Compare commits
6 Commits
29-12-2025
...
09-02-2026
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f226ea714 | |||
| 8c845ec4aa | |||
| 0381268589 | |||
| 527c097c61 | |||
| 61e436a151 | |||
| 988bcb7223 |
@@ -100,6 +100,7 @@ _APP_FUNCTIONS_MEMORY_SWAP=0
|
|||||||
_APP_FUNCTIONS_RUNTIMES=node-16.0,php-8.0,python-3.9,ruby-3.0
|
_APP_FUNCTIONS_RUNTIMES=node-16.0,php-8.0,python-3.9,ruby-3.0
|
||||||
_APP_EXECUTOR_SECRET=your-secret-key
|
_APP_EXECUTOR_SECRET=your-secret-key
|
||||||
_APP_EXECUTOR_HOST=http://exc1/v1
|
_APP_EXECUTOR_HOST=http://exc1/v1
|
||||||
|
_APP_BROWSER_HOST=http://appwrite-browser:3000/v1
|
||||||
_APP_EXECUTOR_RUNTIME_NETWORK=appwrite_runtimes
|
_APP_EXECUTOR_RUNTIME_NETWORK=appwrite_runtimes
|
||||||
_APP_FUNCTIONS_ENVS=node-16.0,php-7.4,python-3.9,ruby-3.0
|
_APP_FUNCTIONS_ENVS=node-16.0,php-7.4,python-3.9,ruby-3.0
|
||||||
_APP_FUNCTIONS_INACTIVE_THRESHOLD=60
|
_APP_FUNCTIONS_INACTIVE_THRESHOLD=60
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ services:
|
|||||||
- appwrite
|
- appwrite
|
||||||
|
|
||||||
appwrite:
|
appwrite:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
@@ -166,7 +166,7 @@ services:
|
|||||||
- _APP_ASSISTANT_OPENAI_API_KEY
|
- _APP_ASSISTANT_OPENAI_API_KEY
|
||||||
appwrite-console:
|
appwrite-console:
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
image: appwrite/console:7.4.7
|
image: appwrite/console:7.5.7
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- appwrite
|
- appwrite
|
||||||
@@ -186,7 +186,7 @@ services:
|
|||||||
- traefik.http.routers.appwrite_console_https.tls=true
|
- traefik.http.routers.appwrite_console_https.tls=true
|
||||||
|
|
||||||
appwrite-realtime:
|
appwrite-realtime:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: realtime
|
entrypoint: realtime
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -228,7 +228,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-audits:
|
appwrite-worker-audits:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-audits
|
entrypoint: worker-audits
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -253,7 +253,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-webhooks:
|
appwrite-worker-webhooks:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-webhooks
|
entrypoint: worker-webhooks
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -280,7 +280,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-deletes:
|
appwrite-worker-deletes:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-deletes
|
entrypoint: worker-deletes
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -342,7 +342,7 @@ services:
|
|||||||
- _APP_EMAIL_CERTIFICATES
|
- _APP_EMAIL_CERTIFICATES
|
||||||
|
|
||||||
appwrite-worker-databases:
|
appwrite-worker-databases:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-databases
|
entrypoint: worker-databases
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -367,7 +367,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-builds:
|
appwrite-worker-builds:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-builds
|
entrypoint: worker-builds
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -434,7 +434,7 @@ services:
|
|||||||
- _APP_DOMAIN_SITES
|
- _APP_DOMAIN_SITES
|
||||||
|
|
||||||
appwrite-worker-certificates:
|
appwrite-worker-certificates:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-certificates
|
entrypoint: worker-certificates
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -470,7 +470,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-functions:
|
appwrite-worker-functions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-functions
|
entrypoint: worker-functions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -508,7 +508,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-mails:
|
appwrite-worker-mails:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-mails
|
entrypoint: worker-mails
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -541,7 +541,7 @@ services:
|
|||||||
- _APP_OPTIONS_FORCE_HTTPS
|
- _APP_OPTIONS_FORCE_HTTPS
|
||||||
|
|
||||||
appwrite-worker-messaging:
|
appwrite-worker-messaging:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-messaging
|
entrypoint: worker-messaging
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -591,7 +591,7 @@ services:
|
|||||||
- _APP_STORAGE_WASABI_BUCKET
|
- _APP_STORAGE_WASABI_BUCKET
|
||||||
|
|
||||||
appwrite-worker-migrations:
|
appwrite-worker-migrations:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-migrations
|
entrypoint: worker-migrations
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -626,7 +626,7 @@ services:
|
|||||||
- _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET
|
- _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET
|
||||||
|
|
||||||
appwrite-task-maintenance:
|
appwrite-task-maintenance:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: maintenance
|
entrypoint: maintenance
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -664,7 +664,7 @@ services:
|
|||||||
- _APP_MAINTENANCE_RETENTION_SCHEDULES
|
- _APP_MAINTENANCE_RETENTION_SCHEDULES
|
||||||
|
|
||||||
appwrite-task-stats-resources:
|
appwrite-task-stats-resources:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: stats-resources
|
entrypoint: stats-resources
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -692,7 +692,7 @@ services:
|
|||||||
- _APP_STATS_RESOURCES_INTERVAL
|
- _APP_STATS_RESOURCES_INTERVAL
|
||||||
|
|
||||||
appwrite-worker-stats-resources:
|
appwrite-worker-stats-resources:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-stats-resources
|
entrypoint: worker-stats-resources
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -719,7 +719,7 @@ services:
|
|||||||
- _APP_STATS_RESOURCES_INTERVAL
|
- _APP_STATS_RESOURCES_INTERVAL
|
||||||
|
|
||||||
appwrite-worker-stats-usage:
|
appwrite-worker-stats-usage:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-stats-usage
|
entrypoint: worker-stats-usage
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -746,7 +746,7 @@ services:
|
|||||||
- _APP_USAGE_AGGREGATION_INTERVAL
|
- _APP_USAGE_AGGREGATION_INTERVAL
|
||||||
|
|
||||||
appwrite-task-scheduler-functions:
|
appwrite-task-scheduler-functions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-functions
|
entrypoint: schedule-functions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -770,7 +770,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-task-scheduler-executions:
|
appwrite-task-scheduler-executions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-executions
|
entrypoint: schedule-executions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -794,7 +794,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-task-scheduler-messages:
|
appwrite-task-scheduler-messages:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-messages
|
entrypoint: schedule-messages
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -818,7 +818,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-assistant:
|
appwrite-assistant:
|
||||||
image: appwrite/assistant:0.8.3
|
image: appwrite/assistant:0.8.4
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
@@ -827,7 +827,7 @@ services:
|
|||||||
- _APP_ASSISTANT_OPENAI_API_KEY
|
- _APP_ASSISTANT_OPENAI_API_KEY
|
||||||
|
|
||||||
appwrite-browser:
|
appwrite-browser:
|
||||||
image: appwrite/browser:0.2.4
|
image: appwrite/browser:0.3.2
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -1,5 +0,0 @@
|
|||||||
# Dify
|
|
||||||
|
|
||||||
- copied from https://github.com/langgenius/dify
|
|
||||||
- removed `container_name`
|
|
||||||
- removed `ports`
|
|
||||||
+63
-8
@@ -58,8 +58,8 @@ FILES_URL=
|
|||||||
INTERNAL_FILES_URL=
|
INTERNAL_FILES_URL=
|
||||||
|
|
||||||
# Ensure UTF-8 encoding
|
# Ensure UTF-8 encoding
|
||||||
LANG=en_US.UTF-8
|
LANG=C.UTF-8
|
||||||
LC_ALL=en_US.UTF-8
|
LC_ALL=C.UTF-8
|
||||||
PYTHONIOENCODING=utf-8
|
PYTHONIOENCODING=utf-8
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
@@ -69,6 +69,8 @@ PYTHONIOENCODING=utf-8
|
|||||||
# The log level for the application.
|
# The log level for the application.
|
||||||
# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
|
# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
|
||||||
LOG_LEVEL=INFO
|
LOG_LEVEL=INFO
|
||||||
|
# Log output format: text or json
|
||||||
|
LOG_OUTPUT_FORMAT=text
|
||||||
# Log file path
|
# Log file path
|
||||||
LOG_FILE=/app/logs/server.log
|
LOG_FILE=/app/logs/server.log
|
||||||
# Log file max size, the unit is MB
|
# Log file max size, the unit is MB
|
||||||
@@ -231,7 +233,7 @@ NEXT_PUBLIC_ENABLE_SINGLE_DOLLAR_LATEX=false
|
|||||||
# You can adjust the database configuration according to your needs.
|
# You can adjust the database configuration according to your needs.
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|
||||||
# Database type, supported values are `postgresql` and `mysql`
|
# Database type, supported values are `postgresql`, `mysql`, `oceanbase`, `seekdb`
|
||||||
DB_TYPE=postgresql
|
DB_TYPE=postgresql
|
||||||
# For MySQL, only `root` user is supported for now
|
# For MySQL, only `root` user is supported for now
|
||||||
DB_USERNAME=postgres
|
DB_USERNAME=postgres
|
||||||
@@ -395,7 +397,7 @@ WEB_API_CORS_ALLOW_ORIGINS=*
|
|||||||
# Specifies the allowed origins for cross-origin requests to the console API,
|
# Specifies the allowed origins for cross-origin requests to the console API,
|
||||||
# e.g. https://cloud.dify.ai or * for all origins.
|
# e.g. https://cloud.dify.ai or * for all origins.
|
||||||
CONSOLE_CORS_ALLOW_ORIGINS=*
|
CONSOLE_CORS_ALLOW_ORIGINS=*
|
||||||
# When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the site’s top-level domain (e.g., `example.com`). Leading dots are optional.
|
# When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the site's top-level domain (e.g., `example.com`). Leading dots are optional.
|
||||||
COOKIE_DOMAIN=
|
COOKIE_DOMAIN=
|
||||||
# When the frontend and backend run on different subdomains, set NEXT_PUBLIC_COOKIE_DOMAIN=1.
|
# When the frontend and backend run on different subdomains, set NEXT_PUBLIC_COOKIE_DOMAIN=1.
|
||||||
NEXT_PUBLIC_COOKIE_DOMAIN=
|
NEXT_PUBLIC_COOKIE_DOMAIN=
|
||||||
@@ -447,6 +449,15 @@ S3_SECRET_KEY=
|
|||||||
# If set to false, the access key and secret key must be provided.
|
# If set to false, the access key and secret key must be provided.
|
||||||
S3_USE_AWS_MANAGED_IAM=false
|
S3_USE_AWS_MANAGED_IAM=false
|
||||||
|
|
||||||
|
# Workflow run and Conversation archive storage (S3-compatible)
|
||||||
|
ARCHIVE_STORAGE_ENABLED=false
|
||||||
|
ARCHIVE_STORAGE_ENDPOINT=
|
||||||
|
ARCHIVE_STORAGE_ARCHIVE_BUCKET=
|
||||||
|
ARCHIVE_STORAGE_EXPORT_BUCKET=
|
||||||
|
ARCHIVE_STORAGE_ACCESS_KEY=
|
||||||
|
ARCHIVE_STORAGE_SECRET_KEY=
|
||||||
|
ARCHIVE_STORAGE_REGION=auto
|
||||||
|
|
||||||
# Azure Blob Configuration
|
# Azure Blob Configuration
|
||||||
#
|
#
|
||||||
AZURE_BLOB_ACCOUNT_NAME=difyai
|
AZURE_BLOB_ACCOUNT_NAME=difyai
|
||||||
@@ -522,7 +533,7 @@ SUPABASE_URL=your-server-url
|
|||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|
||||||
# The type of vector store to use.
|
# The type of vector store to use.
|
||||||
# Supported values are `weaviate`, `oceanbase`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `opengauss`, `tablestore`,`vastbase`,`tidb`,`tidb_on_qdrant`,`baidu`,`lindorm`,`huawei_cloud`,`upstash`, `matrixone`, `clickzetta`, `alibabacloud_mysql`, `iris`.
|
# Supported values are `weaviate`, `oceanbase`, `seekdb`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `opengauss`, `tablestore`, `vastbase`, `tidb`, `tidb_on_qdrant`, `baidu`, `lindorm`, `huawei_cloud`, `upstash`, `matrixone`, `clickzetta`, `alibabacloud_mysql`, `iris`.
|
||||||
VECTOR_STORE=weaviate
|
VECTOR_STORE=weaviate
|
||||||
# Prefix used to create collection name in vector database
|
# Prefix used to create collection name in vector database
|
||||||
VECTOR_INDEX_NAME_PREFIX=Vector_index
|
VECTOR_INDEX_NAME_PREFIX=Vector_index
|
||||||
@@ -533,9 +544,9 @@ WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
|
|||||||
WEAVIATE_GRPC_ENDPOINT=grpc://weaviate:50051
|
WEAVIATE_GRPC_ENDPOINT=grpc://weaviate:50051
|
||||||
WEAVIATE_TOKENIZATION=word
|
WEAVIATE_TOKENIZATION=word
|
||||||
|
|
||||||
# For OceanBase metadata database configuration, available when `DB_TYPE` is `mysql` and `COMPOSE_PROFILES` includes `oceanbase`.
|
# For OceanBase metadata database configuration, available when `DB_TYPE` is `oceanbase`.
|
||||||
# For OceanBase vector database configuration, available when `VECTOR_STORE` is `oceanbase`
|
# For OceanBase vector database configuration, available when `VECTOR_STORE` is `oceanbase`
|
||||||
# If you want to use OceanBase as both vector database and metadata database, you need to set `DB_TYPE` to `mysql`, `COMPOSE_PROFILES` is `oceanbase`, and set Database Configuration is the same as the vector database.
|
# If you want to use OceanBase as both vector database and metadata database, you need to set both `DB_TYPE` and `VECTOR_STORE` to `oceanbase`, and set Database Configuration is the same as the vector database.
|
||||||
# seekdb is the lite version of OceanBase and shares the connection configuration with OceanBase.
|
# seekdb is the lite version of OceanBase and shares the connection configuration with OceanBase.
|
||||||
OCEANBASE_VECTOR_HOST=oceanbase
|
OCEANBASE_VECTOR_HOST=oceanbase
|
||||||
OCEANBASE_VECTOR_PORT=2881
|
OCEANBASE_VECTOR_PORT=2881
|
||||||
@@ -957,6 +968,8 @@ SMTP_USERNAME=
|
|||||||
SMTP_PASSWORD=
|
SMTP_PASSWORD=
|
||||||
SMTP_USE_TLS=true
|
SMTP_USE_TLS=true
|
||||||
SMTP_OPPORTUNISTIC_TLS=false
|
SMTP_OPPORTUNISTIC_TLS=false
|
||||||
|
# Optional: override the local hostname used for SMTP HELO/EHLO
|
||||||
|
SMTP_LOCAL_HOSTNAME=
|
||||||
|
|
||||||
# Sendgid configuration
|
# Sendgid configuration
|
||||||
SENDGRID_API_KEY=
|
SENDGRID_API_KEY=
|
||||||
@@ -1026,18 +1039,26 @@ WORKFLOW_NODE_EXECUTION_STORAGE=rdbms
|
|||||||
# Options:
|
# Options:
|
||||||
# - core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository (default)
|
# - core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository (default)
|
||||||
# - core.repositories.celery_workflow_execution_repository.CeleryWorkflowExecutionRepository
|
# - core.repositories.celery_workflow_execution_repository.CeleryWorkflowExecutionRepository
|
||||||
|
# - extensions.logstore.repositories.logstore_workflow_execution_repository.LogstoreWorkflowExecutionRepository
|
||||||
CORE_WORKFLOW_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository
|
CORE_WORKFLOW_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository
|
||||||
|
|
||||||
# Core workflow node execution repository implementation
|
# Core workflow node execution repository implementation
|
||||||
# Options:
|
# Options:
|
||||||
# - core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository (default)
|
# - core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository (default)
|
||||||
# - core.repositories.celery_workflow_node_execution_repository.CeleryWorkflowNodeExecutionRepository
|
# - core.repositories.celery_workflow_node_execution_repository.CeleryWorkflowNodeExecutionRepository
|
||||||
|
# - extensions.logstore.repositories.logstore_workflow_node_execution_repository.LogstoreWorkflowNodeExecutionRepository
|
||||||
CORE_WORKFLOW_NODE_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository
|
CORE_WORKFLOW_NODE_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository
|
||||||
|
|
||||||
# API workflow run repository implementation
|
# API workflow run repository implementation
|
||||||
|
# Options:
|
||||||
|
# - repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository (default)
|
||||||
|
# - extensions.logstore.repositories.logstore_api_workflow_run_repository.LogstoreAPIWorkflowRunRepository
|
||||||
API_WORKFLOW_RUN_REPOSITORY=repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository
|
API_WORKFLOW_RUN_REPOSITORY=repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository
|
||||||
|
|
||||||
# API workflow node execution repository implementation
|
# API workflow node execution repository implementation
|
||||||
|
# Options:
|
||||||
|
# - repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository (default)
|
||||||
|
# - extensions.logstore.repositories.logstore_api_workflow_node_execution_repository.LogstoreAPIWorkflowNodeExecutionRepository
|
||||||
API_WORKFLOW_NODE_EXECUTION_REPOSITORY=repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository
|
API_WORKFLOW_NODE_EXECUTION_REPOSITORY=repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository
|
||||||
|
|
||||||
# Workflow log cleanup configuration
|
# Workflow log cleanup configuration
|
||||||
@@ -1059,13 +1080,17 @@ ALIYUN_SLS_ENDPOINT=
|
|||||||
ALIYUN_SLS_REGION=
|
ALIYUN_SLS_REGION=
|
||||||
# Aliyun SLS Project Name
|
# Aliyun SLS Project Name
|
||||||
ALIYUN_SLS_PROJECT_NAME=
|
ALIYUN_SLS_PROJECT_NAME=
|
||||||
# Number of days to retain workflow run logs (default: 365 days, 3650 for permanent storage)
|
# Number of days to retain workflow run logs (default: 365 days, 3650 for permanent storage)
|
||||||
ALIYUN_SLS_LOGSTORE_TTL=365
|
ALIYUN_SLS_LOGSTORE_TTL=365
|
||||||
# Enable dual-write to both SLS LogStore and SQL database (default: false)
|
# Enable dual-write to both SLS LogStore and SQL database (default: false)
|
||||||
LOGSTORE_DUAL_WRITE_ENABLED=false
|
LOGSTORE_DUAL_WRITE_ENABLED=false
|
||||||
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
||||||
# Useful for migration scenarios where historical data exists only in SQL database
|
# Useful for migration scenarios where historical data exists only in SQL database
|
||||||
LOGSTORE_DUAL_READ_ENABLED=true
|
LOGSTORE_DUAL_READ_ENABLED=true
|
||||||
|
# Control flag for whether to write the `graph` field to LogStore.
|
||||||
|
# If LOGSTORE_ENABLE_PUT_GRAPH_FIELD is "true", write the full `graph` field;
|
||||||
|
# otherwise write an empty {} instead. Defaults to writing the `graph` field.
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD=true
|
||||||
|
|
||||||
# HTTP request node in workflow configuration
|
# HTTP request node in workflow configuration
|
||||||
HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
|
HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
|
||||||
@@ -1350,6 +1375,7 @@ PLUGIN_DAEMON_PORT=5002
|
|||||||
PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
|
PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
|
||||||
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
|
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
|
||||||
PLUGIN_MAX_PACKAGE_SIZE=52428800
|
PLUGIN_MAX_PACKAGE_SIZE=52428800
|
||||||
|
PLUGIN_MODEL_SCHEMA_CACHE_TTL=3600
|
||||||
PLUGIN_PPROF_ENABLED=false
|
PLUGIN_PPROF_ENABLED=false
|
||||||
|
|
||||||
PLUGIN_DEBUGGING_HOST=0.0.0.0
|
PLUGIN_DEBUGGING_HOST=0.0.0.0
|
||||||
@@ -1463,6 +1489,7 @@ ENABLE_CLEAN_UNUSED_DATASETS_TASK=false
|
|||||||
ENABLE_CREATE_TIDB_SERVERLESS_TASK=false
|
ENABLE_CREATE_TIDB_SERVERLESS_TASK=false
|
||||||
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK=false
|
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK=false
|
||||||
ENABLE_CLEAN_MESSAGES=false
|
ENABLE_CLEAN_MESSAGES=false
|
||||||
|
ENABLE_WORKFLOW_RUN_CLEANUP_TASK=false
|
||||||
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK=false
|
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK=false
|
||||||
ENABLE_DATASETS_QUEUE_MONITOR=false
|
ENABLE_DATASETS_QUEUE_MONITOR=false
|
||||||
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK=true
|
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK=true
|
||||||
@@ -1492,3 +1519,31 @@ AMPLITUDE_API_KEY=
|
|||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
||||||
|
|
||||||
|
|
||||||
|
# Redis URL used for PubSub between API and
|
||||||
|
# celery worker
|
||||||
|
# defaults to url constructed from `REDIS_*`
|
||||||
|
# configurations
|
||||||
|
PUBSUB_REDIS_URL=
|
||||||
|
# Pub/sub channel type for streaming events.
|
||||||
|
# valid options are:
|
||||||
|
#
|
||||||
|
# - pubsub: for normal Pub/Sub
|
||||||
|
# - sharded: for sharded Pub/Sub
|
||||||
|
#
|
||||||
|
# It's highly recommended to use sharded Pub/Sub AND redis cluster
|
||||||
|
# for large deployments.
|
||||||
|
PUBSUB_REDIS_CHANNEL_TYPE=pubsub
|
||||||
|
# Whether to use Redis cluster mode while running
|
||||||
|
# PubSub.
|
||||||
|
# It's highly recommended to enable this for large deployments.
|
||||||
|
PUBSUB_REDIS_USE_CLUSTERS=false
|
||||||
|
|
||||||
|
# Whether to Enable human input timeout check task
|
||||||
|
ENABLE_HUMAN_INPUT_TIMEOUT_TASK=true
|
||||||
|
# Human input timeout check interval in minutes
|
||||||
|
HUMAN_INPUT_TIMEOUT_TASK_INTERVAL=1
|
||||||
|
|
||||||
|
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL=90000
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -63,7 +63,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -102,7 +102,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -132,7 +132,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.11.2
|
image: langgenius/dify-web:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -270,7 +270,7 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -475,7 +475,8 @@ services:
|
|||||||
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
||||||
OB_SERVER_IP: 127.0.0.1
|
OB_SERVER_IP: 127.0.0.1
|
||||||
MODE: mini
|
MODE: mini
|
||||||
LANG: en_US.UTF-8
|
LANG: C.UTF-8
|
||||||
|
LC_ALL: C.UTF-8
|
||||||
ports:
|
ports:
|
||||||
- "${OCEANBASE_VECTOR_PORT:-2881}:2881"
|
- "${OCEANBASE_VECTOR_PORT:-2881}:2881"
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -661,13 +662,14 @@ services:
|
|||||||
- "${IRIS_SUPER_SERVER_PORT:-1972}:1972"
|
- "${IRIS_SUPER_SERVER_PORT:-1972}:1972"
|
||||||
- "${IRIS_WEB_SERVER_PORT:-52773}:52773"
|
- "${IRIS_WEB_SERVER_PORT:-52773}:52773"
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/iris:/opt/iris
|
- ./volumes/iris:/durable
|
||||||
- ./iris/iris-init.script:/iris-init.script
|
- ./iris/iris-init.script:/iris-init.script
|
||||||
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
||||||
entrypoint: ["/custom-entrypoint.sh"]
|
entrypoint: ["/custom-entrypoint.sh"]
|
||||||
tty: true
|
tty: true
|
||||||
environment:
|
environment:
|
||||||
TZ: ${IRIS_TIMEZONE:-UTC}
|
TZ: ${IRIS_TIMEZONE:-UTC}
|
||||||
|
ISC_DATA_DIRECTORY: /durable/iris
|
||||||
|
|
||||||
# Oracle vector database
|
# Oracle vector database
|
||||||
oracle:
|
oracle:
|
||||||
|
|||||||
@@ -123,12 +123,13 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
env_file:
|
env_file:
|
||||||
- ./middleware.env
|
- ./middleware.env
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
|
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
||||||
DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin}
|
DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin}
|
||||||
REDIS_HOST: ${REDIS_HOST:-redis}
|
REDIS_HOST: ${REDIS_HOST:-redis}
|
||||||
REDIS_PORT: ${REDIS_PORT:-6379}
|
REDIS_PORT: ${REDIS_PORT:-6379}
|
||||||
|
|||||||
@@ -13,10 +13,11 @@ x-shared-env: &shared-api-worker-env
|
|||||||
APP_WEB_URL: ${APP_WEB_URL:-}
|
APP_WEB_URL: ${APP_WEB_URL:-}
|
||||||
FILES_URL: ${FILES_URL:-}
|
FILES_URL: ${FILES_URL:-}
|
||||||
INTERNAL_FILES_URL: ${INTERNAL_FILES_URL:-}
|
INTERNAL_FILES_URL: ${INTERNAL_FILES_URL:-}
|
||||||
LANG: ${LANG:-en_US.UTF-8}
|
LANG: ${LANG:-C.UTF-8}
|
||||||
LC_ALL: ${LC_ALL:-en_US.UTF-8}
|
LC_ALL: ${LC_ALL:-C.UTF-8}
|
||||||
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
||||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||||
|
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
||||||
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
||||||
LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
|
LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
|
||||||
LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
|
LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
|
||||||
@@ -122,6 +123,13 @@ x-shared-env: &shared-api-worker-env
|
|||||||
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
|
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
|
||||||
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
|
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
|
||||||
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
|
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
|
||||||
|
ARCHIVE_STORAGE_ENABLED: ${ARCHIVE_STORAGE_ENABLED:-false}
|
||||||
|
ARCHIVE_STORAGE_ENDPOINT: ${ARCHIVE_STORAGE_ENDPOINT:-}
|
||||||
|
ARCHIVE_STORAGE_ARCHIVE_BUCKET: ${ARCHIVE_STORAGE_ARCHIVE_BUCKET:-}
|
||||||
|
ARCHIVE_STORAGE_EXPORT_BUCKET: ${ARCHIVE_STORAGE_EXPORT_BUCKET:-}
|
||||||
|
ARCHIVE_STORAGE_ACCESS_KEY: ${ARCHIVE_STORAGE_ACCESS_KEY:-}
|
||||||
|
ARCHIVE_STORAGE_SECRET_KEY: ${ARCHIVE_STORAGE_SECRET_KEY:-}
|
||||||
|
ARCHIVE_STORAGE_REGION: ${ARCHIVE_STORAGE_REGION:-auto}
|
||||||
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
|
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
|
||||||
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
|
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
|
||||||
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
|
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
|
||||||
@@ -417,6 +425,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
|
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
|
||||||
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
|
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
|
||||||
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
|
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
|
||||||
|
SMTP_LOCAL_HOSTNAME: ${SMTP_LOCAL_HOSTNAME:-}
|
||||||
SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
|
SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
|
||||||
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
|
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
|
||||||
@@ -467,6 +476,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
ALIYUN_SLS_LOGSTORE_TTL: ${ALIYUN_SLS_LOGSTORE_TTL:-365}
|
ALIYUN_SLS_LOGSTORE_TTL: ${ALIYUN_SLS_LOGSTORE_TTL:-365}
|
||||||
LOGSTORE_DUAL_WRITE_ENABLED: ${LOGSTORE_DUAL_WRITE_ENABLED:-false}
|
LOGSTORE_DUAL_WRITE_ENABLED: ${LOGSTORE_DUAL_WRITE_ENABLED:-false}
|
||||||
LOGSTORE_DUAL_READ_ENABLED: ${LOGSTORE_DUAL_READ_ENABLED:-true}
|
LOGSTORE_DUAL_READ_ENABLED: ${LOGSTORE_DUAL_READ_ENABLED:-true}
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD: ${LOGSTORE_ENABLE_PUT_GRAPH_FIELD:-true}
|
||||||
HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
|
HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
|
||||||
HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
|
HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
|
||||||
HTTP_REQUEST_NODE_SSL_VERIFY: ${HTTP_REQUEST_NODE_SSL_VERIFY:-True}
|
HTTP_REQUEST_NODE_SSL_VERIFY: ${HTTP_REQUEST_NODE_SSL_VERIFY:-True}
|
||||||
@@ -579,6 +589,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
PLUGIN_DAEMON_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi}
|
PLUGIN_DAEMON_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi}
|
||||||
PLUGIN_DAEMON_URL: ${PLUGIN_DAEMON_URL:-http://plugin_daemon:5002}
|
PLUGIN_DAEMON_URL: ${PLUGIN_DAEMON_URL:-http://plugin_daemon:5002}
|
||||||
PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
|
PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
|
||||||
|
PLUGIN_MODEL_SCHEMA_CACHE_TTL: ${PLUGIN_MODEL_SCHEMA_CACHE_TTL:-3600}
|
||||||
PLUGIN_PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false}
|
PLUGIN_PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false}
|
||||||
PLUGIN_DEBUGGING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0}
|
PLUGIN_DEBUGGING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0}
|
||||||
PLUGIN_DEBUGGING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003}
|
PLUGIN_DEBUGGING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003}
|
||||||
@@ -653,6 +664,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
ENABLE_CREATE_TIDB_SERVERLESS_TASK: ${ENABLE_CREATE_TIDB_SERVERLESS_TASK:-false}
|
ENABLE_CREATE_TIDB_SERVERLESS_TASK: ${ENABLE_CREATE_TIDB_SERVERLESS_TASK:-false}
|
||||||
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK: ${ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK:-false}
|
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK: ${ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK:-false}
|
||||||
ENABLE_CLEAN_MESSAGES: ${ENABLE_CLEAN_MESSAGES:-false}
|
ENABLE_CLEAN_MESSAGES: ${ENABLE_CLEAN_MESSAGES:-false}
|
||||||
|
ENABLE_WORKFLOW_RUN_CLEANUP_TASK: ${ENABLE_WORKFLOW_RUN_CLEANUP_TASK:-false}
|
||||||
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK: ${ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK:-false}
|
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK: ${ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK:-false}
|
||||||
ENABLE_DATASETS_QUEUE_MONITOR: ${ENABLE_DATASETS_QUEUE_MONITOR:-false}
|
ENABLE_DATASETS_QUEUE_MONITOR: ${ENABLE_DATASETS_QUEUE_MONITOR:-false}
|
||||||
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK: ${ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK:-true}
|
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK: ${ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK:-true}
|
||||||
@@ -671,6 +683,12 @@ x-shared-env: &shared-api-worker-env
|
|||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
||||||
|
PUBSUB_REDIS_URL: ${PUBSUB_REDIS_URL:-}
|
||||||
|
PUBSUB_REDIS_CHANNEL_TYPE: ${PUBSUB_REDIS_CHANNEL_TYPE:-pubsub}
|
||||||
|
PUBSUB_REDIS_USE_CLUSTERS: ${PUBSUB_REDIS_USE_CLUSTERS:-false}
|
||||||
|
ENABLE_HUMAN_INPUT_TIMEOUT_TASK: ${ENABLE_HUMAN_INPUT_TIMEOUT_TASK:-true}
|
||||||
|
HUMAN_INPUT_TIMEOUT_TASK_INTERVAL: ${HUMAN_INPUT_TIMEOUT_TASK_INTERVAL:-1}
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL: ${SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL:-90000}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# Init container to fix permissions
|
# Init container to fix permissions
|
||||||
@@ -694,7 +712,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -736,7 +754,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -775,7 +793,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -805,7 +823,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.11.2
|
image: langgenius/dify-web:1.12.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -943,7 +961,7 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -1146,7 +1164,8 @@ services:
|
|||||||
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
||||||
OB_SERVER_IP: 127.0.0.1
|
OB_SERVER_IP: 127.0.0.1
|
||||||
MODE: mini
|
MODE: mini
|
||||||
LANG: en_US.UTF-8
|
LANG: C.UTF-8
|
||||||
|
LC_ALL: C.UTF-8
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
@@ -1324,13 +1343,14 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
init: true
|
init: true
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/iris:/opt/iris
|
- ./volumes/iris:/durable
|
||||||
- ./iris/iris-init.script:/iris-init.script
|
- ./iris/iris-init.script:/iris-init.script
|
||||||
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
||||||
entrypoint: [ "/custom-entrypoint.sh" ]
|
entrypoint: [ "/custom-entrypoint.sh" ]
|
||||||
tty: true
|
tty: true
|
||||||
environment:
|
environment:
|
||||||
TZ: ${IRIS_TIMEZONE:-UTC}
|
TZ: ${IRIS_TIMEZONE:-UTC}
|
||||||
|
ISC_DATA_DIRECTORY: /durable/iris
|
||||||
|
|
||||||
# Oracle vector database
|
# Oracle vector database
|
||||||
oracle:
|
oracle:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ def parse_env_example(file_path):
|
|||||||
Parses the .env.example file and returns a dictionary with variable names as keys and default values as values.
|
Parses the .env.example file and returns a dictionary with variable names as keys and default values as values.
|
||||||
"""
|
"""
|
||||||
env_vars = {}
|
env_vars = {}
|
||||||
with open(file_path, "r") as f:
|
with open(file_path, "r", encoding="utf-8") as f:
|
||||||
for line_number, line in enumerate(f, 1):
|
for line_number, line in enumerate(f, 1):
|
||||||
line = line.strip()
|
line = line.strip()
|
||||||
# Ignore empty lines and comments
|
# Ignore empty lines and comments
|
||||||
@@ -55,7 +55,7 @@ def insert_shared_env(template_path, output_path, shared_env_block, header_comme
|
|||||||
Inserts the shared environment variables block and header comments into the template file,
|
Inserts the shared environment variables block and header comments into the template file,
|
||||||
removing any existing x-shared-env anchors, and generates the final docker-compose.yaml file.
|
removing any existing x-shared-env anchors, and generates the final docker-compose.yaml file.
|
||||||
"""
|
"""
|
||||||
with open(template_path, "r") as f:
|
with open(template_path, "r", encoding="utf-8") as f:
|
||||||
template_content = f.read()
|
template_content = f.read()
|
||||||
|
|
||||||
# Remove existing x-shared-env: &shared-api-worker-env lines
|
# Remove existing x-shared-env: &shared-api-worker-env lines
|
||||||
@@ -69,7 +69,7 @@ def insert_shared_env(template_path, output_path, shared_env_block, header_comme
|
|||||||
# Prepare the final content with header comments and shared env block
|
# Prepare the final content with header comments and shared env block
|
||||||
final_content = f"{header_comments}\n{shared_env_block}\n\n{template_content}"
|
final_content = f"{header_comments}\n{shared_env_block}\n\n{template_content}"
|
||||||
|
|
||||||
with open(output_path, "w") as f:
|
with open(output_path, "w", encoding="utf-8") as f:
|
||||||
f.write(final_content)
|
f.write(final_content)
|
||||||
print(f"Generated {output_path}")
|
print(f"Generated {output_path}")
|
||||||
|
|
||||||
|
|||||||
@@ -1,15 +1,33 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# IRIS configuration flag file
|
# IRIS configuration flag file (stored in durable directory to persist with data)
|
||||||
IRIS_CONFIG_DONE="/opt/iris/.iris-configured"
|
IRIS_CONFIG_DONE="/durable/.iris-configured"
|
||||||
|
|
||||||
|
# Function to wait for IRIS to be ready
|
||||||
|
wait_for_iris() {
|
||||||
|
echo "Waiting for IRIS to be ready..."
|
||||||
|
local max_attempts=30
|
||||||
|
local attempt=1
|
||||||
|
while [ "$attempt" -le "$max_attempts" ]; do
|
||||||
|
if iris qlist IRIS 2>/dev/null | grep -q "running"; then
|
||||||
|
echo "IRIS is ready."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
echo "Attempt $attempt/$max_attempts: IRIS not ready yet, waiting..."
|
||||||
|
sleep 2
|
||||||
|
attempt=$((attempt + 1))
|
||||||
|
done
|
||||||
|
echo "ERROR: IRIS failed to start within expected time." >&2
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# Function to configure IRIS
|
# Function to configure IRIS
|
||||||
configure_iris() {
|
configure_iris() {
|
||||||
echo "Configuring IRIS for first-time setup..."
|
echo "Configuring IRIS for first-time setup..."
|
||||||
|
|
||||||
# Wait for IRIS to be fully started
|
# Wait for IRIS to be fully started
|
||||||
sleep 5
|
wait_for_iris
|
||||||
|
|
||||||
# Execute the initialization script
|
# Execute the initialization script
|
||||||
iris session IRIS < /iris-init.script
|
iris session IRIS < /iris-init.script
|
||||||
|
|||||||
@@ -234,3 +234,7 @@ LOGSTORE_DUAL_WRITE_ENABLED=true
|
|||||||
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
||||||
# Useful for migration scenarios where historical data exists only in SQL database
|
# Useful for migration scenarios where historical data exists only in SQL database
|
||||||
LOGSTORE_DUAL_READ_ENABLED=true
|
LOGSTORE_DUAL_READ_ENABLED=true
|
||||||
|
# Control flag for whether to write the `graph` field to LogStore.
|
||||||
|
# If LOGSTORE_ENABLE_PUT_GRAPH_FIELD is "true", write the full `graph` field;
|
||||||
|
# otherwise write an empty {} instead. Defaults to writing the `graph` field.
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD=true
|
||||||
@@ -54,3 +54,52 @@ http_access allow src_all
|
|||||||
|
|
||||||
# Unless the option's size is increased, an error will occur when uploading more than two files.
|
# Unless the option's size is increased, an error will occur when uploading more than two files.
|
||||||
client_request_buffer_max_size 100 MB
|
client_request_buffer_max_size 100 MB
|
||||||
|
|
||||||
|
################################## Performance & Concurrency ###############################
|
||||||
|
# Increase file descriptor limit for high concurrency
|
||||||
|
max_filedescriptors 65536
|
||||||
|
|
||||||
|
# Timeout configurations for image requests
|
||||||
|
connect_timeout 30 seconds
|
||||||
|
request_timeout 2 minutes
|
||||||
|
read_timeout 2 minutes
|
||||||
|
client_lifetime 5 minutes
|
||||||
|
shutdown_lifetime 30 seconds
|
||||||
|
|
||||||
|
# Persistent connections - improve performance for multiple requests
|
||||||
|
server_persistent_connections on
|
||||||
|
client_persistent_connections on
|
||||||
|
persistent_request_timeout 30 seconds
|
||||||
|
pconn_timeout 1 minute
|
||||||
|
|
||||||
|
# Connection pool and concurrency limits
|
||||||
|
client_db on
|
||||||
|
server_idle_pconn_timeout 2 minutes
|
||||||
|
client_idle_pconn_timeout 2 minutes
|
||||||
|
|
||||||
|
# Quick abort settings - don't abort requests that are mostly done
|
||||||
|
quick_abort_min 16 KB
|
||||||
|
quick_abort_max 16 MB
|
||||||
|
quick_abort_pct 95
|
||||||
|
|
||||||
|
# Memory and cache optimization
|
||||||
|
memory_cache_mode disk
|
||||||
|
cache_mem 256 MB
|
||||||
|
maximum_object_size_in_memory 512 KB
|
||||||
|
|
||||||
|
# DNS resolver settings for better performance
|
||||||
|
dns_timeout 30 seconds
|
||||||
|
dns_retransmit_interval 5 seconds
|
||||||
|
# By default, Squid uses the system's configured DNS resolvers.
|
||||||
|
# If you need to override them, set dns_nameservers to appropriate servers
|
||||||
|
# for your environment (for example, internal/corporate DNS). The following
|
||||||
|
# is an example using public DNS and SHOULD be customized before use:
|
||||||
|
# dns_nameservers 8.8.8.8 8.8.4.4
|
||||||
|
|
||||||
|
# Logging format for better debugging
|
||||||
|
logformat dify_log %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
|
||||||
|
access_log daemon:/var/log/squid/access.log dify_log
|
||||||
|
|
||||||
|
# Access log to track concurrent requests and timeouts
|
||||||
|
logfile_rotate 10
|
||||||
|
|
||||||
|
|||||||
@@ -10,7 +10,8 @@ SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZX
|
|||||||
DASHBOARD_USERNAME=supabase
|
DASHBOARD_USERNAME=supabase
|
||||||
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
||||||
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
||||||
VAULT_ENC_KEY=your-encryption-key-32-chars-min
|
VAULT_ENC_KEY=your-32-character-encryption-key
|
||||||
|
PG_META_CRYPTO_KEY=your-encryption-key-32-chars-min
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
@@ -94,7 +95,6 @@ ENABLE_PHONE_AUTOCONFIRM=true
|
|||||||
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
||||||
STUDIO_DEFAULT_PROJECT=Default Project
|
STUDIO_DEFAULT_PROJECT=Default Project
|
||||||
|
|
||||||
STUDIO_PORT=3000
|
|
||||||
# replace if you intend to use Studio outside of localhost
|
# replace if you intend to use Studio outside of localhost
|
||||||
SUPABASE_PUBLIC_URL=http://localhost:8000
|
SUPABASE_PUBLIC_URL=http://localhost:8000
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,272 @@
|
|||||||
|
# Changelog
|
||||||
|
|
||||||
|
All notable changes to the Supabase self-hosted Docker configuration.
|
||||||
|
|
||||||
|
Changes are grouped by service rather than by change type. See [versions.md](./versions.md)
|
||||||
|
for complete image version history and rollback information.
|
||||||
|
|
||||||
|
Check updates for each service to learn more.
|
||||||
|
|
||||||
|
**Note:** Configuration updates marked with "requires [...] update" are already included in the latest version of the repository. Pull the latest changes or refer to the linked PR for manual updates. After updating `docker-compose.yml`, pull latest images and recreate containers - use `docker compose pull && docker compose down && docker compose up -d`.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Unreleased
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-18]
|
||||||
|
|
||||||
|
### Documentation
|
||||||
|
- Updated self-hosting installation and configuration guide - PR [#40901](https://github.com/supabase/supabase/pull/40901), PR [#41438](https://github.com/supabase/supabase/pull/41438)
|
||||||
|
|
||||||
|
### Utils
|
||||||
|
- Added `generate-keys.sh` - PR [#41363](https://github.com/supabase/supabase/pull/41363)
|
||||||
|
- Added `db-passwd.sh` - PR [#41432](https://github.com/supabase/supabase/pull/41432)
|
||||||
|
- Changed `reset.sh` to POSIX and added more checks - PR [#41361](https://github.com/supabase/supabase/pull/41361)
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.12.17-sha-43f4f7f`
|
||||||
|
- ⚠️ Fixed additional potential issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
|
- Fixed an issue with the Users page not being updated on changes - PR [#41254](https://github.com/supabase/supabase/pull/41254)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
- Updated to `v0.5.10` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.5.10)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.184.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.184.0)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.95.1` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.95.1)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.27.0` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.27.0)
|
||||||
|
- Fixed multiple issues, including a race condition
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-10]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
|
||||||
|
- Updated to `2025.12.09-sha-434634f`
|
||||||
|
- ⚠️ Fixed potential issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
|
||||||
|
- Updated to `v0.5.9` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.5.9)
|
||||||
|
- ⚠️ Changed MCP tool `get_anon_key` to `get_publishable_keys`
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
|
||||||
|
- Updated to `v14.1` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.1)
|
||||||
|
- ⚠️ **Major upgrade from v13.x to v14.x** - please report any unexpected behavior
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
|
||||||
|
- Updated to `v2.68.0` - [Releases](https://github.com/supabase/realtime/releases/tag/v2.68.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
|
||||||
|
- Updated to `v1.33.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.33.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Updated to `v1.69.28` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.28)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
|
||||||
|
- Updated to `v1.26.25` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.25)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-08]
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- No image update
|
||||||
|
- Changed boolean values to strings in Docker Compose for better compatibility with Podman - PR [#40994](https://github.com/supabase/supabase/pull/40994), also PR [realtime#1614](https://github.com/supabase/realtime/pull/1614)
|
||||||
|
- Changed healthcheck in Docker Compose for better compatibility with Podman - PR [#41159](https://github.com/supabase/supabase/pull/41159)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-26]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.26-sha-8f096b5`
|
||||||
|
- Fixed MCP `get_advisors` tool - PR [#40783](https://github.com/supabase/supabase/pull/40783)
|
||||||
|
- Fixed AI Assistant request schema - PR [#40830](https://github.com/supabase/supabase/pull/40830)
|
||||||
|
- Fixed log drains page - PR [#40835](https://github.com/supabase/supabase/pull/40835)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.65.3` - [Release](https://github.com/supabase/realtime/releases/tag/v2.65.3)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.26.13` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.13)
|
||||||
|
- Fixed crashdump when `POSTGRES_BACKEND_URL` is malformed - PR [logflare#2954](https://github.com/Logflare/logflare/pull/2954)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-25]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.24-sha-d990ae8` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40734)
|
||||||
|
- Fixed Queues configuration UI and added [documentation for exposed queue schema](https://supabase.com/docs/guides/queues/expose-self-hosted-queues) - PR [#40078](https://github.com/supabase/supabase/pull/40078)
|
||||||
|
- Fixed parameterized SQL queries in MCP tools - PR [#40499](https://github.com/supabase/supabase/pull/40499)
|
||||||
|
- Fixed Studio showing paid options for log drains - PR [#40510](https://github.com/supabase/supabase/pull/40510)
|
||||||
|
- Fixed AI Assistant authentication - PR [#40654](https://github.com/supabase/supabase/pull/40654)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.183.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.183.0)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.65.2` - [Release](https://github.com/supabase/realtime/releases/tag/v2.65.2)
|
||||||
|
- Fixed handling of boolean configurations options - PR [realtime#1614](https://github.com/supabase/realtime/pull/1614)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.32.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.32.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.25` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.25)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.26.12` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.12)
|
||||||
|
- Fixed Auth logs query - PR [logflare#2936](https://github.com/Logflare/logflare/pull/2936)
|
||||||
|
- Fixed build configuration to prevent crashes with "Illegal instruction (core dumped)" - PR [logflare#2942](https://github.com/Logflare/logflare/pull/2942)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-17]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- No image update
|
||||||
|
- Fixed resumable uploads for files larger than 6MB (requires `docker-compose.yml` update) - PR [#40500](https://github.com/supabase/supabase/pull/40500)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-12]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.10-sha-5291fe3` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40083)
|
||||||
|
- Added log drains - PR [#28297](https://github.com/supabase/supabase/pull/28297)
|
||||||
|
- Fixed Studio using `postgres` role instead of `supabase_admin` - PR [#39946](https://github.com/supabase/supabase/pull/39946)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.182.1` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md#21821-2025-11-05) | [Release](https://github.com/supabase/auth/releases/tag/v2.182.1)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.63.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.63.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.29.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.29.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.23` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.23)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `v2.7.4` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.4)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-05]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- No image update
|
||||||
|
- Fixed Studio failing to connect to Postgres with non-default settings (requires `docker-compose.yml` update) - PR [#40169](https://github.com/supabase/supabase/pull/40169)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- No image update
|
||||||
|
- Fixed realtime logs not showing in Studio (requires `volumes/logs/vector.yml` update) - PR [#39963](https://github.com/supabase/supabase/pull/39963)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-28]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.27-sha-85b84e0` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40083)
|
||||||
|
- Fixed broken authentication when uploading files to Storage - PR [#39829](https://github.com/supabase/supabase/pull/39829)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.57.2` - [Release](https://github.com/supabase/realtime/releases/tag/v2.57.2)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.2` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.2)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.93.1` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.93.1)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.15` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.15)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-27]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- No image update
|
||||||
|
- Added Kong configuration for MCP server routes (requires `volumes/api/kong.yml` update) - PR [#39849](https://github.com/supabase/supabase/pull/39849)
|
||||||
|
- Added [documentation page](https://supabase.com/docs/guides/self-hosting/enable-mcp) for MCP server configuration - PR [#39952](https://github.com/supabase/supabase/pull/39952)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-21]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.20-sha-5005fc6` - [Dashboard updates](https://github.com/orgs/supabase/discussions/39709)
|
||||||
|
- Fixed issues with Edge Functions and cron logs not being visible in Studio - PR [#39388](https://github.com/supabase/supabase/pull/39388), PR [#39704](https://github.com/supabase/supabase/pull/39704), PR [#39711](https://github.com/supabase/supabase/pull/39711)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.56.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.56.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.1` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.1)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.93.0` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.93.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.14` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.14)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `v2.7.3` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.3)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-13]
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.22.6` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.22.6)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-08]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.01-sha-8460121` - [Dashboard updates](https://github.com/orgs/supabase/discussions/39709)
|
||||||
|
- Added "local" remote MCP server - PR [#38797](https://github.com/supabase/supabase/pull/38797), PR [#39041](https://github.com/supabase/supabase/pull/39041)
|
||||||
|
- ⚠️ Changed Studio connection method to `postgres-meta` - affects non-standard database port configurations
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.180.0` - [Release](https://github.com/supabase/auth/releases/tag/v2.180.0)
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
- Updated to `v13.0.7` - [Release](https://github.com/PostgREST/postgrest/releases/tag/v13.0.7) | [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.51.11` - [Release](https://github.com/supabase/realtime/releases/tag/v2.51.11)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.0)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.91.6` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.91.6)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.22.4` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.22.4)
|
||||||
|
|
||||||
|
### Postgres
|
||||||
|
- Updated to `15.8.1.085` - [Release](https://github.com/supabase/postgres/releases/tag/15.8.1.085)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `2.7.0` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.0)
|
||||||
|
|
||||||
|
---
|
||||||
+86
-2
@@ -1,3 +1,87 @@
|
|||||||
# Supabase Docker
|
# Self-Hosted Supabase with Docker
|
||||||
|
|
||||||
This is a minimal Docker Compose setup for self-hosting Supabase. Follow the steps [here](https://supabase.com/docs/guides/hosting/docker) to get started.
|
This is the official Docker Compose setup for self-hosted Supabase. It provides a complete stack with all Supabase services running locally or on your infrastructure.
|
||||||
|
|
||||||
|
## Getting Started
|
||||||
|
|
||||||
|
Follow the detailed setup guide in our documentation: [Self-Hosting with Docker](https://supabase.com/docs/guides/self-hosting/docker)
|
||||||
|
|
||||||
|
The guide covers:
|
||||||
|
- Prerequisites (Git and Docker)
|
||||||
|
- Initial setup and configuration
|
||||||
|
- Securing your installation
|
||||||
|
- Accessing services
|
||||||
|
- Updating your instance
|
||||||
|
|
||||||
|
## What's Included
|
||||||
|
|
||||||
|
This Docker Compose configuration includes the following services:
|
||||||
|
|
||||||
|
- **[Studio](https://github.com/supabase/supabase/tree/master/apps/studio)** - A dashboard for managing your self-hosted Supabase project
|
||||||
|
- **[Kong](https://github.com/Kong/kong)** - Kong API gateway
|
||||||
|
- **[Auth](https://github.com/supabase/auth)** - JWT-based authentication API for user sign-ups, logins, and session management
|
||||||
|
- **[PostgREST](https://github.com/PostgREST/postgrest)** - Web server that turns your PostgreSQL database directly into a RESTful API
|
||||||
|
- **[Realtime](https://github.com/supabase/realtime)** - Elixir server that listens to PostgreSQL database changes and broadcasts them over websockets
|
||||||
|
- **[Storage](https://github.com/supabase/storage)** - RESTful API for managing files in S3, with Postgres handling permissions
|
||||||
|
- **[imgproxy](https://github.com/imgproxy/imgproxy)** - Fast and secure image processing server
|
||||||
|
- **[postgres-meta](https://github.com/supabase/postgres-meta)** - RESTful API for managing Postgres (fetch tables, add roles, run queries)
|
||||||
|
- **[PostgreSQL](https://github.com/supabase/postgres)** - Object-relational database with over 30 years of active development
|
||||||
|
- **[Edge Runtime](https://github.com/supabase/edge-runtime)** - Web server based on Deno runtime for running JavaScript, TypeScript, and WASM services
|
||||||
|
- **[Logflare](https://github.com/Logflare/logflare)** - Log management and event analytics platform
|
||||||
|
- **[Vector](https://github.com/vectordotdev/vector)** - High-performance observability data pipeline for logs
|
||||||
|
- **[Supavisor](https://github.com/supabase/supavisor)** - Supabase's Postgres connection pooler
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
- **[Documentation](https://supabase.com/docs/guides/self-hosting/docker)** - Setup and configuration guides
|
||||||
|
- **[CHANGELOG.md](./CHANGELOG.md)** - Track recent updates and changes to services
|
||||||
|
- **[versions.md](./versions.md)** - Complete history of Docker image versions for rollback reference
|
||||||
|
|
||||||
|
## Updates
|
||||||
|
|
||||||
|
To update your self-hosted Supabase instance:
|
||||||
|
|
||||||
|
1. Review [CHANGELOG.md](./CHANGELOG.md) for breaking changes
|
||||||
|
2. Check [versions.md](./versions.md) for new image versions
|
||||||
|
3. Update `docker-compose.yml` if there are configuration changes
|
||||||
|
4. Pull the latest images: `docker compose pull`
|
||||||
|
5. Stop services: `docker compose down`
|
||||||
|
6. Start services with new configuration: `docker compose up -d`
|
||||||
|
|
||||||
|
**Note:** Consider to always backup your database before updating.
|
||||||
|
|
||||||
|
## Community & Support
|
||||||
|
|
||||||
|
For troubleshooting common issues, see:
|
||||||
|
- [GitHub Discussions](https://github.com/orgs/supabase/discussions?discussions_q=is%3Aopen+label%3Aself-hosted) - Questions, feature requests, and workarounds
|
||||||
|
- [GitHub Issues](https://github.com/supabase/supabase/issues?q=is%3Aissue%20state%3Aopen%20label%3Aself-hosted) - Known issues
|
||||||
|
- [Documentation](https://supabase.com/docs/guides/self-hosting) - Setup and configuration guides
|
||||||
|
|
||||||
|
Self-hosted Supabase is community-supported. Get help and connect with other users:
|
||||||
|
|
||||||
|
- [Discord](https://discord.supabase.com) - Real-time chat and community support
|
||||||
|
- [Reddit](https://www.reddit.com/r/Supabase/) - Official Supabase subreddit
|
||||||
|
|
||||||
|
Share your self-hosting experience:
|
||||||
|
|
||||||
|
- [GitHub Discussions](https://github.com/orgs/supabase/discussions/39820) - "Self-hosting: What's working (and what's not)?"
|
||||||
|
|
||||||
|
## Important Notes
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
⚠️ **The default configuration is not secure for production use.**
|
||||||
|
|
||||||
|
Before deploying to production, you must:
|
||||||
|
- Update all default passwords and secrets in the `.env` file
|
||||||
|
- Generate new JWT secrets
|
||||||
|
- Review and update CORS settings
|
||||||
|
- Consider setting up a secure proxy in front of self-hosted Supabase
|
||||||
|
- Review and adjust network security configuration (ACLs, etc.)
|
||||||
|
- Set up proper backup procedures
|
||||||
|
|
||||||
|
See the [security section](https://supabase.com/docs/guides/self-hosting/docker#configuring-and-securing-supabase) in the documentation.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
This repository is licensed under the Apache 2.0 License. See the main [Supabase repository](https://github.com/supabase/supabase) for details.
|
||||||
|
|||||||
@@ -8,6 +8,16 @@ services:
|
|||||||
target: dev
|
target: dev
|
||||||
ports:
|
ports:
|
||||||
- 8082:8082
|
- 8082:8082
|
||||||
|
develop:
|
||||||
|
watch:
|
||||||
|
- action: sync
|
||||||
|
path: ../apps/studio
|
||||||
|
target: /app/apps/studio
|
||||||
|
ignore:
|
||||||
|
- node_modules/
|
||||||
|
- action: rebuild
|
||||||
|
path: package.json
|
||||||
|
|
||||||
mail:
|
mail:
|
||||||
container_name: supabase-mail
|
container_name: supabase-mail
|
||||||
image: inbucket/inbucket:3.0.3
|
image: inbucket/inbucket:3.0.3
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ name: supabase
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
studio:
|
studio:
|
||||||
image: supabase/studio:2025.06.30-sha-6f5982d
|
image: supabase/studio:2025.12.17-sha-43f4f7f
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -28,8 +28,15 @@ services:
|
|||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
environment:
|
environment:
|
||||||
|
# Binds nestjs listener to both IPv4 and IPv6 network interfaces
|
||||||
|
HOSTNAME: "::"
|
||||||
|
|
||||||
STUDIO_PG_META_URL: http://meta:8080
|
STUDIO_PG_META_URL: http://meta:8080
|
||||||
|
POSTGRES_PORT: ${POSTGRES_PORT}
|
||||||
|
POSTGRES_HOST: ${POSTGRES_HOST}
|
||||||
|
POSTGRES_DB: ${POSTGRES_DB}
|
||||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
PG_META_CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
||||||
|
|
||||||
DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}
|
DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}
|
||||||
DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}
|
DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}
|
||||||
@@ -41,7 +48,11 @@ services:
|
|||||||
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
AUTH_JWT_SECRET: ${JWT_SECRET}
|
AUTH_JWT_SECRET: ${JWT_SECRET}
|
||||||
|
|
||||||
|
# LOGFLARE_API_KEY is deprecated
|
||||||
|
LOGFLARE_API_KEY: ${LOGFLARE_PUBLIC_ACCESS_TOKEN}
|
||||||
|
LOGFLARE_PUBLIC_ACCESS_TOKEN: ${LOGFLARE_PUBLIC_ACCESS_TOKEN}
|
||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
||||||
|
|
||||||
LOGFLARE_URL: http://analytics:4000
|
LOGFLARE_URL: http://analytics:4000
|
||||||
NEXT_PUBLIC_ENABLE_LOGS: true
|
NEXT_PUBLIC_ENABLE_LOGS: true
|
||||||
# Comment to use Big Query backend for analytics
|
# Comment to use Big Query backend for analytics
|
||||||
@@ -63,7 +74,7 @@ services:
|
|||||||
KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
|
KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
|
||||||
# https://github.com/supabase/cli/issues/14
|
# https://github.com/supabase/cli/issues/14
|
||||||
KONG_DNS_ORDER: LAST,A,CNAME
|
KONG_DNS_ORDER: LAST,A,CNAME
|
||||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
|
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
||||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||||
@@ -75,7 +86,7 @@ services:
|
|||||||
/docker-entrypoint.sh kong docker-start'
|
/docker-entrypoint.sh kong docker-start'
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
image: supabase/gotrue:v2.177.0
|
image: supabase/gotrue:v2.184.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -157,7 +168,7 @@ services:
|
|||||||
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
||||||
|
|
||||||
rest:
|
rest:
|
||||||
image: postgrest/postgrest:v12.2.12
|
image: postgrest/postgrest:v14.1
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -177,7 +188,7 @@ services:
|
|||||||
|
|
||||||
realtime:
|
realtime:
|
||||||
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
||||||
image: supabase/realtime:v2.34.47
|
image: supabase/realtime:v2.68.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -188,15 +199,9 @@ services:
|
|||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
"CMD",
|
"CMD-SHELL",
|
||||||
"curl",
|
"curl -sSfL --head -o /dev/null -H \"Authorization: Bearer
|
||||||
"-sSfL",
|
${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"
|
||||||
"--head",
|
|
||||||
"-o",
|
|
||||||
"/dev/null",
|
|
||||||
"-H",
|
|
||||||
"Authorization: Bearer ${ANON_KEY}",
|
|
||||||
"http://localhost:4000/api/tenants/realtime-dev/health"
|
|
||||||
]
|
]
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 5s
|
||||||
@@ -216,12 +221,12 @@ services:
|
|||||||
DNS_NODES: "''"
|
DNS_NODES: "''"
|
||||||
RLIMIT_NOFILE: "10000"
|
RLIMIT_NOFILE: "10000"
|
||||||
APP_NAME: realtime
|
APP_NAME: realtime
|
||||||
SEED_SELF_HOST: true
|
SEED_SELF_HOST: "true"
|
||||||
RUN_JANITOR: true
|
RUN_JANITOR: "true"
|
||||||
|
|
||||||
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
||||||
storage:
|
storage:
|
||||||
image: supabase/storage-api:v1.25.7
|
image: supabase/storage-api:v1.33.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
- ./volumes/storage:/var/lib/storage:z
|
||||||
@@ -252,6 +257,7 @@ services:
|
|||||||
POSTGREST_URL: http://rest:3000
|
POSTGREST_URL: http://rest:3000
|
||||||
PGRST_JWT_SECRET: ${JWT_SECRET}
|
PGRST_JWT_SECRET: ${JWT_SECRET}
|
||||||
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
|
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
||||||
FILE_SIZE_LIMIT: 52428800
|
FILE_SIZE_LIMIT: 52428800
|
||||||
STORAGE_BACKEND: file
|
STORAGE_BACKEND: file
|
||||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
||||||
@@ -279,7 +285,7 @@ services:
|
|||||||
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
||||||
|
|
||||||
meta:
|
meta:
|
||||||
image: supabase/postgres-meta:v0.91.0
|
image: supabase/postgres-meta:v0.95.1
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -294,9 +300,10 @@ services:
|
|||||||
PG_META_DB_NAME: ${POSTGRES_DB}
|
PG_META_DB_NAME: ${POSTGRES_DB}
|
||||||
PG_META_DB_USER: supabase_admin
|
PG_META_DB_USER: supabase_admin
|
||||||
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
||||||
|
|
||||||
functions:
|
functions:
|
||||||
image: supabase/edge-runtime:v1.67.4
|
image: supabase/edge-runtime:v1.69.28
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/functions:/home/deno/functions:Z
|
- ./volumes/functions:/home/deno/functions:Z
|
||||||
@@ -314,7 +321,7 @@ services:
|
|||||||
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
||||||
|
|
||||||
analytics:
|
analytics:
|
||||||
image: supabase/logflare:1.14.2
|
image: supabase/logflare:1.27.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
# Uncomment to use Big Query backend for analytics
|
# Uncomment to use Big Query backend for analytics
|
||||||
# volumes:
|
# volumes:
|
||||||
@@ -343,7 +350,6 @@ services:
|
|||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
||||||
LOGFLARE_SINGLE_TENANT: true
|
LOGFLARE_SINGLE_TENANT: true
|
||||||
LOGFLARE_SUPABASE_MODE: true
|
LOGFLARE_SUPABASE_MODE: true
|
||||||
LOGFLARE_MIN_CLUSTER_SIZE: 1
|
|
||||||
|
|
||||||
# Comment variables to use Big Query backend for analytics
|
# Comment variables to use Big Query backend for analytics
|
||||||
POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/_supabase
|
POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/_supabase
|
||||||
@@ -355,7 +361,7 @@ services:
|
|||||||
|
|
||||||
# Comment out everything below this point if you are using an external Postgres database
|
# Comment out everything below this point if you are using an external Postgres database
|
||||||
db:
|
db:
|
||||||
image: supabase/postgres:15.8.1.060
|
image: supabase/postgres:15.8.1.085
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
|
- ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
|
||||||
@@ -429,7 +435,7 @@ services:
|
|||||||
|
|
||||||
# Update the DATABASE_URL if you are using an external Postgres database
|
# Update the DATABASE_URL if you are using an external Postgres database
|
||||||
supavisor:
|
supavisor:
|
||||||
image: supabase/supavisor:2.5.7
|
image: supabase/supavisor:2.7.4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/pooler/pooler.exs:/etc/pooler/pooler.exs:ro,z
|
- ./volumes/pooler/pooler.exs:/etc/pooler/pooler.exs:ro,z
|
||||||
|
|||||||
+57
-25
@@ -1,44 +1,76 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
|
|
||||||
echo "WARNING: This will remove all containers and container data, and will reset the .env file. This action cannot be undone!"
|
set -e
|
||||||
read -p "Are you sure you want to proceed? (y/N) " -n 1 -r
|
|
||||||
echo # Move to a new line
|
auto_confirm=0
|
||||||
if [[ ! $REPLY =~ ^[Yy]$ ]]
|
|
||||||
then
|
confirm () {
|
||||||
echo "Operation cancelled."
|
if [ "$auto_confirm" = "1" ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Are you sure you want to proceed? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Script canceled."
|
||||||
exit 1
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$1" = "-y" ]; then
|
||||||
|
auto_confirm=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Stopping and removing all containers..."
|
echo ""
|
||||||
docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
echo "*** WARNING: This will remove all containers and container data, and optionally reset .env ***"
|
||||||
|
echo ""
|
||||||
|
|
||||||
echo "Cleaning up bind-mounted directories..."
|
confirm
|
||||||
BIND_MOUNTS=(
|
|
||||||
"./volumes/db/data"
|
|
||||||
)
|
|
||||||
|
|
||||||
for DIR in "${BIND_MOUNTS[@]}"; do
|
echo "===> Stopping and removing all containers..."
|
||||||
if [ -d "$DIR" ]; then
|
|
||||||
echo "Deleting $DIR..."
|
if [ -f ".env" ]; then
|
||||||
rm -rf "$DIR"
|
docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
||||||
|
elif [ -f ".env.example" ]; then
|
||||||
|
echo "No .env found, using .env.example for docker compose down..."
|
||||||
|
docker compose --env-file .env.example -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
||||||
|
else
|
||||||
|
echo "Skipping 'docker compose down' because there's no env-file."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "===> Cleaning up bind-mounted directories..."
|
||||||
|
BIND_MOUNTS="./volumes/db/data ./volumes/storage"
|
||||||
|
|
||||||
|
for dir in $BIND_MOUNTS; do
|
||||||
|
if [ -d "$dir" ]; then
|
||||||
|
echo "Removing $dir..."
|
||||||
|
confirm
|
||||||
|
rm -rf "$dir"
|
||||||
else
|
else
|
||||||
echo "Directory $DIR does not exist. Skipping bind mount deletion step..."
|
echo "$dir not found."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Resetting .env file..."
|
echo "===> Resetting .env file (will save backup to .env.old)..."
|
||||||
if [ -f ".env" ]; then
|
confirm
|
||||||
echo "Removing existing .env file..."
|
if [ -f ".env" ] || [ -L ".env" ]; then
|
||||||
rm -f .env
|
echo "Renaming existing .env file to .env.old"
|
||||||
|
mv .env .env.old
|
||||||
else
|
else
|
||||||
echo "No .env file found. Skipping .env removal step..."
|
echo "No .env file found."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f ".env.example" ]; then
|
if [ -f ".env.example" ]; then
|
||||||
echo "Copying .env.example to .env..."
|
echo "===> Copying .env.example to .env"
|
||||||
cp .env.example .env
|
cp .env.example .env
|
||||||
else
|
else
|
||||||
echo ".env.example file not found. Skipping .env reset step..."
|
echo "No .env.example found, can't restore .env to default values."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Cleanup complete!"
|
echo "Cleanup complete!"
|
||||||
|
echo "Re-run 'docker compose pull' to update images."
|
||||||
|
echo ""
|
||||||
|
|||||||
@@ -0,0 +1,157 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Portions of this code are derived from Inder Singh's update-db-pass.sh
|
||||||
|
# Copyright 2025 Inder Singh. Licensed under Apache License 2.0.
|
||||||
|
# Original source:
|
||||||
|
# https://github.com/singh-inder/supabase-automated-self-host/blob/main/docker/update-db-pass.sh
|
||||||
|
#
|
||||||
|
# GitHub discussion here:
|
||||||
|
# https://github.com/supabase/supabase/issues/22605#issuecomment-3323382144
|
||||||
|
#
|
||||||
|
# Changed:
|
||||||
|
# - POSIX shell compatibility
|
||||||
|
# - No hardcoded values for database service and admin user
|
||||||
|
# - Use .env for the admin user and database service port
|
||||||
|
# - Does _not_ set password for supabase_read_only_user (this role is not
|
||||||
|
# supposed to have a password)
|
||||||
|
# - Print all values and confirm before updating
|
||||||
|
# - Stop on any errors
|
||||||
|
#
|
||||||
|
# Heads up:
|
||||||
|
# - Updating _analytics.source_backends is not needed after PR logflare#2069
|
||||||
|
# - Newer Logflare versions use a different table and update connection string
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if ! docker compose version > /dev/null 2>&1; then
|
||||||
|
echo "Docker Compose not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f .env ]; then
|
||||||
|
echo "Missing .env file. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate random hex-only password to avoid issues with SQL/shell
|
||||||
|
new_passwd="$(openssl rand -hex 16)"
|
||||||
|
# If replacing with a custom password, avoid using @/?#:&
|
||||||
|
# https://supabase.com/docs/guides/database/postgres/roles#passwords
|
||||||
|
# new_passwd="d0notUseSpecialSymbolsForPq123-"
|
||||||
|
|
||||||
|
# Check Postgres service
|
||||||
|
db_image_prefix="supabase.postgres:"
|
||||||
|
|
||||||
|
compose_output=$(docker compose ps \
|
||||||
|
--format '{{.Image}}\t{{.Service}}\t{{.Status}}' 2>/dev/null | \
|
||||||
|
grep -m1 "^$db_image_prefix" || true)
|
||||||
|
|
||||||
|
if [ -z "$compose_output" ]; then
|
||||||
|
echo "Postgres container not found. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
db_image=$(echo "$compose_output" | cut -f1)
|
||||||
|
db_srv_name=$(echo "$compose_output" | cut -f2)
|
||||||
|
db_srv_status=$(echo "$compose_output" | cut -f3)
|
||||||
|
|
||||||
|
case "$db_srv_status" in
|
||||||
|
Up*)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Postgres container status: $db_srv_status"
|
||||||
|
echo "Exiting."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
db_srv_port=$(grep "^POSTGRES_PORT=" .env | cut -d '=' -f 2)
|
||||||
|
port_source=" (.env):"
|
||||||
|
if [ -z "$db_srv_port" ]; then
|
||||||
|
db_srv_port="5432"
|
||||||
|
port_source=" (default):"
|
||||||
|
fi
|
||||||
|
|
||||||
|
db_admin_user="supabase_admin"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "*** Check configuration below before updating database passwords! ***"
|
||||||
|
echo ""
|
||||||
|
echo "Service name: $db_srv_name"
|
||||||
|
echo "Service status: $db_srv_status"
|
||||||
|
echo "Service port${port_source} $db_srv_port"
|
||||||
|
echo "Image: $db_image"
|
||||||
|
echo ""
|
||||||
|
echo "Admin user: $db_admin_user"
|
||||||
|
|
||||||
|
if ! test -t 0; then
|
||||||
|
echo ""
|
||||||
|
echo "Running non-interactively. Not updating passwords."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "New database password: $new_passwd"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
printf "Update database passwords? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Canceled. Not updating passwords."
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo "Updating passwords..."
|
||||||
|
echo "Connecting to the database service container..."
|
||||||
|
|
||||||
|
docker compose exec -T "$db_srv_name" psql -U "$db_admin_user" -d "_supabase" -v ON_ERROR_STOP=1 <<EOF
|
||||||
|
alter user anon with password '${new_passwd}';
|
||||||
|
alter user authenticated with password '${new_passwd}';
|
||||||
|
alter user authenticator with password '${new_passwd}';
|
||||||
|
alter user dashboard_user with password '${new_passwd}';
|
||||||
|
alter user pgbouncer with password '${new_passwd}';
|
||||||
|
alter user postgres with password '${new_passwd}';
|
||||||
|
alter user service_role with password '${new_passwd}';
|
||||||
|
alter user supabase_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_auth_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_functions_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_replication_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_storage_admin with password '${new_passwd}';
|
||||||
|
|
||||||
|
DROP SCHEMA _supavisor CASCADE;
|
||||||
|
create schema if not exists _supavisor;
|
||||||
|
alter schema _supavisor owner to supabase_admin;
|
||||||
|
|
||||||
|
DO \$\$
|
||||||
|
BEGIN
|
||||||
|
IF EXISTS (
|
||||||
|
SELECT 1
|
||||||
|
FROM information_schema.tables
|
||||||
|
WHERE table_schema = '_analytics'
|
||||||
|
AND table_name = 'source_backends'
|
||||||
|
) THEN
|
||||||
|
UPDATE _analytics.source_backends
|
||||||
|
SET config = jsonb_set(
|
||||||
|
config,
|
||||||
|
'{url}',
|
||||||
|
'"postgresql://${db_admin_user}:${new_passwd}@${db_srv_name}:${db_srv_port}/postgres"',
|
||||||
|
false
|
||||||
|
)
|
||||||
|
WHERE type = 'postgres';
|
||||||
|
END IF;
|
||||||
|
END
|
||||||
|
\$\$;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Updating POSTGRES_PASSWORD in .env..."
|
||||||
|
sed -i.old "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=$new_passwd|" .env
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Success. To update and restart containers use:"
|
||||||
|
echo ""
|
||||||
|
echo "docker compose up -d --force-recreate"
|
||||||
|
echo ""
|
||||||
@@ -0,0 +1,119 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Portions of this code are derived from Inder Singh's setup.sh shell script.
|
||||||
|
# Copyright 2025 Inder Singh. Licensed under Apache License 2.0.
|
||||||
|
# Original source: https://github.com/singh-inder/supabase-automated-self-host/blob/main/setup.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
gen_hex() {
|
||||||
|
openssl rand -hex "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_base64() {
|
||||||
|
openssl rand -base64 "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
base64_url_encode() {
|
||||||
|
openssl enc -base64 -A | tr '+/' '-_' | tr -d '='
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_token() {
|
||||||
|
payload=$1
|
||||||
|
payload_base64=$(printf %s "$payload" | base64_url_encode)
|
||||||
|
header_base64=$(printf %s "$header" | base64_url_encode)
|
||||||
|
signed_content="${header_base64}.${payload_base64}"
|
||||||
|
signature=$(printf %s "$signed_content" | openssl dgst -binary -sha256 -hmac "$jwt_secret" | base64_url_encode)
|
||||||
|
printf '%s' "${signed_content}.${signature}"
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! command -v openssl >/dev/null 2>&1; then
|
||||||
|
echo "Error: openssl is required but not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
jwt_secret="$(gen_base64 30)"
|
||||||
|
|
||||||
|
# Used in get_token()
|
||||||
|
header='{"alg":"HS256","typ":"JWT"}'
|
||||||
|
iat=$(date +%s)
|
||||||
|
exp=$((iat + 5 * 3600 * 24 * 365)) # 5 years
|
||||||
|
|
||||||
|
# Normalizes JSON formatting so that the token matches https://www.jwt.io/ results
|
||||||
|
anon_payload="{\"role\":\"anon\",\"iss\":\"supabase\",\"iat\":$iat,\"exp\":$exp}"
|
||||||
|
service_role_payload="{\"role\":\"service_role\",\"iss\":\"supabase\",\"iat\":$iat,\"exp\":$exp}"
|
||||||
|
|
||||||
|
#echo "anon_payload=$anon_payload"
|
||||||
|
#echo "service_role_payload=$service_role_payload"
|
||||||
|
|
||||||
|
anon_key=$(gen_token "$anon_payload")
|
||||||
|
service_role_key=$(gen_token "$service_role_payload")
|
||||||
|
|
||||||
|
secret_key_base=$(gen_base64 48)
|
||||||
|
vault_enc_key=$(gen_hex 16)
|
||||||
|
pg_meta_crypto_key=$(gen_base64 24)
|
||||||
|
|
||||||
|
logflare_public_access_token=$(gen_base64 24)
|
||||||
|
logflare_private_access_token=$(gen_base64 24)
|
||||||
|
|
||||||
|
s3_protocol_access_key_id=$(gen_hex 16)
|
||||||
|
s3_protocol_access_key_secret=$(gen_hex 32)
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "JWT_SECRET=${jwt_secret}"
|
||||||
|
echo ""
|
||||||
|
#echo "Issued at: $iat"
|
||||||
|
#echo "Expire: $exp"
|
||||||
|
echo "ANON_KEY=${anon_key}"
|
||||||
|
echo "SERVICE_ROLE_KEY=${service_role_key}"
|
||||||
|
echo ""
|
||||||
|
echo "SECRET_KEY_BASE=${secret_key_base}"
|
||||||
|
echo "VAULT_ENC_KEY=${vault_enc_key}"
|
||||||
|
echo "PG_META_CRYPTO_KEY=${pg_meta_crypto_key}"
|
||||||
|
echo "LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public_access_token}"
|
||||||
|
echo "LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}"
|
||||||
|
echo "S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}"
|
||||||
|
echo "S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
postgres_password=$(gen_hex 16)
|
||||||
|
dashboard_password=$(gen_hex 16)
|
||||||
|
|
||||||
|
echo "POSTGRES_PASSWORD=${postgres_password}"
|
||||||
|
echo "DASHBOARD_PASSWORD=${dashboard_password}"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
if ! test -t 0; then
|
||||||
|
echo "Running non-interactively. Skipping .env update."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Update .env file? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Not updating .env"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo "Updating .env..."
|
||||||
|
|
||||||
|
sed \
|
||||||
|
-i.old \
|
||||||
|
-e "s|^JWT_SECRET=.*$|JWT_SECRET=${jwt_secret}|" \
|
||||||
|
-e "s|^ANON_KEY=.*$|ANON_KEY=${anon_key}|" \
|
||||||
|
-e "s|^SERVICE_ROLE_KEY=.*$|SERVICE_ROLE_KEY=${service_role_key}|" \
|
||||||
|
-e "s|^SECRET_KEY_BASE=.*$|SECRET_KEY_BASE=${secret_key_base}|" \
|
||||||
|
-e "s|^VAULT_ENC_KEY=.*$|VAULT_ENC_KEY=${vault_enc_key}|" \
|
||||||
|
-e "s|^PG_META_CRYPTO_KEY=.*$|PG_META_CRYPTO_KEY=${pg_meta_crypto_key}|" \
|
||||||
|
-e "s|^LOGFLARE_PUBLIC_ACCESS_TOKEN=.*$|LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public_access_token}|" \
|
||||||
|
-e "s|^LOGFLARE_PRIVATE_ACCESS_TOKEN=.*$|LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}|" \
|
||||||
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_ID=.*$|S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}|" \
|
||||||
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_SECRET=.*$|S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}|" \
|
||||||
|
-e "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=${postgres_password}|" \
|
||||||
|
-e "s|^DASHBOARD_PASSWORD=.*$|DASHBOARD_PASSWORD=${dashboard_password}|" \
|
||||||
|
.env
|
||||||
@@ -0,0 +1,83 @@
|
|||||||
|
# Docker Image Versions
|
||||||
|
|
||||||
|
## 2025-12-18
|
||||||
|
- supabase/studio:2025.12.17-sha-43f4f7f (prev supabase/studio:2025.12.09-sha-434634f)
|
||||||
|
- supabase/gotrue:v2.184.0 (prev supabase/gotrue:v2.183.0)
|
||||||
|
- supabase/postgres-meta:v0.95.1 (prev supabase/postgres-meta:v0.93.1)
|
||||||
|
- supabase/logflare:1.27.0 (prev supabase/logflare:1.26.25)
|
||||||
|
|
||||||
|
## 2025-12-10
|
||||||
|
- supabase/studio:2025.12.09-sha-434634f (prev supabase/studio:2025.11.26-sha-8f096b5)
|
||||||
|
- postgrest/postgrest:v14.1 (prev postgrest/postgrest:v13.0.7)
|
||||||
|
- supabase/realtime:v2.68.0 (prev supabase/realtime:v2.65.3)
|
||||||
|
- supabase/storage-api:v1.33.0 (prev supabase/storage-api:v1.32.0)
|
||||||
|
- supabase/edge-runtime:v1.69.28 (prev supabase/edge-runtime:v1.69.25)
|
||||||
|
- supabase/logflare:1.26.25 (prev supabase/logflare:1.26.13)
|
||||||
|
|
||||||
|
## 2025-11-26
|
||||||
|
- supabase/studio:2025.11.26-sha-8f096b5 (prev supabase/studio:2025.11.24-sha-d990ae8)
|
||||||
|
- supabase/realtime:v2.65.3 (prev supabase/realtime:v2.65.2)
|
||||||
|
- supabase/logflare:1.26.13 (prev supabase/logflare:1.26.12)
|
||||||
|
|
||||||
|
## 2025-11-25
|
||||||
|
- supabase/studio:2025.11.24-sha-d990ae8 (prev supabase/studio:2025.11.10-sha-5291fe3)
|
||||||
|
- supabase/gotrue:v2.183.0 (prev supabase/gotrue:v2.182.1)
|
||||||
|
- supabase/realtime:v2.65.2 (prev supabase/realtime:v2.63.0)
|
||||||
|
- supabase/storage-api:v1.32.0 (prev supabase/storage-api:v1.29.0)
|
||||||
|
- supabase/edge-runtime:v1.69.25 (prev supabase/edge-runtime:v1.69.23)
|
||||||
|
- supabase/logflare:1.26.12 (prev supabase/logflare:1.22.6)
|
||||||
|
|
||||||
|
## 2025-11-12
|
||||||
|
- supabase/studio:2025.11.10-sha-5291fe3 (prev 2025.10.27-sha-85b84e0)
|
||||||
|
- supabase/gotrue:v2.182.1 (prev v2.180.0)
|
||||||
|
- supabase/realtime:v2.63.0 (prev v2.57.2)
|
||||||
|
- supabase/storage-api:v1.29.0 (prev v1.28.2)
|
||||||
|
- supabase/edge-runtime:v1.69.23 (prev v1.69.15)
|
||||||
|
- supabase/supavisor:2.7.4 (prev 2.7.3)
|
||||||
|
|
||||||
|
## 2025-10-28
|
||||||
|
- supabase/studio:2025.10.27-sha-85b84e0 (prev 2025.10.20-sha-5005fc6)
|
||||||
|
- supabase/realtime:v2.57.2 (prev v2.56.0)
|
||||||
|
- supabase/storage-api:v1.28.2 (prev v1.28.1)
|
||||||
|
- supabase/postgres-meta:v0.93.1 (prev v0.93.0)
|
||||||
|
- supabase/edge-runtime:v1.69.15 (prev v1.69.14)
|
||||||
|
|
||||||
|
## 2025-10-21
|
||||||
|
- supabase/studio:2025.10.20-sha-5005fc6 (prev 2025.10.01-sha-8460121)
|
||||||
|
- supabase/realtime:v2.56.0 (prev v2.51.11)
|
||||||
|
- supabase/storage-api:v1.28.1 (prev v1.28.0)
|
||||||
|
- supabase/postgres-meta:v0.93.0 (prev v0.91.6)
|
||||||
|
- supabase/edge-runtime:v1.69.14 (prev v1.69.6)
|
||||||
|
- supabase/supavisor:2.7.3 (prev 2.7.0)
|
||||||
|
|
||||||
|
## 2025-10-13
|
||||||
|
- supabase/logflare:1.22.6 (prev 1.22.4)
|
||||||
|
|
||||||
|
## 2025-10-08
|
||||||
|
- supabase/studio:2025.10.01-sha-8460121 (prev 2025.06.30-sha-6f5982d)
|
||||||
|
- supabase/gotrue:v2.180.0 (prev v2.177.0)
|
||||||
|
- postgrest/postgrest:v13.0.7 (prev v12.2.12)
|
||||||
|
- supabase/realtime:v2.51.11 (prev v2.34.47)
|
||||||
|
- supabase/storage-api:v1.28.0 (prev v1.25.7)
|
||||||
|
- supabase/postgres-meta:v0.91.6 (prev v0.91.0)
|
||||||
|
- supabase/logflare:1.22.4 (prev 1.14.2)
|
||||||
|
- supabase/postgres:15.8.1.085 (prev 15.8.1.060)
|
||||||
|
- supabase/supavisor:2.7.0 (prev 2.5.7)
|
||||||
|
|
||||||
|
## 2025-07-15
|
||||||
|
- supabase/gotrue:v2.177.0 (prev v2.176.1)
|
||||||
|
- supabase/storage-api:v1.25.7 (prev v1.24.7)
|
||||||
|
- supabase/postgres-meta:v0.91.0 (prev v0.89.3)
|
||||||
|
- supabase/supavisor:2.5.7 (prev 2.5.6)
|
||||||
|
|
||||||
|
## 2025-07-02
|
||||||
|
- supabase/studio:2025.06.30-sha-6f5982d (prev 2025.06.02-sha-8f2993d)
|
||||||
|
- supabase/gotrue:v2.176.1 (prev v2.174.0)
|
||||||
|
- supabase/storage-api:v1.24.7 (prev v1.23.0)
|
||||||
|
- supabase/supavisor:2.5.6 (prev 2.5.1)
|
||||||
|
|
||||||
|
## 2025-06-03
|
||||||
|
- supabase/studio:2025.06.02-sha-8f2993d (prev 2025.05.19-sha-3487831)
|
||||||
|
- supabase/gotrue:v2.174.0 (prev v2.172.1)
|
||||||
|
- supabase/storage-api:v1.23.0 (prev v1.22.17)
|
||||||
|
- supabase/postgres-meta:v0.89.3 (prev v0.89.0)
|
||||||
@@ -225,6 +225,48 @@ services:
|
|||||||
allow:
|
allow:
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
|
## Block access to /api/mcp
|
||||||
|
- name: mcp-blocker
|
||||||
|
_comment: 'Block direct access to /api/mcp'
|
||||||
|
url: http://studio:3000/api/mcp
|
||||||
|
routes:
|
||||||
|
- name: mcp-blocker-route
|
||||||
|
strip_path: true
|
||||||
|
paths:
|
||||||
|
- /api/mcp
|
||||||
|
plugins:
|
||||||
|
- name: request-termination
|
||||||
|
config:
|
||||||
|
status_code: 403
|
||||||
|
message: "Access is forbidden."
|
||||||
|
|
||||||
|
## MCP endpoint - local access
|
||||||
|
- name: mcp
|
||||||
|
_comment: 'MCP: /mcp -> http://studio:3000/api/mcp (local access)'
|
||||||
|
url: http://studio:3000/api/mcp
|
||||||
|
routes:
|
||||||
|
- name: mcp
|
||||||
|
strip_path: true
|
||||||
|
paths:
|
||||||
|
- /mcp
|
||||||
|
plugins:
|
||||||
|
# Block access to /mcp by default
|
||||||
|
- name: request-termination
|
||||||
|
config:
|
||||||
|
status_code: 403
|
||||||
|
message: "Access is forbidden."
|
||||||
|
# Enable local access (danger zone!)
|
||||||
|
# 1. Comment out the 'request-termination' section above
|
||||||
|
# 2. Uncomment the entire section below, including 'deny'
|
||||||
|
# 3. Add your local IPs to the 'allow' list
|
||||||
|
#- name: cors
|
||||||
|
#- name: ip-restriction
|
||||||
|
# config:
|
||||||
|
# allow:
|
||||||
|
# - 127.0.0.1
|
||||||
|
# - ::1
|
||||||
|
# deny: []
|
||||||
|
|
||||||
## Protected Dashboard - catch all remaining routes
|
## Protected Dashboard - catch all remaining routes
|
||||||
- name: dashboard
|
- name: dashboard
|
||||||
_comment: 'Studio: /* -> http://studio:3000/*'
|
_comment: 'Studio: /* -> http://studio:3000/*'
|
||||||
|
|||||||
@@ -33,9 +33,9 @@ transforms:
|
|||||||
kong: '.appname == "supabase-kong"'
|
kong: '.appname == "supabase-kong"'
|
||||||
auth: '.appname == "supabase-auth"'
|
auth: '.appname == "supabase-auth"'
|
||||||
rest: '.appname == "supabase-rest"'
|
rest: '.appname == "supabase-rest"'
|
||||||
realtime: '.appname == "supabase-realtime"'
|
realtime: '.appname == "realtime-dev.supabase-realtime"'
|
||||||
storage: '.appname == "supabase-storage"'
|
storage: '.appname == "supabase-storage"'
|
||||||
functions: '.appname == "supabase-functions"'
|
functions: '.appname == "supabase-edge-functions"'
|
||||||
db: '.appname == "supabase-db"'
|
db: '.appname == "supabase-db"'
|
||||||
# Ignores non nginx errors since they are related with kong booting up
|
# Ignores non nginx errors since they are related with kong booting up
|
||||||
kong_logs:
|
kong_logs:
|
||||||
@@ -117,6 +117,13 @@ transforms:
|
|||||||
.event_message = parsed.msg
|
.event_message = parsed.msg
|
||||||
.metadata.level = parsed.level
|
.metadata.level = parsed.level
|
||||||
}
|
}
|
||||||
|
# Function logs are unstructured messages on stderr
|
||||||
|
functions_logs:
|
||||||
|
type: remap
|
||||||
|
inputs:
|
||||||
|
- router.functions
|
||||||
|
source: |-
|
||||||
|
.metadata.project_ref = del(.project)
|
||||||
# Storage logs may contain json objects so we parse them for completeness
|
# Storage logs may contain json objects so we parse them for completeness
|
||||||
storage_logs:
|
storage_logs:
|
||||||
type: remap
|
type: remap
|
||||||
@@ -210,7 +217,7 @@ sinks:
|
|||||||
logflare_functions:
|
logflare_functions:
|
||||||
type: 'http'
|
type: 'http'
|
||||||
inputs:
|
inputs:
|
||||||
- router.functions
|
- functions_logs
|
||||||
encoding:
|
encoding:
|
||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
|
|||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
import utils from "../utils.js";
|
import utils from "../utils.js";
|
||||||
|
|
||||||
await utils.cloneOrPullRepo({ repo: "https://github.com/supabase/supabase" });
|
await utils.cloneOrPullRepo({ repo: "https://github.com/supabase/supabase", branch: "master" });
|
||||||
await utils.copyDir("./repo/docker", "./code");
|
await utils.copyDir("./repo/docker", "./code");
|
||||||
|
|
||||||
await utils.removeContainerNames("./code/docker-compose.yml");
|
await utils.removeContainerNames("./code/docker-compose.yml");
|
||||||
|
|||||||
Reference in New Issue
Block a user