/releases/0.53.0/) | [Release](https://github.com/vectordotdev/vector/releases/tag/v0.53.0)
|
||||||
|
- ⚠️ Major version jump from `0.28.1` (requires `volumes/logs/vector.yml` update) - PR [#42525](https://github.com/supabase/supabase/pull/42525)
|
||||||
|
- ⚠️ Changed Postgres sink configuration to bypass Kong (requires `volumes/logs/vector.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
- ⚠️ Changed retry settings for all sinks to increase timeouts (requires `volumes/logs/vector.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-02-05]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.37.1` - [Release](https://github.com/supabase/storage/releases/tag/v1.37.1)
|
||||||
|
- Fixed an issue with Storage not starting because of an issue with migrations - PR [storage#845](https://github.com/supabase/storage/pull/845)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-01-27]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2026.01.27-sha-6aa59ff`
|
||||||
|
- Added SQL snippets (requires `docker-compose.yml` update) - PR [#41112](https://github.com/supabase/supabase/pull/41112), PR [#41557](https://github.com/supabase/supabase/pull/41557)
|
||||||
|
- Fixed type generator - PR [#40481](https://github.com/supabase/supabase/pull/40481)
|
||||||
|
- Fixed minor UI discrepancies - PR [#40579](https://github.com/supabase/supabase/pull/40579), PR [#41936](https://github.com/supabase/supabase/pull/41936), PR [#41970](https://github.com/supabase/supabase/pull/41970), PR [#41971](https://github.com/supabase/supabase/pull/41971), PR [#41972](https://github.com/supabase/supabase/pull/41972), PR [#42015](https://github.com/supabase/supabase/pull/42015)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.185.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.185.0)
|
||||||
|
- ⚠️ Fixed security related issues
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
- Updated to `v14.3` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.3)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.72.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.72.0)
|
||||||
|
- Changed healthchecks logging to off by default (requires `docker-compose.yml` update) - PR [realtime#1677](https://github.com/supabase/realtime/pull/1677), PR [#42156](https://github.com/supabase/supabase/pull/42156)
|
||||||
|
- Changed logging configuration and healthcheck frequency to reduce log volume (requires `docker-compose.yml` update) - PR [#42112](https://github.com/supabase/supabase/pull/42112)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.33.5` - [Release](https://github.com/supabase/storage/releases/tag/v1.33.5)
|
||||||
|
|
||||||
|
### imgproxy
|
||||||
|
- Updated to `v3.30.1` - [Changelog](https://github.com/imgproxy/imgproxy/blob/master/CHANGELOG.md) | [Release](https://github.com/imgproxy/imgproxy/releases/tag/v3.30.1)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.95.2` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.95.2)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.70.0` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.70.0)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.30.3` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.30.3)
|
||||||
|
|
||||||
|
### Postgres
|
||||||
|
- No image update
|
||||||
|
- Fixed Postgres logging configuration (requires `volumes/logs/vector.yml` update) - PR [#41800](https://github.com/supabase/supabase/pull/41800)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## [2025-12-18]
|
## [2025-12-18]
|
||||||
|
|
||||||
### Documentation
|
### Documentation
|
||||||
@@ -27,7 +138,7 @@ Check updates for each service to learn more.
|
|||||||
|
|
||||||
### Studio
|
### Studio
|
||||||
- Updated to `2025.12.17-sha-43f4f7f`
|
- Updated to `2025.12.17-sha-43f4f7f`
|
||||||
- ⚠️ Fixed additional potential issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
- ⚠️ Fixed additional issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
- Fixed an issue with the Users page not being updated on changes - PR [#41254](https://github.com/supabase/supabase/pull/41254)
|
- Fixed an issue with the Users page not being updated on changes - PR [#41254](https://github.com/supabase/supabase/pull/41254)
|
||||||
|
|
||||||
### MCP Server
|
### MCP Server
|
||||||
@@ -50,7 +161,7 @@ Check updates for each service to learn more.
|
|||||||
### Studio
|
### Studio
|
||||||
|
|
||||||
- Updated to `2025.12.09-sha-434634f`
|
- Updated to `2025.12.09-sha-434634f`
|
||||||
- ⚠️ Fixed potential issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
- ⚠️ Fixed security issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
|
|
||||||
### MCP Server
|
### MCP Server
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,34 @@
|
|||||||
|
services:
|
||||||
|
|
||||||
|
kong:
|
||||||
|
ports: !reset []
|
||||||
|
|
||||||
|
caddy:
|
||||||
|
container_name: supabase-caddy
|
||||||
|
image: caddy:2
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
- "443:443/udp"
|
||||||
|
depends_on:
|
||||||
|
kong:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
PROXY_DOMAIN: ${PROXY_DOMAIN}
|
||||||
|
PROXY_AUTH_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
|
PROXY_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}
|
||||||
|
command:
|
||||||
|
- /bin/sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
PROXY_AUTH_PASSWORD=$$(caddy hash-password --plaintext "$$PROXY_AUTH_PASSWORD") && \
|
||||||
|
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
|
||||||
|
volumes:
|
||||||
|
- ./volumes/proxy/caddy:/etc/caddy
|
||||||
|
- caddy_data:/data
|
||||||
|
- caddy_config:/config
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
caddy_data:
|
||||||
|
caddy_config:
|
||||||
@@ -0,0 +1,33 @@
|
|||||||
|
services:
|
||||||
|
|
||||||
|
kong:
|
||||||
|
ports: !reset []
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
container_name: supabase-nginx
|
||||||
|
image: jonasal/nginx-certbot:6.0.1-nginx1.29.5
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
depends_on:
|
||||||
|
kong:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
PROXY_DOMAIN: ${PROXY_DOMAIN}
|
||||||
|
CERTBOT_EMAIL: ${CERTBOT_EMAIL}
|
||||||
|
PROXY_AUTH_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
|
PROXY_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
printf '%s:%s\n' "$${PROXY_AUTH_USERNAME}" "$$(openssl passwd -apr1 "$${PROXY_AUTH_PASSWORD}")" > /etc/nginx/user_conf.d/dashboard-passwd && \
|
||||||
|
envsubst '$${PROXY_DOMAIN}' < /etc/nginx/supabase-nginx.conf.tpl > /etc/nginx/user_conf.d/nginx.conf && \
|
||||||
|
/scripts/start_nginx_certbot.sh
|
||||||
|
volumes:
|
||||||
|
- ./volumes/proxy/nginx/supabase-nginx.conf.tpl:/etc/nginx/supabase-nginx.conf.tpl:ro
|
||||||
|
- nginx_letsencrypt:/etc/letsencrypt
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
nginx_letsencrypt:
|
||||||
@@ -1,16 +1,16 @@
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
minio:
|
minio:
|
||||||
image: minio/minio
|
image: cgr.dev/chainguard/minio
|
||||||
ports:
|
#ports:
|
||||||
- '9000:9000'
|
# - '9000:9000'
|
||||||
- '9001:9001'
|
# - '9001:9001'
|
||||||
environment:
|
environment:
|
||||||
MINIO_ROOT_USER: supa-storage
|
MINIO_ROOT_USER: ${MINIO_ROOT_USER}
|
||||||
MINIO_ROOT_PASSWORD: secret1234
|
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
|
||||||
command: server --console-address ":9001" /data
|
command: server --console-address ":9001" /data
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: [ "CMD", "curl", "-f", "http://minio:9000/minio/health/live" ]
|
test: [ "CMD", "mc", "ready", "local" ]
|
||||||
interval: 2s
|
interval: 2s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
@@ -18,20 +18,20 @@ services:
|
|||||||
- ./volumes/storage:/data:z
|
- ./volumes/storage:/data:z
|
||||||
|
|
||||||
minio-createbucket:
|
minio-createbucket:
|
||||||
image: minio/mc
|
image: cgr.dev/chainguard/minio-client:latest-dev
|
||||||
depends_on:
|
depends_on:
|
||||||
minio:
|
minio:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
entrypoint: >
|
entrypoint: >
|
||||||
/bin/sh -c "
|
/bin/sh -ec "
|
||||||
/usr/bin/mc alias set supa-minio http://minio:9000 supa-storage secret1234;
|
mc alias set supa-minio http://minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD} &&
|
||||||
/usr/bin/mc mb supa-minio/stub;
|
mc mb --ignore-existing supa-minio/${GLOBAL_S3_BUCKET}
|
||||||
exit 0;
|
|
||||||
"
|
"
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
container_name: supabase-storage
|
container_name: supabase-storage
|
||||||
image: supabase/storage-api:v1.11.13
|
image: supabase/storage-api:v1.37.8
|
||||||
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
# Disable this if you are using an external Postgres database
|
# Disable this if you are using an external Postgres database
|
||||||
@@ -40,6 +40,8 @@ services:
|
|||||||
condition: service_started
|
condition: service_started
|
||||||
imgproxy:
|
imgproxy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
|
minio-createbucket:
|
||||||
|
condition: service_completed_successfully
|
||||||
minio:
|
minio:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -50,45 +52,36 @@ services:
|
|||||||
"--no-verbose",
|
"--no-verbose",
|
||||||
"--tries=1",
|
"--tries=1",
|
||||||
"--spider",
|
"--spider",
|
||||||
"http://localhost:5000/status"
|
"http://storage:5000/status"
|
||||||
]
|
]
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
environment:
|
||||||
ANON_KEY: ${ANON_KEY}
|
ANON_KEY: ${ANON_KEY}
|
||||||
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
POSTGREST_URL: http://rest:3000
|
POSTGREST_URL: http://rest:3000
|
||||||
PGRST_JWT_SECRET: ${JWT_SECRET}
|
PGRST_JWT_SECRET: ${JWT_SECRET}
|
||||||
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
|
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
||||||
FILE_SIZE_LIMIT: 52428800
|
FILE_SIZE_LIMIT: 52428800
|
||||||
STORAGE_BACKEND: s3
|
STORAGE_BACKEND: s3
|
||||||
GLOBAL_S3_BUCKET: stub
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET: ${GLOBAL_S3_BUCKET}
|
||||||
|
# S3 Backend configuration
|
||||||
GLOBAL_S3_ENDPOINT: http://minio:9000
|
GLOBAL_S3_ENDPOINT: http://minio:9000
|
||||||
GLOBAL_S3_PROTOCOL: http
|
GLOBAL_S3_PROTOCOL: http
|
||||||
GLOBAL_S3_FORCE_PATH_STYLE: true
|
GLOBAL_S3_FORCE_PATH_STYLE: true
|
||||||
AWS_ACCESS_KEY_ID: supa-storage
|
AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER}
|
||||||
AWS_SECRET_ACCESS_KEY: secret1234
|
AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD}
|
||||||
AWS_DEFAULT_REGION: stub
|
#FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
||||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
TENANT_ID: ${STORAGE_TENANT_ID}
|
||||||
TENANT_ID: stub
|
|
||||||
# TODO: https://github.com/supabase/storage-api/issues/55
|
# TODO: https://github.com/supabase/storage-api/issues/55
|
||||||
REGION: stub
|
REGION: ${REGION}
|
||||||
ENABLE_IMAGE_TRANSFORMATION: "true"
|
ENABLE_IMAGE_TRANSFORMATION: "true"
|
||||||
IMGPROXY_URL: http://imgproxy:5001
|
IMGPROXY_URL: http://imgproxy:5001
|
||||||
volumes:
|
# S3 protocol endpoint configuration
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
S3_PROTOCOL_ACCESS_KEY_ID: ${S3_PROTOCOL_ACCESS_KEY_ID}
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET: ${S3_PROTOCOL_ACCESS_KEY_SECRET}
|
||||||
imgproxy:
|
#volumes:
|
||||||
container_name: supabase-imgproxy
|
# - ./volumes/storage:/var/lib/storage:z
|
||||||
image: darthsim/imgproxy:v3.8.0
|
|
||||||
healthcheck:
|
|
||||||
test: [ "CMD", "imgproxy", "health" ]
|
|
||||||
timeout: 5s
|
|
||||||
interval: 5s
|
|
||||||
retries: 3
|
|
||||||
environment:
|
|
||||||
IMGPROXY_BIND: ":5001"
|
|
||||||
IMGPROXY_USE_ETAG: "true"
|
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ name: supabase
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
studio:
|
studio:
|
||||||
image: supabase/studio:2025.12.17-sha-43f4f7f
|
image: supabase/studio:2026.02.16-sha-26c615c
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -59,6 +59,11 @@ services:
|
|||||||
NEXT_ANALYTICS_BACKEND_PROVIDER: postgres
|
NEXT_ANALYTICS_BACKEND_PROVIDER: postgres
|
||||||
# Uncomment to use Big Query backend for analytics
|
# Uncomment to use Big Query backend for analytics
|
||||||
# NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
|
# NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
|
||||||
|
SNIPPETS_MANAGEMENT_FOLDER: /app/snippets
|
||||||
|
EDGE_FUNCTIONS_MANAGEMENT_FOLDER: /app/edge-functions
|
||||||
|
volumes:
|
||||||
|
- ./volumes/snippets:/app/snippets:Z
|
||||||
|
- ./volumes/functions:/app/edge-functions:Z
|
||||||
|
|
||||||
kong:
|
kong:
|
||||||
image: kong:2.8.1
|
image: kong:2.8.1
|
||||||
@@ -66,6 +71,8 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
# https://github.com/supabase/supabase/issues/12661
|
# https://github.com/supabase/supabase/issues/12661
|
||||||
- ./volumes/api/kong.yml:/home/kong/temp.yml:ro,z
|
- ./volumes/api/kong.yml:/home/kong/temp.yml:ro,z
|
||||||
|
#- ./volumes/api/server.crt:/home/kong/server.crt:ro
|
||||||
|
#- ./volumes/api/server.key:/home/kong/server.key:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -77,6 +84,8 @@ services:
|
|||||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction
|
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
||||||
|
#KONG_SSL_CERT: /home/kong/server.crt
|
||||||
|
#KONG_SSL_CERT_KEY: /home/kong/server.key
|
||||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||||
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}
|
DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
@@ -86,7 +95,7 @@ services:
|
|||||||
/docker-entrypoint.sh kong docker-start'
|
/docker-entrypoint.sh kong docker-start'
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
image: supabase/gotrue:v2.184.0
|
image: supabase/gotrue:v2.186.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -147,7 +156,47 @@ services:
|
|||||||
|
|
||||||
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}
|
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}
|
||||||
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}
|
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}
|
||||||
# Uncomment to enable custom access token hook. Please see: https://supabase.com/docs/guides/auth/auth-hooks for full list of hooks and additional details about custom_access_token_hook
|
# Uncomment to enable OAuth / social login providers.
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_ENABLED: ${GOOGLE_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_SECRET: ${GOOGLE_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_ENABLED: ${GITHUB_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_SECRET: ${GITHUB_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_ENABLED: ${AZURE_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_SECRET: ${AZURE_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# Uncomment to configure SMS delivery (phone auth and phone MFA).
|
||||||
|
# GOTRUE_SMS_PROVIDER: ${SMS_PROVIDER}
|
||||||
|
# GOTRUE_SMS_OTP_EXP: ${SMS_OTP_EXP}
|
||||||
|
# GOTRUE_SMS_OTP_LENGTH: ${SMS_OTP_LENGTH}
|
||||||
|
# GOTRUE_SMS_MAX_FREQUENCY: ${SMS_MAX_FREQUENCY}
|
||||||
|
# GOTRUE_SMS_TEMPLATE: ${SMS_TEMPLATE}
|
||||||
|
|
||||||
|
# Twilio credentials (when SMS_PROVIDER=twilio)
|
||||||
|
# GOTRUE_SMS_TWILIO_ACCOUNT_SID: ${SMS_TWILIO_ACCOUNT_SID}
|
||||||
|
# GOTRUE_SMS_TWILIO_AUTH_TOKEN: ${SMS_TWILIO_AUTH_TOKEN}
|
||||||
|
# GOTRUE_SMS_TWILIO_MESSAGE_SERVICE_SID: ${SMS_TWILIO_MESSAGE_SERVICE_SID}
|
||||||
|
|
||||||
|
# Test OTP mappings for development
|
||||||
|
# GOTRUE_SMS_TEST_OTP: ${SMS_TEST_OTP}
|
||||||
|
|
||||||
|
# Uncomment to configure multi-factor authentication (MFA).
|
||||||
|
# GOTRUE_MFA_TOTP_ENROLL_ENABLED: ${MFA_TOTP_ENROLL_ENABLED}
|
||||||
|
# GOTRUE_MFA_TOTP_VERIFY_ENABLED: ${MFA_TOTP_VERIFY_ENABLED}
|
||||||
|
# GOTRUE_MFA_PHONE_ENROLL_ENABLED: ${MFA_PHONE_ENROLL_ENABLED}
|
||||||
|
# GOTRUE_MFA_PHONE_VERIFY_ENABLED: ${MFA_PHONE_VERIFY_ENABLED}
|
||||||
|
# GOTRUE_MFA_MAX_ENROLLED_FACTORS: ${MFA_MAX_ENROLLED_FACTORS}
|
||||||
|
|
||||||
|
# Uncomment to enable custom access token hook.
|
||||||
|
# See: https://supabase.com/docs/guides/auth/auth-hooks for
|
||||||
|
# full list of hooks and additional details about custom_access_token_hook
|
||||||
|
|
||||||
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true"
|
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true"
|
||||||
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook"
|
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook"
|
||||||
@@ -168,7 +217,7 @@ services:
|
|||||||
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
||||||
|
|
||||||
rest:
|
rest:
|
||||||
image: postgrest/postgrest:v14.1
|
image: postgrest/postgrest:v14.5
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -188,7 +237,7 @@ services:
|
|||||||
|
|
||||||
realtime:
|
realtime:
|
||||||
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
||||||
image: supabase/realtime:v2.68.0
|
image: supabase/realtime:v2.76.5
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -204,8 +253,9 @@ services:
|
|||||||
${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"
|
${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"
|
||||||
]
|
]
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 30s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
start_period: 10s
|
||||||
environment:
|
environment:
|
||||||
PORT: 4000
|
PORT: 4000
|
||||||
DB_HOST: ${POSTGRES_HOST}
|
DB_HOST: ${POSTGRES_HOST}
|
||||||
@@ -223,13 +273,20 @@ services:
|
|||||||
APP_NAME: realtime
|
APP_NAME: realtime
|
||||||
SEED_SELF_HOST: "true"
|
SEED_SELF_HOST: "true"
|
||||||
RUN_JANITOR: "true"
|
RUN_JANITOR: "true"
|
||||||
|
DISABLE_HEALTHCHECK_LOGGING: "true"
|
||||||
|
|
||||||
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
||||||
storage:
|
storage:
|
||||||
image: supabase/storage-api:v1.33.0
|
image: supabase/storage-api:v1.37.8
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
depends_on:
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
db:
|
||||||
|
# Disable this if you are using an external Postgres database
|
||||||
|
condition: service_healthy
|
||||||
|
rest:
|
||||||
|
condition: service_started
|
||||||
|
imgproxy:
|
||||||
|
condition: service_started
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
@@ -243,14 +300,6 @@ services:
|
|||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
# Disable this if you are using an external Postgres database
|
|
||||||
condition: service_healthy
|
|
||||||
rest:
|
|
||||||
condition: service_started
|
|
||||||
imgproxy:
|
|
||||||
condition: service_started
|
|
||||||
environment:
|
environment:
|
||||||
ANON_KEY: ${ANON_KEY}
|
ANON_KEY: ${ANON_KEY}
|
||||||
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
@@ -260,16 +309,28 @@ services:
|
|||||||
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
||||||
FILE_SIZE_LIMIT: 52428800
|
FILE_SIZE_LIMIT: 52428800
|
||||||
STORAGE_BACKEND: file
|
STORAGE_BACKEND: file
|
||||||
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET: ${GLOBAL_S3_BUCKET}
|
||||||
|
# S3 Backend configuration
|
||||||
|
#GLOBAL_S3_ENDPOINT: https://your-s3-endpoint
|
||||||
|
#GLOBAL_S3_PROTOCOL: https
|
||||||
|
#GLOBAL_S3_FORCE_PATH_STYLE: true
|
||||||
|
#AWS_ACCESS_KEY_ID: your-access-key-id
|
||||||
|
#AWS_SECRET_ACCESS_KEY: your-secret-access-key
|
||||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
||||||
TENANT_ID: stub
|
TENANT_ID: ${STORAGE_TENANT_ID}
|
||||||
# TODO: https://github.com/supabase/storage-api/issues/55
|
# TODO: https://github.com/supabase/storage-api/issues/55
|
||||||
REGION: stub
|
REGION: ${REGION}
|
||||||
GLOBAL_S3_BUCKET: stub
|
|
||||||
ENABLE_IMAGE_TRANSFORMATION: "true"
|
ENABLE_IMAGE_TRANSFORMATION: "true"
|
||||||
IMGPROXY_URL: http://imgproxy:5001
|
IMGPROXY_URL: http://imgproxy:5001
|
||||||
|
# S3 protocol endpoint configuration
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_ID: ${S3_PROTOCOL_ACCESS_KEY_ID}
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET: ${S3_PROTOCOL_ACCESS_KEY_SECRET}
|
||||||
|
volumes:
|
||||||
|
- ./volumes/storage:/var/lib/storage:z
|
||||||
|
|
||||||
imgproxy:
|
imgproxy:
|
||||||
image: darthsim/imgproxy:v3.8.0
|
image: darthsim/imgproxy:v3.30.1
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
- ./volumes/storage:/var/lib/storage:z
|
||||||
@@ -283,9 +344,10 @@ services:
|
|||||||
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
|
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
|
||||||
IMGPROXY_USE_ETAG: "true"
|
IMGPROXY_USE_ETAG: "true"
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
||||||
|
IMGPROXY_MAX_SRC_RESOLUTION: 16.8
|
||||||
|
|
||||||
meta:
|
meta:
|
||||||
image: supabase/postgres-meta:v0.95.1
|
image: supabase/postgres-meta:v0.95.2
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -303,16 +365,18 @@ services:
|
|||||||
CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
||||||
|
|
||||||
functions:
|
functions:
|
||||||
image: supabase/edge-runtime:v1.69.28
|
image: supabase/edge-runtime:v1.70.3
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/functions:/home/deno/functions:Z
|
- ./volumes/functions:/home/deno/functions:Z
|
||||||
|
- deno-cache:/root/.cache/deno
|
||||||
depends_on:
|
depends_on:
|
||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
environment:
|
environment:
|
||||||
JWT_SECRET: ${JWT_SECRET}
|
JWT_SECRET: ${JWT_SECRET}
|
||||||
SUPABASE_URL: http://kong:8000
|
SUPABASE_URL: http://kong:8000
|
||||||
|
SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL}
|
||||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||||
SUPABASE_SERVICE_ROLE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_ROLE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
SUPABASE_DB_URL: postgresql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
SUPABASE_DB_URL: postgresql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
@@ -321,8 +385,10 @@ services:
|
|||||||
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
||||||
|
|
||||||
analytics:
|
analytics:
|
||||||
image: supabase/logflare:1.27.0
|
image: supabase/logflare:1.31.2
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
# ports:
|
||||||
|
# - 4000:4000
|
||||||
# Uncomment to use Big Query backend for analytics
|
# Uncomment to use Big Query backend for analytics
|
||||||
# volumes:
|
# volumes:
|
||||||
# - type: bind
|
# - type: bind
|
||||||
@@ -409,7 +475,7 @@ services:
|
|||||||
]
|
]
|
||||||
|
|
||||||
vector:
|
vector:
|
||||||
image: timberio/vector:0.28.1-alpine
|
image: timberio/vector:0.53.0-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/logs/vector.yml:/etc/vector/vector.yml:ro,z
|
- ./volumes/logs/vector.yml:/etc/vector/vector.yml:ro,z
|
||||||
@@ -486,3 +552,4 @@ services:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
db-config:
|
db-config:
|
||||||
|
deno-cache:
|
||||||
|
|||||||
@@ -60,6 +60,8 @@ logflare_private_access_token=$(gen_base64 24)
|
|||||||
s3_protocol_access_key_id=$(gen_hex 16)
|
s3_protocol_access_key_id=$(gen_hex 16)
|
||||||
s3_protocol_access_key_secret=$(gen_hex 32)
|
s3_protocol_access_key_secret=$(gen_hex 32)
|
||||||
|
|
||||||
|
minio_root_password=$(gen_hex 16)
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "JWT_SECRET=${jwt_secret}"
|
echo "JWT_SECRET=${jwt_secret}"
|
||||||
echo ""
|
echo ""
|
||||||
@@ -75,6 +77,7 @@ echo "LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public_access_token}"
|
|||||||
echo "LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}"
|
echo "LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}"
|
||||||
echo "S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}"
|
echo "S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}"
|
||||||
echo "S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}"
|
echo "S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}"
|
||||||
|
echo "MINIO_ROOT_PASSWORD=${minio_root_password}"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
postgres_password=$(gen_hex 16)
|
postgres_password=$(gen_hex 16)
|
||||||
@@ -114,6 +117,7 @@ sed \
|
|||||||
-e "s|^LOGFLARE_PRIVATE_ACCESS_TOKEN=.*$|LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}|" \
|
-e "s|^LOGFLARE_PRIVATE_ACCESS_TOKEN=.*$|LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}|" \
|
||||||
-e "s|^S3_PROTOCOL_ACCESS_KEY_ID=.*$|S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}|" \
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_ID=.*$|S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}|" \
|
||||||
-e "s|^S3_PROTOCOL_ACCESS_KEY_SECRET=.*$|S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}|" \
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_SECRET=.*$|S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}|" \
|
||||||
|
-e "s|^MINIO_ROOT_PASSWORD=.*$|MINIO_ROOT_PASSWORD=${minio_root_password}|" \
|
||||||
-e "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=${postgres_password}|" \
|
-e "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=${postgres_password}|" \
|
||||||
-e "s|^DASHBOARD_PASSWORD=.*$|DASHBOARD_PASSWORD=${dashboard_password}|" \
|
-e "s|^DASHBOARD_PASSWORD=.*$|DASHBOARD_PASSWORD=${dashboard_password}|" \
|
||||||
.env
|
.env
|
||||||
|
|||||||
@@ -1,5 +1,29 @@
|
|||||||
# Docker Image Versions
|
# Docker Image Versions
|
||||||
|
|
||||||
|
## 2026-02-16
|
||||||
|
- supabase/studio:2026.02.16-sha-26c615c (prev supabase/studio:2026.01.27-sha-6aa59ff)
|
||||||
|
- supabase/gotrue:v2.186.0 (prev supabase/gotrue:v2.185.0)
|
||||||
|
- postgrest/postgrest:v14.5 (prev postgrest/postgrest:v14.3)
|
||||||
|
- supabase/realtime:v2.76.5 (prev supabase/realtime:v2.72.0)
|
||||||
|
- supabase/storage-api:v1.37.8 (prev supabase/storage-api:v1.37.1)
|
||||||
|
- supabase/edge-runtime:v1.70.3 (prev supabase/edge-runtime:v1.70.0)
|
||||||
|
- supabase/logflare:1.31.2 (prev supabase/logflare:1.30.3)
|
||||||
|
- timberio/vector:0.53.0-alpine (prev timberio/vector:0.28.1-alpine)
|
||||||
|
|
||||||
|
## 2026-02-05
|
||||||
|
- supabase/storage-api:v1.37.1 (prev supabase/storage-api:v1.33.5)
|
||||||
|
|
||||||
|
## 2026-01-27
|
||||||
|
- supabase/studio:2026.01.27-sha-6aa59ff (prev supabase/studio:2025.12.17-sha-43f4f7f)
|
||||||
|
- supabase/gotrue:v2.185.0 (prev supabase/gotrue:v2.184.0)
|
||||||
|
- postgrest/postgrest:v14.3 (prev postgrest/postgrest:v14.1)
|
||||||
|
- supabase/realtime:v2.72.0 (prev supabase/realtime:v2.68.0)
|
||||||
|
- supabase/storage-api:v1.33.5 (prev supabase/storage-api:v1.33.0)
|
||||||
|
- darthsim/imgproxy:v3.30.1 (prev darthsim/imgproxy:v3.8.0)
|
||||||
|
- supabase/postgres-meta:v0.95.2 (prev supabase/postgres-meta:v0.95.1)
|
||||||
|
- supabase/edge-runtime:v1.70.0 (prev supabase/edge-runtime:v1.69.28)
|
||||||
|
- supabase/logflare:1.30.3 (prev supabase/logflare:1.27.0)
|
||||||
|
|
||||||
## 2025-12-18
|
## 2025-12-18
|
||||||
- supabase/studio:2025.12.17-sha-43f4f7f (prev supabase/studio:2025.12.09-sha-434634f)
|
- supabase/studio:2025.12.17-sha-43f4f7f (prev supabase/studio:2025.12.09-sha-434634f)
|
||||||
- supabase/gotrue:v2.184.0 (prev supabase/gotrue:v2.183.0)
|
- supabase/gotrue:v2.184.0 (prev supabase/gotrue:v2.183.0)
|
||||||
|
|||||||
@@ -27,8 +27,8 @@ acls:
|
|||||||
###
|
###
|
||||||
basicauth_credentials:
|
basicauth_credentials:
|
||||||
- consumer: DASHBOARD
|
- consumer: DASHBOARD
|
||||||
username: $DASHBOARD_USERNAME
|
username: '$DASHBOARD_USERNAME'
|
||||||
password: $DASHBOARD_PASSWORD
|
password: '$DASHBOARD_PASSWORD'
|
||||||
|
|
||||||
###
|
###
|
||||||
### API Routes
|
### API Routes
|
||||||
@@ -197,14 +197,29 @@ services:
|
|||||||
- name: cors
|
- name: cors
|
||||||
|
|
||||||
## Analytics routes
|
## Analytics routes
|
||||||
- name: analytics-v1
|
## Not used - Studio and Vector talk directly to analytics via Docker networking.
|
||||||
_comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
|
## If external access is needed, add routes with key-auth matching Logflare's x-api-key auth.
|
||||||
url: http://analytics:4000/
|
# - name: analytics-v1-api
|
||||||
routes:
|
# _comment: 'Analytics: /analytics/v1/api/endpoints/* -> http://logflare:4000/api/endpoints/*'
|
||||||
- name: analytics-v1-all
|
# url: http://analytics:4000/api/endpoints
|
||||||
strip_path: true
|
# routes:
|
||||||
paths:
|
# - name: analytics-v1-api
|
||||||
- /analytics/v1/
|
# strip_path: true
|
||||||
|
# paths:
|
||||||
|
# - /analytics/v1/api/endpoints/
|
||||||
|
# - name: analytics-v1
|
||||||
|
# _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
|
||||||
|
# url: http://analytics:4000/
|
||||||
|
# routes:
|
||||||
|
# - name: dashboard-v1-all
|
||||||
|
# strip_path: true
|
||||||
|
# paths:
|
||||||
|
# - /analytics/v1
|
||||||
|
# plugins:
|
||||||
|
# - name: cors
|
||||||
|
# - name: basic-auth
|
||||||
|
# config:
|
||||||
|
# hide_credentials: true
|
||||||
|
|
||||||
## Secure Database routes
|
## Secure Database routes
|
||||||
- name: meta
|
- name: meta
|
||||||
|
|||||||
@@ -2,9 +2,7 @@
|
|||||||
// https://deno.land/manual/getting_started/setup_your_environment
|
// https://deno.land/manual/getting_started/setup_your_environment
|
||||||
// This enables autocomplete, go to definition, etc.
|
// This enables autocomplete, go to definition, etc.
|
||||||
|
|
||||||
import { serve } from "https://deno.land/std@0.177.1/http/server.ts"
|
Deno.serve(async () => {
|
||||||
|
|
||||||
serve(async () => {
|
|
||||||
return new Response(
|
return new Response(
|
||||||
`"Hello from Edge Functions!"`,
|
`"Hello from Edge Functions!"`,
|
||||||
{ headers: { "Content-Type": "application/json" } },
|
{ headers: { "Content-Type": "application/json" } },
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
import { serve } from 'https://deno.land/std@0.131.0/http/server.ts'
|
|
||||||
import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
|
import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
|
||||||
|
|
||||||
console.log('main function started')
|
console.log('main function started')
|
||||||
@@ -30,7 +29,7 @@ async function verifyJWT(jwt: string): Promise<boolean> {
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
serve(async (req: Request) => {
|
Deno.serve(async (req: Request) => {
|
||||||
if (req.method !== 'OPTIONS' && VERIFY_JWT) {
|
if (req.method !== 'OPTIONS' && VERIFY_JWT) {
|
||||||
try {
|
try {
|
||||||
const token = getAuthToken(req)
|
const token = getAuthToken(req)
|
||||||
|
|||||||
@@ -49,10 +49,13 @@ transforms:
|
|||||||
.metadata.request.headers.referer = req.referer
|
.metadata.request.headers.referer = req.referer
|
||||||
.metadata.request.headers.user_agent = req.agent
|
.metadata.request.headers.user_agent = req.agent
|
||||||
.metadata.request.headers.cf_connecting_ip = req.client
|
.metadata.request.headers.cf_connecting_ip = req.client
|
||||||
.metadata.request.method = req.method
|
|
||||||
.metadata.request.path = req.path
|
|
||||||
.metadata.request.protocol = req.protocol
|
|
||||||
.metadata.response.status_code = req.status
|
.metadata.response.status_code = req.status
|
||||||
|
url, split_err = split(req.request, " ")
|
||||||
|
if split_err == null {
|
||||||
|
.metadata.request.method = url[0]
|
||||||
|
.metadata.request.path = url[1]
|
||||||
|
.metadata.request.protocol = url[2]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if err != null {
|
if err != null {
|
||||||
abort
|
abort
|
||||||
@@ -101,14 +104,20 @@ transforms:
|
|||||||
parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
|
parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
|
||||||
if err == null {
|
if err == null {
|
||||||
.event_message = parsed.msg
|
.event_message = parsed.msg
|
||||||
.timestamp = to_timestamp!(parsed.time)
|
.timestamp = parse_timestamp!(value: parsed.time,format: "%d/%b/%Y:%H:%M:%S %z")
|
||||||
.metadata.host = .project
|
.metadata.host = .project
|
||||||
}
|
}
|
||||||
|
# Filter out healthcheck logs from Realtime
|
||||||
|
realtime_logs_filtered:
|
||||||
|
type: filter
|
||||||
|
inputs:
|
||||||
|
- router.realtime
|
||||||
|
condition: '!contains(string!(.event_message), "/health")'
|
||||||
# Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
|
# Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
|
||||||
realtime_logs:
|
realtime_logs:
|
||||||
type: remap
|
type: remap
|
||||||
inputs:
|
inputs:
|
||||||
- router.realtime
|
- realtime_logs_filtered
|
||||||
source: |-
|
source: |-
|
||||||
.metadata.project = del(.project)
|
.metadata.project = del(.project)
|
||||||
.metadata.external_id = .metadata.project
|
.metadata.external_id = .metadata.project
|
||||||
@@ -154,7 +163,7 @@ transforms:
|
|||||||
if err != null || parsed == null {
|
if err != null || parsed == null {
|
||||||
.metadata.parsed.error_severity = "info"
|
.metadata.parsed.error_severity = "info"
|
||||||
}
|
}
|
||||||
if parsed != null {
|
if parsed.level != null {
|
||||||
.metadata.parsed.error_severity = parsed.level
|
.metadata.parsed.error_severity = parsed.level
|
||||||
}
|
}
|
||||||
if .metadata.parsed.error_severity == "info" {
|
if .metadata.parsed.error_severity == "info" {
|
||||||
@@ -171,7 +180,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=gotrue.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=gotrue.logs.prod'
|
||||||
@@ -183,7 +193,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=realtime.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=realtime.logs.prod'
|
||||||
@@ -195,7 +206,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=postgREST.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=postgREST.logs.prod'
|
||||||
@@ -207,13 +219,13 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
# We must route the sink through kong because ingesting logs before logflare is fully initialised will
|
# Route directly to analytics like other sinks. Retry handles the startup
|
||||||
# lead to broken queries from studio. This works by the assumption that containers are started in the
|
# race where analytics may not be ready yet when early DB logs arrive.
|
||||||
# following order: vector > db > logflare > kong
|
uri: 'http://analytics:4000/api/logs?source_name=postgres.logs'
|
||||||
uri: 'http://kong:8000/analytics/v1/api/logs?source_name=postgres.logs'
|
|
||||||
logflare_functions:
|
logflare_functions:
|
||||||
type: 'http'
|
type: 'http'
|
||||||
inputs:
|
inputs:
|
||||||
@@ -222,7 +234,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=deno-relay-logs'
|
uri: 'http://analytics:4000/api/logs?source_name=deno-relay-logs'
|
||||||
@@ -234,7 +247,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=storage.logs.prod.2'
|
uri: 'http://analytics:4000/api/logs?source_name=storage.logs.prod.2'
|
||||||
@@ -247,7 +261,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=cloudflare.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=cloudflare.logs.prod'
|
||||||
|
|||||||
@@ -0,0 +1,36 @@
|
|||||||
|
{$PROXY_DOMAIN} {
|
||||||
|
@supabase_api path /auth/v1/* /rest/v1/* /graphql/v1/* /realtime/v1/* /functions/v1/* /mcp
|
||||||
|
|
||||||
|
handle @supabase_api {
|
||||||
|
reverse_proxy kong:8000
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_path /storage/v1/* {
|
||||||
|
# CORS headers for Storage (bypasses Kong, which normally handles CORS)
|
||||||
|
@cors_preflight method OPTIONS
|
||||||
|
handle @cors_preflight {
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
header Access-Control-Allow-Methods "GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS"
|
||||||
|
header Access-Control-Allow-Headers *
|
||||||
|
respond 204
|
||||||
|
}
|
||||||
|
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
|
||||||
|
reverse_proxy storage:5000 {
|
||||||
|
# Required for TUS resumable upload Location headers and S3 signature verification.
|
||||||
|
header_up X-Forwarded-Prefix /{http.request.orig_uri.path.0}/{http.request.orig_uri.path.1}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle {
|
||||||
|
basic_auth {
|
||||||
|
# PROXY_AUTH_PASSWORD is overwritten with the bcrypt on startup
|
||||||
|
{$PROXY_AUTH_USERNAME} {$PROXY_AUTH_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy studio:3000
|
||||||
|
}
|
||||||
|
|
||||||
|
header -server
|
||||||
|
}
|
||||||
@@ -0,0 +1,109 @@
|
|||||||
|
upstream kong_upstream {
|
||||||
|
server kong:8000;
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
|
|
||||||
|
server_name ${PROXY_DOMAIN};
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/${PROXY_DOMAIN}/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/chain.pem;
|
||||||
|
|
||||||
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||||
|
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
|
||||||
|
# Prevent 502 errors from large Supabase auth cookies
|
||||||
|
large_client_header_buffers 4 16k;
|
||||||
|
proxy_buffer_size 128k;
|
||||||
|
proxy_buffers 4 256k;
|
||||||
|
proxy_busy_buffers_size 256k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
auth_basic "supabase";
|
||||||
|
auth_basic_user_file /etc/nginx/user_conf.d/dashboard-passwd;
|
||||||
|
|
||||||
|
proxy_pass http://studio:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /auth {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /rest {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /realtime/v1/ {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_read_timeout 3600s;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /storage/v1/ {
|
||||||
|
proxy_pass http://storage:5000/;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
# Required for TUS resumable upload Location headers and S3 signature verification.
|
||||||
|
proxy_set_header X-Forwarded-Prefix /storage/v1;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
# CORS headers for Storage (bypasses Kong, which normally handles CORS)
|
||||||
|
if ($request_method = OPTIONS) {
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Headers' '*';
|
||||||
|
add_header 'Content-Length' 0;
|
||||||
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
||||||
|
return 204;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /functions {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /graphql {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /mcp {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user