Compare commits
8 Commits
29-12-2025
...
09-03-2026
| Author | SHA1 | Date | |
|---|---|---|---|
| 34f81ffc2f | |||
| c8467d2d11 | |||
| 8f226ea714 | |||
| 8c845ec4aa | |||
| 0381268589 | |||
| 527c097c61 | |||
| 61e436a151 | |||
| 988bcb7223 |
@@ -100,6 +100,7 @@ _APP_FUNCTIONS_MEMORY_SWAP=0
|
|||||||
_APP_FUNCTIONS_RUNTIMES=node-16.0,php-8.0,python-3.9,ruby-3.0
|
_APP_FUNCTIONS_RUNTIMES=node-16.0,php-8.0,python-3.9,ruby-3.0
|
||||||
_APP_EXECUTOR_SECRET=your-secret-key
|
_APP_EXECUTOR_SECRET=your-secret-key
|
||||||
_APP_EXECUTOR_HOST=http://exc1/v1
|
_APP_EXECUTOR_HOST=http://exc1/v1
|
||||||
|
_APP_BROWSER_HOST=http://appwrite-browser:3000/v1
|
||||||
_APP_EXECUTOR_RUNTIME_NETWORK=appwrite_runtimes
|
_APP_EXECUTOR_RUNTIME_NETWORK=appwrite_runtimes
|
||||||
_APP_FUNCTIONS_ENVS=node-16.0,php-7.4,python-3.9,ruby-3.0
|
_APP_FUNCTIONS_ENVS=node-16.0,php-7.4,python-3.9,ruby-3.0
|
||||||
_APP_FUNCTIONS_INACTIVE_THRESHOLD=60
|
_APP_FUNCTIONS_INACTIVE_THRESHOLD=60
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ services:
|
|||||||
- appwrite
|
- appwrite
|
||||||
|
|
||||||
appwrite:
|
appwrite:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
@@ -166,7 +166,7 @@ services:
|
|||||||
- _APP_ASSISTANT_OPENAI_API_KEY
|
- _APP_ASSISTANT_OPENAI_API_KEY
|
||||||
appwrite-console:
|
appwrite-console:
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
image: appwrite/console:7.4.7
|
image: appwrite/console:7.5.7
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- appwrite
|
- appwrite
|
||||||
@@ -186,7 +186,7 @@ services:
|
|||||||
- traefik.http.routers.appwrite_console_https.tls=true
|
- traefik.http.routers.appwrite_console_https.tls=true
|
||||||
|
|
||||||
appwrite-realtime:
|
appwrite-realtime:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: realtime
|
entrypoint: realtime
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -228,7 +228,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-audits:
|
appwrite-worker-audits:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-audits
|
entrypoint: worker-audits
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -253,7 +253,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-webhooks:
|
appwrite-worker-webhooks:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-webhooks
|
entrypoint: worker-webhooks
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -280,7 +280,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-deletes:
|
appwrite-worker-deletes:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-deletes
|
entrypoint: worker-deletes
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -342,7 +342,7 @@ services:
|
|||||||
- _APP_EMAIL_CERTIFICATES
|
- _APP_EMAIL_CERTIFICATES
|
||||||
|
|
||||||
appwrite-worker-databases:
|
appwrite-worker-databases:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-databases
|
entrypoint: worker-databases
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -367,7 +367,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-builds:
|
appwrite-worker-builds:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-builds
|
entrypoint: worker-builds
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -434,7 +434,7 @@ services:
|
|||||||
- _APP_DOMAIN_SITES
|
- _APP_DOMAIN_SITES
|
||||||
|
|
||||||
appwrite-worker-certificates:
|
appwrite-worker-certificates:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-certificates
|
entrypoint: worker-certificates
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -470,7 +470,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-functions:
|
appwrite-worker-functions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-functions
|
entrypoint: worker-functions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -508,7 +508,7 @@ services:
|
|||||||
- _APP_LOGGING_CONFIG
|
- _APP_LOGGING_CONFIG
|
||||||
|
|
||||||
appwrite-worker-mails:
|
appwrite-worker-mails:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-mails
|
entrypoint: worker-mails
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -541,7 +541,7 @@ services:
|
|||||||
- _APP_OPTIONS_FORCE_HTTPS
|
- _APP_OPTIONS_FORCE_HTTPS
|
||||||
|
|
||||||
appwrite-worker-messaging:
|
appwrite-worker-messaging:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-messaging
|
entrypoint: worker-messaging
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -591,7 +591,7 @@ services:
|
|||||||
- _APP_STORAGE_WASABI_BUCKET
|
- _APP_STORAGE_WASABI_BUCKET
|
||||||
|
|
||||||
appwrite-worker-migrations:
|
appwrite-worker-migrations:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-migrations
|
entrypoint: worker-migrations
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -626,7 +626,7 @@ services:
|
|||||||
- _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET
|
- _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET
|
||||||
|
|
||||||
appwrite-task-maintenance:
|
appwrite-task-maintenance:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: maintenance
|
entrypoint: maintenance
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -664,7 +664,7 @@ services:
|
|||||||
- _APP_MAINTENANCE_RETENTION_SCHEDULES
|
- _APP_MAINTENANCE_RETENTION_SCHEDULES
|
||||||
|
|
||||||
appwrite-task-stats-resources:
|
appwrite-task-stats-resources:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: stats-resources
|
entrypoint: stats-resources
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -692,7 +692,7 @@ services:
|
|||||||
- _APP_STATS_RESOURCES_INTERVAL
|
- _APP_STATS_RESOURCES_INTERVAL
|
||||||
|
|
||||||
appwrite-worker-stats-resources:
|
appwrite-worker-stats-resources:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-stats-resources
|
entrypoint: worker-stats-resources
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -719,7 +719,7 @@ services:
|
|||||||
- _APP_STATS_RESOURCES_INTERVAL
|
- _APP_STATS_RESOURCES_INTERVAL
|
||||||
|
|
||||||
appwrite-worker-stats-usage:
|
appwrite-worker-stats-usage:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: worker-stats-usage
|
entrypoint: worker-stats-usage
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -746,7 +746,7 @@ services:
|
|||||||
- _APP_USAGE_AGGREGATION_INTERVAL
|
- _APP_USAGE_AGGREGATION_INTERVAL
|
||||||
|
|
||||||
appwrite-task-scheduler-functions:
|
appwrite-task-scheduler-functions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-functions
|
entrypoint: schedule-functions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -770,7 +770,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-task-scheduler-executions:
|
appwrite-task-scheduler-executions:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-executions
|
entrypoint: schedule-executions
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -794,7 +794,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-task-scheduler-messages:
|
appwrite-task-scheduler-messages:
|
||||||
image: appwrite/appwrite:1.8.0
|
image: appwrite/appwrite:1.8.1
|
||||||
entrypoint: schedule-messages
|
entrypoint: schedule-messages
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -818,7 +818,7 @@ services:
|
|||||||
- _APP_DB_PASS
|
- _APP_DB_PASS
|
||||||
|
|
||||||
appwrite-assistant:
|
appwrite-assistant:
|
||||||
image: appwrite/assistant:0.8.3
|
image: appwrite/assistant:0.8.4
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
@@ -827,7 +827,7 @@ services:
|
|||||||
- _APP_ASSISTANT_OPENAI_API_KEY
|
- _APP_ASSISTANT_OPENAI_API_KEY
|
||||||
|
|
||||||
appwrite-browser:
|
appwrite-browser:
|
||||||
image: appwrite/browser:0.2.4
|
image: appwrite/browser:0.3.2
|
||||||
<<: *x-logging
|
<<: *x-logging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -1,5 +0,0 @@
|
|||||||
# Dify
|
|
||||||
|
|
||||||
- copied from https://github.com/langgenius/dify
|
|
||||||
- removed `container_name`
|
|
||||||
- removed `ports`
|
|
||||||
+76
-10
@@ -58,10 +58,13 @@ FILES_URL=
|
|||||||
INTERNAL_FILES_URL=
|
INTERNAL_FILES_URL=
|
||||||
|
|
||||||
# Ensure UTF-8 encoding
|
# Ensure UTF-8 encoding
|
||||||
LANG=en_US.UTF-8
|
LANG=C.UTF-8
|
||||||
LC_ALL=en_US.UTF-8
|
LC_ALL=C.UTF-8
|
||||||
PYTHONIOENCODING=utf-8
|
PYTHONIOENCODING=utf-8
|
||||||
|
|
||||||
|
# Set UV cache directory to avoid permission issues with non-existent home directory
|
||||||
|
UV_CACHE_DIR=/tmp/.uv-cache
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# Server Configuration
|
# Server Configuration
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
@@ -69,6 +72,8 @@ PYTHONIOENCODING=utf-8
|
|||||||
# The log level for the application.
|
# The log level for the application.
|
||||||
# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
|
# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
|
||||||
LOG_LEVEL=INFO
|
LOG_LEVEL=INFO
|
||||||
|
# Log output format: text or json
|
||||||
|
LOG_OUTPUT_FORMAT=text
|
||||||
# Log file path
|
# Log file path
|
||||||
LOG_FILE=/app/logs/server.log
|
LOG_FILE=/app/logs/server.log
|
||||||
# Log file max size, the unit is MB
|
# Log file max size, the unit is MB
|
||||||
@@ -231,7 +236,7 @@ NEXT_PUBLIC_ENABLE_SINGLE_DOLLAR_LATEX=false
|
|||||||
# You can adjust the database configuration according to your needs.
|
# You can adjust the database configuration according to your needs.
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|
||||||
# Database type, supported values are `postgresql` and `mysql`
|
# Database type, supported values are `postgresql`, `mysql`, `oceanbase`, `seekdb`
|
||||||
DB_TYPE=postgresql
|
DB_TYPE=postgresql
|
||||||
# For MySQL, only `root` user is supported for now
|
# For MySQL, only `root` user is supported for now
|
||||||
DB_USERNAME=postgres
|
DB_USERNAME=postgres
|
||||||
@@ -344,6 +349,9 @@ REDIS_SSL_CERTFILE=
|
|||||||
REDIS_SSL_KEYFILE=
|
REDIS_SSL_KEYFILE=
|
||||||
# Path to client private key file for SSL authentication
|
# Path to client private key file for SSL authentication
|
||||||
REDIS_DB=0
|
REDIS_DB=0
|
||||||
|
# Optional: limit total Redis connections used by API/Worker (unset for default)
|
||||||
|
# Align with API's REDIS_MAX_CONNECTIONS in configs
|
||||||
|
REDIS_MAX_CONNECTIONS=
|
||||||
|
|
||||||
# Whether to use Redis Sentinel mode.
|
# Whether to use Redis Sentinel mode.
|
||||||
# If set to true, the application will automatically discover and connect to the master node through Sentinel.
|
# If set to true, the application will automatically discover and connect to the master node through Sentinel.
|
||||||
@@ -382,6 +390,8 @@ CELERY_USE_SENTINEL=false
|
|||||||
CELERY_SENTINEL_MASTER_NAME=
|
CELERY_SENTINEL_MASTER_NAME=
|
||||||
CELERY_SENTINEL_PASSWORD=
|
CELERY_SENTINEL_PASSWORD=
|
||||||
CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
|
CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
|
||||||
|
# e.g. {"tasks.add": {"rate_limit": "10/s"}}
|
||||||
|
CELERY_TASK_ANNOTATIONS=null
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# CORS Configuration
|
# CORS Configuration
|
||||||
@@ -395,7 +405,7 @@ WEB_API_CORS_ALLOW_ORIGINS=*
|
|||||||
# Specifies the allowed origins for cross-origin requests to the console API,
|
# Specifies the allowed origins for cross-origin requests to the console API,
|
||||||
# e.g. https://cloud.dify.ai or * for all origins.
|
# e.g. https://cloud.dify.ai or * for all origins.
|
||||||
CONSOLE_CORS_ALLOW_ORIGINS=*
|
CONSOLE_CORS_ALLOW_ORIGINS=*
|
||||||
# When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the site’s top-level domain (e.g., `example.com`). Leading dots are optional.
|
# When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the site's top-level domain (e.g., `example.com`). Leading dots are optional.
|
||||||
COOKIE_DOMAIN=
|
COOKIE_DOMAIN=
|
||||||
# When the frontend and backend run on different subdomains, set NEXT_PUBLIC_COOKIE_DOMAIN=1.
|
# When the frontend and backend run on different subdomains, set NEXT_PUBLIC_COOKIE_DOMAIN=1.
|
||||||
NEXT_PUBLIC_COOKIE_DOMAIN=
|
NEXT_PUBLIC_COOKIE_DOMAIN=
|
||||||
@@ -447,6 +457,15 @@ S3_SECRET_KEY=
|
|||||||
# If set to false, the access key and secret key must be provided.
|
# If set to false, the access key and secret key must be provided.
|
||||||
S3_USE_AWS_MANAGED_IAM=false
|
S3_USE_AWS_MANAGED_IAM=false
|
||||||
|
|
||||||
|
# Workflow run and Conversation archive storage (S3-compatible)
|
||||||
|
ARCHIVE_STORAGE_ENABLED=false
|
||||||
|
ARCHIVE_STORAGE_ENDPOINT=
|
||||||
|
ARCHIVE_STORAGE_ARCHIVE_BUCKET=
|
||||||
|
ARCHIVE_STORAGE_EXPORT_BUCKET=
|
||||||
|
ARCHIVE_STORAGE_ACCESS_KEY=
|
||||||
|
ARCHIVE_STORAGE_SECRET_KEY=
|
||||||
|
ARCHIVE_STORAGE_REGION=auto
|
||||||
|
|
||||||
# Azure Blob Configuration
|
# Azure Blob Configuration
|
||||||
#
|
#
|
||||||
AZURE_BLOB_ACCOUNT_NAME=difyai
|
AZURE_BLOB_ACCOUNT_NAME=difyai
|
||||||
@@ -522,7 +541,7 @@ SUPABASE_URL=your-server-url
|
|||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|
||||||
# The type of vector store to use.
|
# The type of vector store to use.
|
||||||
# Supported values are `weaviate`, `oceanbase`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `opengauss`, `tablestore`,`vastbase`,`tidb`,`tidb_on_qdrant`,`baidu`,`lindorm`,`huawei_cloud`,`upstash`, `matrixone`, `clickzetta`, `alibabacloud_mysql`, `iris`.
|
# Supported values are `weaviate`, `oceanbase`, `seekdb`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `opengauss`, `tablestore`, `vastbase`, `tidb`, `tidb_on_qdrant`, `baidu`, `lindorm`, `huawei_cloud`, `upstash`, `matrixone`, `clickzetta`, `alibabacloud_mysql`, `iris`.
|
||||||
VECTOR_STORE=weaviate
|
VECTOR_STORE=weaviate
|
||||||
# Prefix used to create collection name in vector database
|
# Prefix used to create collection name in vector database
|
||||||
VECTOR_INDEX_NAME_PREFIX=Vector_index
|
VECTOR_INDEX_NAME_PREFIX=Vector_index
|
||||||
@@ -533,9 +552,9 @@ WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
|
|||||||
WEAVIATE_GRPC_ENDPOINT=grpc://weaviate:50051
|
WEAVIATE_GRPC_ENDPOINT=grpc://weaviate:50051
|
||||||
WEAVIATE_TOKENIZATION=word
|
WEAVIATE_TOKENIZATION=word
|
||||||
|
|
||||||
# For OceanBase metadata database configuration, available when `DB_TYPE` is `mysql` and `COMPOSE_PROFILES` includes `oceanbase`.
|
# For OceanBase metadata database configuration, available when `DB_TYPE` is `oceanbase`.
|
||||||
# For OceanBase vector database configuration, available when `VECTOR_STORE` is `oceanbase`
|
# For OceanBase vector database configuration, available when `VECTOR_STORE` is `oceanbase`
|
||||||
# If you want to use OceanBase as both vector database and metadata database, you need to set `DB_TYPE` to `mysql`, `COMPOSE_PROFILES` is `oceanbase`, and set Database Configuration is the same as the vector database.
|
# If you want to use OceanBase as both vector database and metadata database, you need to set both `DB_TYPE` and `VECTOR_STORE` to `oceanbase`, and set Database Configuration is the same as the vector database.
|
||||||
# seekdb is the lite version of OceanBase and shares the connection configuration with OceanBase.
|
# seekdb is the lite version of OceanBase and shares the connection configuration with OceanBase.
|
||||||
OCEANBASE_VECTOR_HOST=oceanbase
|
OCEANBASE_VECTOR_HOST=oceanbase
|
||||||
OCEANBASE_VECTOR_PORT=2881
|
OCEANBASE_VECTOR_PORT=2881
|
||||||
@@ -957,6 +976,8 @@ SMTP_USERNAME=
|
|||||||
SMTP_PASSWORD=
|
SMTP_PASSWORD=
|
||||||
SMTP_USE_TLS=true
|
SMTP_USE_TLS=true
|
||||||
SMTP_OPPORTUNISTIC_TLS=false
|
SMTP_OPPORTUNISTIC_TLS=false
|
||||||
|
# Optional: override the local hostname used for SMTP HELO/EHLO
|
||||||
|
SMTP_LOCAL_HOSTNAME=
|
||||||
|
|
||||||
# Sendgid configuration
|
# Sendgid configuration
|
||||||
SENDGRID_API_KEY=
|
SENDGRID_API_KEY=
|
||||||
@@ -1026,18 +1047,26 @@ WORKFLOW_NODE_EXECUTION_STORAGE=rdbms
|
|||||||
# Options:
|
# Options:
|
||||||
# - core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository (default)
|
# - core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository (default)
|
||||||
# - core.repositories.celery_workflow_execution_repository.CeleryWorkflowExecutionRepository
|
# - core.repositories.celery_workflow_execution_repository.CeleryWorkflowExecutionRepository
|
||||||
|
# - extensions.logstore.repositories.logstore_workflow_execution_repository.LogstoreWorkflowExecutionRepository
|
||||||
CORE_WORKFLOW_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository
|
CORE_WORKFLOW_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_execution_repository.SQLAlchemyWorkflowExecutionRepository
|
||||||
|
|
||||||
# Core workflow node execution repository implementation
|
# Core workflow node execution repository implementation
|
||||||
# Options:
|
# Options:
|
||||||
# - core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository (default)
|
# - core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository (default)
|
||||||
# - core.repositories.celery_workflow_node_execution_repository.CeleryWorkflowNodeExecutionRepository
|
# - core.repositories.celery_workflow_node_execution_repository.CeleryWorkflowNodeExecutionRepository
|
||||||
|
# - extensions.logstore.repositories.logstore_workflow_node_execution_repository.LogstoreWorkflowNodeExecutionRepository
|
||||||
CORE_WORKFLOW_NODE_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository
|
CORE_WORKFLOW_NODE_EXECUTION_REPOSITORY=core.repositories.sqlalchemy_workflow_node_execution_repository.SQLAlchemyWorkflowNodeExecutionRepository
|
||||||
|
|
||||||
# API workflow run repository implementation
|
# API workflow run repository implementation
|
||||||
|
# Options:
|
||||||
|
# - repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository (default)
|
||||||
|
# - extensions.logstore.repositories.logstore_api_workflow_run_repository.LogstoreAPIWorkflowRunRepository
|
||||||
API_WORKFLOW_RUN_REPOSITORY=repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository
|
API_WORKFLOW_RUN_REPOSITORY=repositories.sqlalchemy_api_workflow_run_repository.DifyAPISQLAlchemyWorkflowRunRepository
|
||||||
|
|
||||||
# API workflow node execution repository implementation
|
# API workflow node execution repository implementation
|
||||||
|
# Options:
|
||||||
|
# - repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository (default)
|
||||||
|
# - extensions.logstore.repositories.logstore_api_workflow_node_execution_repository.LogstoreAPIWorkflowNodeExecutionRepository
|
||||||
API_WORKFLOW_NODE_EXECUTION_REPOSITORY=repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository
|
API_WORKFLOW_NODE_EXECUTION_REPOSITORY=repositories.sqlalchemy_api_workflow_node_execution_repository.DifyAPISQLAlchemyWorkflowNodeExecutionRepository
|
||||||
|
|
||||||
# Workflow log cleanup configuration
|
# Workflow log cleanup configuration
|
||||||
@@ -1047,6 +1076,8 @@ WORKFLOW_LOG_CLEANUP_ENABLED=false
|
|||||||
WORKFLOW_LOG_RETENTION_DAYS=30
|
WORKFLOW_LOG_RETENTION_DAYS=30
|
||||||
# Batch size for workflow log cleanup operations (default: 100)
|
# Batch size for workflow log cleanup operations (default: 100)
|
||||||
WORKFLOW_LOG_CLEANUP_BATCH_SIZE=100
|
WORKFLOW_LOG_CLEANUP_BATCH_SIZE=100
|
||||||
|
# Comma-separated list of workflow IDs to clean logs for
|
||||||
|
WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS=
|
||||||
|
|
||||||
# Aliyun SLS Logstore Configuration
|
# Aliyun SLS Logstore Configuration
|
||||||
# Aliyun Access Key ID
|
# Aliyun Access Key ID
|
||||||
@@ -1059,13 +1090,17 @@ ALIYUN_SLS_ENDPOINT=
|
|||||||
ALIYUN_SLS_REGION=
|
ALIYUN_SLS_REGION=
|
||||||
# Aliyun SLS Project Name
|
# Aliyun SLS Project Name
|
||||||
ALIYUN_SLS_PROJECT_NAME=
|
ALIYUN_SLS_PROJECT_NAME=
|
||||||
# Number of days to retain workflow run logs (default: 365 days, 3650 for permanent storage)
|
# Number of days to retain workflow run logs (default: 365 days, 3650 for permanent storage)
|
||||||
ALIYUN_SLS_LOGSTORE_TTL=365
|
ALIYUN_SLS_LOGSTORE_TTL=365
|
||||||
# Enable dual-write to both SLS LogStore and SQL database (default: false)
|
# Enable dual-write to both SLS LogStore and SQL database (default: false)
|
||||||
LOGSTORE_DUAL_WRITE_ENABLED=false
|
LOGSTORE_DUAL_WRITE_ENABLED=false
|
||||||
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
||||||
# Useful for migration scenarios where historical data exists only in SQL database
|
# Useful for migration scenarios where historical data exists only in SQL database
|
||||||
LOGSTORE_DUAL_READ_ENABLED=true
|
LOGSTORE_DUAL_READ_ENABLED=true
|
||||||
|
# Control flag for whether to write the `graph` field to LogStore.
|
||||||
|
# If LOGSTORE_ENABLE_PUT_GRAPH_FIELD is "true", write the full `graph` field;
|
||||||
|
# otherwise write an empty {} instead. Defaults to writing the `graph` field.
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD=true
|
||||||
|
|
||||||
# HTTP request node in workflow configuration
|
# HTTP request node in workflow configuration
|
||||||
HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
|
HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
|
||||||
@@ -1350,6 +1385,7 @@ PLUGIN_DAEMON_PORT=5002
|
|||||||
PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
|
PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
|
||||||
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
|
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
|
||||||
PLUGIN_MAX_PACKAGE_SIZE=52428800
|
PLUGIN_MAX_PACKAGE_SIZE=52428800
|
||||||
|
PLUGIN_MODEL_SCHEMA_CACHE_TTL=3600
|
||||||
PLUGIN_PPROF_ENABLED=false
|
PLUGIN_PPROF_ENABLED=false
|
||||||
|
|
||||||
PLUGIN_DEBUGGING_HOST=0.0.0.0
|
PLUGIN_DEBUGGING_HOST=0.0.0.0
|
||||||
@@ -1373,9 +1409,9 @@ PLUGIN_STDIO_BUFFER_SIZE=1024
|
|||||||
PLUGIN_STDIO_MAX_BUFFER_SIZE=5242880
|
PLUGIN_STDIO_MAX_BUFFER_SIZE=5242880
|
||||||
|
|
||||||
PLUGIN_PYTHON_ENV_INIT_TIMEOUT=120
|
PLUGIN_PYTHON_ENV_INIT_TIMEOUT=120
|
||||||
# Plugin Daemon side timeout (configure to match the API side below)
|
# Plugin Daemon side timeout (configure to match the API side below)
|
||||||
PLUGIN_MAX_EXECUTION_TIMEOUT=600
|
PLUGIN_MAX_EXECUTION_TIMEOUT=600
|
||||||
# API side timeout (configure to match the Plugin Daemon side above)
|
# API side timeout (configure to match the Plugin Daemon side above)
|
||||||
PLUGIN_DAEMON_TIMEOUT=600.0
|
PLUGIN_DAEMON_TIMEOUT=600.0
|
||||||
# PIP_MIRROR_URL=https://pypi.tuna.tsinghua.edu.cn/simple
|
# PIP_MIRROR_URL=https://pypi.tuna.tsinghua.edu.cn/simple
|
||||||
PIP_MIRROR_URL=
|
PIP_MIRROR_URL=
|
||||||
@@ -1463,6 +1499,7 @@ ENABLE_CLEAN_UNUSED_DATASETS_TASK=false
|
|||||||
ENABLE_CREATE_TIDB_SERVERLESS_TASK=false
|
ENABLE_CREATE_TIDB_SERVERLESS_TASK=false
|
||||||
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK=false
|
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK=false
|
||||||
ENABLE_CLEAN_MESSAGES=false
|
ENABLE_CLEAN_MESSAGES=false
|
||||||
|
ENABLE_WORKFLOW_RUN_CLEANUP_TASK=false
|
||||||
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK=false
|
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK=false
|
||||||
ENABLE_DATASETS_QUEUE_MONITOR=false
|
ENABLE_DATASETS_QUEUE_MONITOR=false
|
||||||
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK=true
|
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK=true
|
||||||
@@ -1491,4 +1528,33 @@ AMPLITUDE_API_KEY=
|
|||||||
# Sandbox expired records clean configuration
|
# Sandbox expired records clean configuration
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD=21
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE=1000
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL=200
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS=30
|
||||||
|
|
||||||
|
|
||||||
|
# Redis URL used for PubSub between API and
|
||||||
|
# celery worker
|
||||||
|
# defaults to url constructed from `REDIS_*`
|
||||||
|
# configurations
|
||||||
|
PUBSUB_REDIS_URL=
|
||||||
|
# Pub/sub channel type for streaming events.
|
||||||
|
# valid options are:
|
||||||
|
#
|
||||||
|
# - pubsub: for normal Pub/Sub
|
||||||
|
# - sharded: for sharded Pub/Sub
|
||||||
|
#
|
||||||
|
# It's highly recommended to use sharded Pub/Sub AND redis cluster
|
||||||
|
# for large deployments.
|
||||||
|
PUBSUB_REDIS_CHANNEL_TYPE=pubsub
|
||||||
|
# Whether to use Redis cluster mode while running
|
||||||
|
# PubSub.
|
||||||
|
# It's highly recommended to enable this for large deployments.
|
||||||
|
PUBSUB_REDIS_USE_CLUSTERS=false
|
||||||
|
|
||||||
|
# Whether to Enable human input timeout check task
|
||||||
|
ENABLE_HUMAN_INPUT_TIMEOUT_TASK=true
|
||||||
|
# Human input timeout check interval in minutes
|
||||||
|
HUMAN_INPUT_TIMEOUT_TASK_INTERVAL=1
|
||||||
|
|
||||||
|
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL=90000
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -63,7 +63,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -102,7 +102,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -132,7 +132,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.11.2
|
image: langgenius/dify-web:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -149,7 +149,6 @@ services:
|
|||||||
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
||||||
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
||||||
PM2_INSTANCES: ${PM2_INSTANCES:-2}
|
|
||||||
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
||||||
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
||||||
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
||||||
@@ -270,7 +269,7 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -475,7 +474,8 @@ services:
|
|||||||
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
||||||
OB_SERVER_IP: 127.0.0.1
|
OB_SERVER_IP: 127.0.0.1
|
||||||
MODE: mini
|
MODE: mini
|
||||||
LANG: en_US.UTF-8
|
LANG: C.UTF-8
|
||||||
|
LC_ALL: C.UTF-8
|
||||||
ports:
|
ports:
|
||||||
- "${OCEANBASE_VECTOR_PORT:-2881}:2881"
|
- "${OCEANBASE_VECTOR_PORT:-2881}:2881"
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -661,13 +661,14 @@ services:
|
|||||||
- "${IRIS_SUPER_SERVER_PORT:-1972}:1972"
|
- "${IRIS_SUPER_SERVER_PORT:-1972}:1972"
|
||||||
- "${IRIS_WEB_SERVER_PORT:-52773}:52773"
|
- "${IRIS_WEB_SERVER_PORT:-52773}:52773"
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/iris:/opt/iris
|
- ./volumes/iris:/durable
|
||||||
- ./iris/iris-init.script:/iris-init.script
|
- ./iris/iris-init.script:/iris-init.script
|
||||||
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
||||||
entrypoint: ["/custom-entrypoint.sh"]
|
entrypoint: ["/custom-entrypoint.sh"]
|
||||||
tty: true
|
tty: true
|
||||||
environment:
|
environment:
|
||||||
TZ: ${IRIS_TIMEZONE:-UTC}
|
TZ: ${IRIS_TIMEZONE:-UTC}
|
||||||
|
ISC_DATA_DIRECTORY: /durable/iris
|
||||||
|
|
||||||
# Oracle vector database
|
# Oracle vector database
|
||||||
oracle:
|
oracle:
|
||||||
|
|||||||
@@ -123,12 +123,13 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
env_file:
|
env_file:
|
||||||
- ./middleware.env
|
- ./middleware.env
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
|
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
||||||
DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin}
|
DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin}
|
||||||
REDIS_HOST: ${REDIS_HOST:-redis}
|
REDIS_HOST: ${REDIS_HOST:-redis}
|
||||||
REDIS_PORT: ${REDIS_PORT:-6379}
|
REDIS_PORT: ${REDIS_PORT:-6379}
|
||||||
|
|||||||
@@ -13,10 +13,12 @@ x-shared-env: &shared-api-worker-env
|
|||||||
APP_WEB_URL: ${APP_WEB_URL:-}
|
APP_WEB_URL: ${APP_WEB_URL:-}
|
||||||
FILES_URL: ${FILES_URL:-}
|
FILES_URL: ${FILES_URL:-}
|
||||||
INTERNAL_FILES_URL: ${INTERNAL_FILES_URL:-}
|
INTERNAL_FILES_URL: ${INTERNAL_FILES_URL:-}
|
||||||
LANG: ${LANG:-en_US.UTF-8}
|
LANG: ${LANG:-C.UTF-8}
|
||||||
LC_ALL: ${LC_ALL:-en_US.UTF-8}
|
LC_ALL: ${LC_ALL:-C.UTF-8}
|
||||||
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
PYTHONIOENCODING: ${PYTHONIOENCODING:-utf-8}
|
||||||
|
UV_CACHE_DIR: ${UV_CACHE_DIR:-/tmp/.uv-cache}
|
||||||
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
||||||
|
LOG_OUTPUT_FORMAT: ${LOG_OUTPUT_FORMAT:-text}
|
||||||
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
|
||||||
LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
|
LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
|
||||||
LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
|
LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
|
||||||
@@ -88,6 +90,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
REDIS_SSL_CERTFILE: ${REDIS_SSL_CERTFILE:-}
|
REDIS_SSL_CERTFILE: ${REDIS_SSL_CERTFILE:-}
|
||||||
REDIS_SSL_KEYFILE: ${REDIS_SSL_KEYFILE:-}
|
REDIS_SSL_KEYFILE: ${REDIS_SSL_KEYFILE:-}
|
||||||
REDIS_DB: ${REDIS_DB:-0}
|
REDIS_DB: ${REDIS_DB:-0}
|
||||||
|
REDIS_MAX_CONNECTIONS: ${REDIS_MAX_CONNECTIONS:-}
|
||||||
REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
|
REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
|
||||||
REDIS_SENTINELS: ${REDIS_SENTINELS:-}
|
REDIS_SENTINELS: ${REDIS_SENTINELS:-}
|
||||||
REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
|
REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
|
||||||
@@ -104,6 +107,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
|
CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
|
||||||
CELERY_SENTINEL_PASSWORD: ${CELERY_SENTINEL_PASSWORD:-}
|
CELERY_SENTINEL_PASSWORD: ${CELERY_SENTINEL_PASSWORD:-}
|
||||||
CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
|
CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
|
||||||
|
CELERY_TASK_ANNOTATIONS: ${CELERY_TASK_ANNOTATIONS:-null}
|
||||||
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
|
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
|
||||||
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
|
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
|
||||||
COOKIE_DOMAIN: ${COOKIE_DOMAIN:-}
|
COOKIE_DOMAIN: ${COOKIE_DOMAIN:-}
|
||||||
@@ -122,6 +126,13 @@ x-shared-env: &shared-api-worker-env
|
|||||||
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
|
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
|
||||||
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
|
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
|
||||||
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
|
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
|
||||||
|
ARCHIVE_STORAGE_ENABLED: ${ARCHIVE_STORAGE_ENABLED:-false}
|
||||||
|
ARCHIVE_STORAGE_ENDPOINT: ${ARCHIVE_STORAGE_ENDPOINT:-}
|
||||||
|
ARCHIVE_STORAGE_ARCHIVE_BUCKET: ${ARCHIVE_STORAGE_ARCHIVE_BUCKET:-}
|
||||||
|
ARCHIVE_STORAGE_EXPORT_BUCKET: ${ARCHIVE_STORAGE_EXPORT_BUCKET:-}
|
||||||
|
ARCHIVE_STORAGE_ACCESS_KEY: ${ARCHIVE_STORAGE_ACCESS_KEY:-}
|
||||||
|
ARCHIVE_STORAGE_SECRET_KEY: ${ARCHIVE_STORAGE_SECRET_KEY:-}
|
||||||
|
ARCHIVE_STORAGE_REGION: ${ARCHIVE_STORAGE_REGION:-auto}
|
||||||
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
|
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
|
||||||
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
|
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
|
||||||
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
|
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
|
||||||
@@ -417,6 +428,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
|
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
|
||||||
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
|
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
|
||||||
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
|
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
|
||||||
|
SMTP_LOCAL_HOSTNAME: ${SMTP_LOCAL_HOSTNAME:-}
|
||||||
SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
|
SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
|
||||||
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
|
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
|
||||||
@@ -459,6 +471,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
WORKFLOW_LOG_CLEANUP_ENABLED: ${WORKFLOW_LOG_CLEANUP_ENABLED:-false}
|
WORKFLOW_LOG_CLEANUP_ENABLED: ${WORKFLOW_LOG_CLEANUP_ENABLED:-false}
|
||||||
WORKFLOW_LOG_RETENTION_DAYS: ${WORKFLOW_LOG_RETENTION_DAYS:-30}
|
WORKFLOW_LOG_RETENTION_DAYS: ${WORKFLOW_LOG_RETENTION_DAYS:-30}
|
||||||
WORKFLOW_LOG_CLEANUP_BATCH_SIZE: ${WORKFLOW_LOG_CLEANUP_BATCH_SIZE:-100}
|
WORKFLOW_LOG_CLEANUP_BATCH_SIZE: ${WORKFLOW_LOG_CLEANUP_BATCH_SIZE:-100}
|
||||||
|
WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS: ${WORKFLOW_LOG_CLEANUP_SPECIFIC_WORKFLOW_IDS:-}
|
||||||
ALIYUN_SLS_ACCESS_KEY_ID: ${ALIYUN_SLS_ACCESS_KEY_ID:-}
|
ALIYUN_SLS_ACCESS_KEY_ID: ${ALIYUN_SLS_ACCESS_KEY_ID:-}
|
||||||
ALIYUN_SLS_ACCESS_KEY_SECRET: ${ALIYUN_SLS_ACCESS_KEY_SECRET:-}
|
ALIYUN_SLS_ACCESS_KEY_SECRET: ${ALIYUN_SLS_ACCESS_KEY_SECRET:-}
|
||||||
ALIYUN_SLS_ENDPOINT: ${ALIYUN_SLS_ENDPOINT:-}
|
ALIYUN_SLS_ENDPOINT: ${ALIYUN_SLS_ENDPOINT:-}
|
||||||
@@ -467,6 +480,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
ALIYUN_SLS_LOGSTORE_TTL: ${ALIYUN_SLS_LOGSTORE_TTL:-365}
|
ALIYUN_SLS_LOGSTORE_TTL: ${ALIYUN_SLS_LOGSTORE_TTL:-365}
|
||||||
LOGSTORE_DUAL_WRITE_ENABLED: ${LOGSTORE_DUAL_WRITE_ENABLED:-false}
|
LOGSTORE_DUAL_WRITE_ENABLED: ${LOGSTORE_DUAL_WRITE_ENABLED:-false}
|
||||||
LOGSTORE_DUAL_READ_ENABLED: ${LOGSTORE_DUAL_READ_ENABLED:-true}
|
LOGSTORE_DUAL_READ_ENABLED: ${LOGSTORE_DUAL_READ_ENABLED:-true}
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD: ${LOGSTORE_ENABLE_PUT_GRAPH_FIELD:-true}
|
||||||
HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
|
HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
|
||||||
HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
|
HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
|
||||||
HTTP_REQUEST_NODE_SSL_VERIFY: ${HTTP_REQUEST_NODE_SSL_VERIFY:-True}
|
HTTP_REQUEST_NODE_SSL_VERIFY: ${HTTP_REQUEST_NODE_SSL_VERIFY:-True}
|
||||||
@@ -579,6 +593,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
PLUGIN_DAEMON_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi}
|
PLUGIN_DAEMON_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi}
|
||||||
PLUGIN_DAEMON_URL: ${PLUGIN_DAEMON_URL:-http://plugin_daemon:5002}
|
PLUGIN_DAEMON_URL: ${PLUGIN_DAEMON_URL:-http://plugin_daemon:5002}
|
||||||
PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
|
PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
|
||||||
|
PLUGIN_MODEL_SCHEMA_CACHE_TTL: ${PLUGIN_MODEL_SCHEMA_CACHE_TTL:-3600}
|
||||||
PLUGIN_PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false}
|
PLUGIN_PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false}
|
||||||
PLUGIN_DEBUGGING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0}
|
PLUGIN_DEBUGGING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0}
|
||||||
PLUGIN_DEBUGGING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003}
|
PLUGIN_DEBUGGING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003}
|
||||||
@@ -653,6 +668,7 @@ x-shared-env: &shared-api-worker-env
|
|||||||
ENABLE_CREATE_TIDB_SERVERLESS_TASK: ${ENABLE_CREATE_TIDB_SERVERLESS_TASK:-false}
|
ENABLE_CREATE_TIDB_SERVERLESS_TASK: ${ENABLE_CREATE_TIDB_SERVERLESS_TASK:-false}
|
||||||
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK: ${ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK:-false}
|
ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK: ${ENABLE_UPDATE_TIDB_SERVERLESS_STATUS_TASK:-false}
|
||||||
ENABLE_CLEAN_MESSAGES: ${ENABLE_CLEAN_MESSAGES:-false}
|
ENABLE_CLEAN_MESSAGES: ${ENABLE_CLEAN_MESSAGES:-false}
|
||||||
|
ENABLE_WORKFLOW_RUN_CLEANUP_TASK: ${ENABLE_WORKFLOW_RUN_CLEANUP_TASK:-false}
|
||||||
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK: ${ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK:-false}
|
ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK: ${ENABLE_MAIL_CLEAN_DOCUMENT_NOTIFY_TASK:-false}
|
||||||
ENABLE_DATASETS_QUEUE_MONITOR: ${ENABLE_DATASETS_QUEUE_MONITOR:-false}
|
ENABLE_DATASETS_QUEUE_MONITOR: ${ENABLE_DATASETS_QUEUE_MONITOR:-false}
|
||||||
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK: ${ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK:-true}
|
ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK: ${ENABLE_CHECK_UPGRADABLE_PLUGIN_TASK:-true}
|
||||||
@@ -670,7 +686,14 @@ x-shared-env: &shared-api-worker-env
|
|||||||
AMPLITUDE_API_KEY: ${AMPLITUDE_API_KEY:-}
|
AMPLITUDE_API_KEY: ${AMPLITUDE_API_KEY:-}
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD: ${SANDBOX_EXPIRED_RECORDS_CLEAN_GRACEFUL_PERIOD:-21}
|
||||||
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_SIZE:-1000}
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL: ${SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL:-200}
|
||||||
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS: ${SANDBOX_EXPIRED_RECORDS_RETENTION_DAYS:-30}
|
||||||
|
PUBSUB_REDIS_URL: ${PUBSUB_REDIS_URL:-}
|
||||||
|
PUBSUB_REDIS_CHANNEL_TYPE: ${PUBSUB_REDIS_CHANNEL_TYPE:-pubsub}
|
||||||
|
PUBSUB_REDIS_USE_CLUSTERS: ${PUBSUB_REDIS_USE_CLUSTERS:-false}
|
||||||
|
ENABLE_HUMAN_INPUT_TIMEOUT_TASK: ${ENABLE_HUMAN_INPUT_TIMEOUT_TASK:-true}
|
||||||
|
HUMAN_INPUT_TIMEOUT_TASK_INTERVAL: ${HUMAN_INPUT_TIMEOUT_TASK_INTERVAL:-1}
|
||||||
|
SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL: ${SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL:-90000}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# Init container to fix permissions
|
# Init container to fix permissions
|
||||||
@@ -694,7 +717,7 @@ services:
|
|||||||
|
|
||||||
# API service
|
# API service
|
||||||
api:
|
api:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -736,7 +759,7 @@ services:
|
|||||||
# worker service
|
# worker service
|
||||||
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
# The Celery worker for processing all queues (dataset, workflow, mail, etc.)
|
||||||
worker:
|
worker:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -775,7 +798,7 @@ services:
|
|||||||
# worker_beat service
|
# worker_beat service
|
||||||
# Celery beat for scheduling periodic tasks.
|
# Celery beat for scheduling periodic tasks.
|
||||||
worker_beat:
|
worker_beat:
|
||||||
image: langgenius/dify-api:1.11.2
|
image: langgenius/dify-api:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -805,7 +828,7 @@ services:
|
|||||||
|
|
||||||
# Frontend web application.
|
# Frontend web application.
|
||||||
web:
|
web:
|
||||||
image: langgenius/dify-web:1.11.2
|
image: langgenius/dify-web:1.13.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
|
||||||
@@ -822,7 +845,6 @@ services:
|
|||||||
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
|
||||||
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
|
||||||
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
|
||||||
PM2_INSTANCES: ${PM2_INSTANCES:-2}
|
|
||||||
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
|
||||||
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
|
||||||
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
|
||||||
@@ -943,7 +965,7 @@ services:
|
|||||||
|
|
||||||
# plugin daemon
|
# plugin daemon
|
||||||
plugin_daemon:
|
plugin_daemon:
|
||||||
image: langgenius/dify-plugin-daemon:0.5.2-local
|
image: langgenius/dify-plugin-daemon:0.5.3-local
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
# Use the shared environment variables.
|
# Use the shared environment variables.
|
||||||
@@ -1146,7 +1168,8 @@ services:
|
|||||||
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
|
||||||
OB_SERVER_IP: 127.0.0.1
|
OB_SERVER_IP: 127.0.0.1
|
||||||
MODE: mini
|
MODE: mini
|
||||||
LANG: en_US.UTF-8
|
LANG: C.UTF-8
|
||||||
|
LC_ALL: C.UTF-8
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
@@ -1324,13 +1347,14 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
init: true
|
init: true
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/iris:/opt/iris
|
- ./volumes/iris:/durable
|
||||||
- ./iris/iris-init.script:/iris-init.script
|
- ./iris/iris-init.script:/iris-init.script
|
||||||
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
- ./iris/docker-entrypoint.sh:/custom-entrypoint.sh
|
||||||
entrypoint: [ "/custom-entrypoint.sh" ]
|
entrypoint: [ "/custom-entrypoint.sh" ]
|
||||||
tty: true
|
tty: true
|
||||||
environment:
|
environment:
|
||||||
TZ: ${IRIS_TIMEZONE:-UTC}
|
TZ: ${IRIS_TIMEZONE:-UTC}
|
||||||
|
ISC_DATA_DIRECTORY: /durable/iris
|
||||||
|
|
||||||
# Oracle vector database
|
# Oracle vector database
|
||||||
oracle:
|
oracle:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ def parse_env_example(file_path):
|
|||||||
Parses the .env.example file and returns a dictionary with variable names as keys and default values as values.
|
Parses the .env.example file and returns a dictionary with variable names as keys and default values as values.
|
||||||
"""
|
"""
|
||||||
env_vars = {}
|
env_vars = {}
|
||||||
with open(file_path, "r") as f:
|
with open(file_path, "r", encoding="utf-8") as f:
|
||||||
for line_number, line in enumerate(f, 1):
|
for line_number, line in enumerate(f, 1):
|
||||||
line = line.strip()
|
line = line.strip()
|
||||||
# Ignore empty lines and comments
|
# Ignore empty lines and comments
|
||||||
@@ -55,7 +55,7 @@ def insert_shared_env(template_path, output_path, shared_env_block, header_comme
|
|||||||
Inserts the shared environment variables block and header comments into the template file,
|
Inserts the shared environment variables block and header comments into the template file,
|
||||||
removing any existing x-shared-env anchors, and generates the final docker-compose.yaml file.
|
removing any existing x-shared-env anchors, and generates the final docker-compose.yaml file.
|
||||||
"""
|
"""
|
||||||
with open(template_path, "r") as f:
|
with open(template_path, "r", encoding="utf-8") as f:
|
||||||
template_content = f.read()
|
template_content = f.read()
|
||||||
|
|
||||||
# Remove existing x-shared-env: &shared-api-worker-env lines
|
# Remove existing x-shared-env: &shared-api-worker-env lines
|
||||||
@@ -69,7 +69,7 @@ def insert_shared_env(template_path, output_path, shared_env_block, header_comme
|
|||||||
# Prepare the final content with header comments and shared env block
|
# Prepare the final content with header comments and shared env block
|
||||||
final_content = f"{header_comments}\n{shared_env_block}\n\n{template_content}"
|
final_content = f"{header_comments}\n{shared_env_block}\n\n{template_content}"
|
||||||
|
|
||||||
with open(output_path, "w") as f:
|
with open(output_path, "w", encoding="utf-8") as f:
|
||||||
f.write(final_content)
|
f.write(final_content)
|
||||||
print(f"Generated {output_path}")
|
print(f"Generated {output_path}")
|
||||||
|
|
||||||
|
|||||||
@@ -1,15 +1,33 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# IRIS configuration flag file
|
# IRIS configuration flag file (stored in durable directory to persist with data)
|
||||||
IRIS_CONFIG_DONE="/opt/iris/.iris-configured"
|
IRIS_CONFIG_DONE="/durable/.iris-configured"
|
||||||
|
|
||||||
|
# Function to wait for IRIS to be ready
|
||||||
|
wait_for_iris() {
|
||||||
|
echo "Waiting for IRIS to be ready..."
|
||||||
|
local max_attempts=30
|
||||||
|
local attempt=1
|
||||||
|
while [ "$attempt" -le "$max_attempts" ]; do
|
||||||
|
if iris qlist IRIS 2>/dev/null | grep -q "running"; then
|
||||||
|
echo "IRIS is ready."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
echo "Attempt $attempt/$max_attempts: IRIS not ready yet, waiting..."
|
||||||
|
sleep 2
|
||||||
|
attempt=$((attempt + 1))
|
||||||
|
done
|
||||||
|
echo "ERROR: IRIS failed to start within expected time." >&2
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# Function to configure IRIS
|
# Function to configure IRIS
|
||||||
configure_iris() {
|
configure_iris() {
|
||||||
echo "Configuring IRIS for first-time setup..."
|
echo "Configuring IRIS for first-time setup..."
|
||||||
|
|
||||||
# Wait for IRIS to be fully started
|
# Wait for IRIS to be fully started
|
||||||
sleep 5
|
wait_for_iris
|
||||||
|
|
||||||
# Execute the initialization script
|
# Execute the initialization script
|
||||||
iris session IRIS < /iris-init.script
|
iris session IRIS < /iris-init.script
|
||||||
|
|||||||
@@ -91,6 +91,9 @@ MYSQL_INNODB_FLUSH_LOG_AT_TRX_COMMIT=2
|
|||||||
# -----------------------------
|
# -----------------------------
|
||||||
REDIS_HOST_VOLUME=./volumes/redis/data
|
REDIS_HOST_VOLUME=./volumes/redis/data
|
||||||
REDIS_PASSWORD=difyai123456
|
REDIS_PASSWORD=difyai123456
|
||||||
|
# Optional: limit total Redis connections used by API/Worker (unset for default)
|
||||||
|
# Align with API's REDIS_MAX_CONNECTIONS in configs
|
||||||
|
REDIS_MAX_CONNECTIONS=
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# Environment Variables for sandbox Service
|
# Environment Variables for sandbox Service
|
||||||
@@ -233,4 +236,8 @@ ALIYUN_SLS_LOGSTORE_TTL=365
|
|||||||
LOGSTORE_DUAL_WRITE_ENABLED=true
|
LOGSTORE_DUAL_WRITE_ENABLED=true
|
||||||
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
# Enable dual-read fallback to SQL database when LogStore returns no results (default: true)
|
||||||
# Useful for migration scenarios where historical data exists only in SQL database
|
# Useful for migration scenarios where historical data exists only in SQL database
|
||||||
LOGSTORE_DUAL_READ_ENABLED=true
|
LOGSTORE_DUAL_READ_ENABLED=true
|
||||||
|
# Control flag for whether to write the `graph` field to LogStore.
|
||||||
|
# If LOGSTORE_ENABLE_PUT_GRAPH_FIELD is "true", write the full `graph` field;
|
||||||
|
# otherwise write an empty {} instead. Defaults to writing the `graph` field.
|
||||||
|
LOGSTORE_ENABLE_PUT_GRAPH_FIELD=true
|
||||||
@@ -54,3 +54,52 @@ http_access allow src_all
|
|||||||
|
|
||||||
# Unless the option's size is increased, an error will occur when uploading more than two files.
|
# Unless the option's size is increased, an error will occur when uploading more than two files.
|
||||||
client_request_buffer_max_size 100 MB
|
client_request_buffer_max_size 100 MB
|
||||||
|
|
||||||
|
################################## Performance & Concurrency ###############################
|
||||||
|
# Increase file descriptor limit for high concurrency
|
||||||
|
max_filedescriptors 65536
|
||||||
|
|
||||||
|
# Timeout configurations for image requests
|
||||||
|
connect_timeout 30 seconds
|
||||||
|
request_timeout 2 minutes
|
||||||
|
read_timeout 2 minutes
|
||||||
|
client_lifetime 5 minutes
|
||||||
|
shutdown_lifetime 30 seconds
|
||||||
|
|
||||||
|
# Persistent connections - improve performance for multiple requests
|
||||||
|
server_persistent_connections on
|
||||||
|
client_persistent_connections on
|
||||||
|
persistent_request_timeout 30 seconds
|
||||||
|
pconn_timeout 1 minute
|
||||||
|
|
||||||
|
# Connection pool and concurrency limits
|
||||||
|
client_db on
|
||||||
|
server_idle_pconn_timeout 2 minutes
|
||||||
|
client_idle_pconn_timeout 2 minutes
|
||||||
|
|
||||||
|
# Quick abort settings - don't abort requests that are mostly done
|
||||||
|
quick_abort_min 16 KB
|
||||||
|
quick_abort_max 16 MB
|
||||||
|
quick_abort_pct 95
|
||||||
|
|
||||||
|
# Memory and cache optimization
|
||||||
|
memory_cache_mode disk
|
||||||
|
cache_mem 256 MB
|
||||||
|
maximum_object_size_in_memory 512 KB
|
||||||
|
|
||||||
|
# DNS resolver settings for better performance
|
||||||
|
dns_timeout 30 seconds
|
||||||
|
dns_retransmit_interval 5 seconds
|
||||||
|
# By default, Squid uses the system's configured DNS resolvers.
|
||||||
|
# If you need to override them, set dns_nameservers to appropriate servers
|
||||||
|
# for your environment (for example, internal/corporate DNS). The following
|
||||||
|
# is an example using public DNS and SHOULD be customized before use:
|
||||||
|
# dns_nameservers 8.8.8.8 8.8.4.4
|
||||||
|
|
||||||
|
# Logging format for better debugging
|
||||||
|
logformat dify_log %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
|
||||||
|
access_log daemon:/var/log/squid/access.log dify_log
|
||||||
|
|
||||||
|
# Access log to track concurrent requests and timeouts
|
||||||
|
logfile_rotate 10
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
APP_DOMAIN=$(PRIMARY_DOMAIN)
|
APP_DOMAIN=$(PRIMARY_DOMAIN)
|
||||||
APP_RELEASE=v1.2.1
|
APP_RELEASE=v1.2.3
|
||||||
|
|
||||||
WEB_REPLICAS=1
|
WEB_REPLICAS=1
|
||||||
SPACE_REPLICAS=1
|
SPACE_REPLICAS=1
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ x-app-env: &app-env
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
web:
|
||||||
image: artifacts.plane.so/makeplane/plane-frontend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-frontend:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${WEB_REPLICAS:-1}
|
replicas: ${WEB_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -73,7 +73,7 @@ services:
|
|||||||
- worker
|
- worker
|
||||||
|
|
||||||
space:
|
space:
|
||||||
image: artifacts.plane.so/makeplane/plane-space:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-space:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${SPACE_REPLICAS:-1}
|
replicas: ${SPACE_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -84,7 +84,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
admin:
|
admin:
|
||||||
image: artifacts.plane.so/makeplane/plane-admin:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-admin:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${ADMIN_REPLICAS:-1}
|
replicas: ${ADMIN_REPLICAS:-1}
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -94,7 +94,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
live:
|
live:
|
||||||
image: artifacts.plane.so/makeplane/plane-live:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-live:${APP_RELEASE:-v1.2.3}
|
||||||
environment:
|
environment:
|
||||||
<<: [ *live-env, *redis-env ]
|
<<: [ *live-env, *redis-env ]
|
||||||
deploy:
|
deploy:
|
||||||
@@ -106,7 +106,7 @@ services:
|
|||||||
- web
|
- web
|
||||||
|
|
||||||
api:
|
api:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-api.sh
|
command: ./bin/docker-entrypoint-api.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${API_REPLICAS:-1}
|
replicas: ${API_REPLICAS:-1}
|
||||||
@@ -122,7 +122,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-worker.sh
|
command: ./bin/docker-entrypoint-worker.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${WORKER_REPLICAS:-1}
|
replicas: ${WORKER_REPLICAS:-1}
|
||||||
@@ -139,7 +139,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
beat-worker:
|
beat-worker:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-beat.sh
|
command: ./bin/docker-entrypoint-beat.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: ${BEAT_WORKER_REPLICAS:-1}
|
replicas: ${BEAT_WORKER_REPLICAS:-1}
|
||||||
@@ -156,7 +156,7 @@ services:
|
|||||||
- plane-mq
|
- plane-mq
|
||||||
|
|
||||||
migrator:
|
migrator:
|
||||||
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-v1.2.3}
|
||||||
command: ./bin/docker-entrypoint-migrator.sh
|
command: ./bin/docker-entrypoint-migrator.sh
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
@@ -218,7 +218,7 @@ services:
|
|||||||
|
|
||||||
# Comment this if you already have a reverse proxy running
|
# Comment this if you already have a reverse proxy running
|
||||||
proxy:
|
proxy:
|
||||||
image: artifacts.plane.so/makeplane/plane-proxy:${APP_RELEASE:-v1.2.1}
|
image: artifacts.plane.so/makeplane/plane-proxy:${APP_RELEASE:-v1.2.3}
|
||||||
deploy:
|
deploy:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
restart_policy:
|
restart_policy:
|
||||||
|
|||||||
Regular → Executable
+197
-39
@@ -1,69 +1,126 @@
|
|||||||
############
|
############
|
||||||
# Secrets
|
# Secrets
|
||||||
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
|
#
|
||||||
|
# YOU MUST CHANGE ALL THE DEFAULT VALUES BELOW BEFORE STARTING
|
||||||
|
# THE CONTAINERS FOR THE FIRST TIME!
|
||||||
|
#
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#configuring-and-securing-supabase
|
||||||
|
#
|
||||||
|
# To generate secrets and API keys:
|
||||||
|
# sh ./utils/generate-keys.sh
|
||||||
|
#
|
||||||
############
|
############
|
||||||
|
|
||||||
|
# Postgres
|
||||||
POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
|
POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password
|
||||||
|
|
||||||
|
# Symmetric encryption key and JWT API keys
|
||||||
JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
|
JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long
|
||||||
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
|
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE
|
||||||
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
|
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
|
||||||
|
|
||||||
|
# Access to Dashboard
|
||||||
DASHBOARD_USERNAME=supabase
|
DASHBOARD_USERNAME=supabase
|
||||||
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
|
||||||
|
|
||||||
|
# Used by Realtime and Supavisor
|
||||||
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
|
||||||
VAULT_ENC_KEY=your-encryption-key-32-chars-min
|
|
||||||
|
# Used by Supavisor
|
||||||
|
VAULT_ENC_KEY=your-32-character-encryption-key
|
||||||
|
|
||||||
|
# Used by Studio to access Postgres via postgres-meta
|
||||||
|
PG_META_CRYPTO_KEY=your-encryption-key-32-chars-min
|
||||||
|
|
||||||
|
# Analytics - API tokens for log ingestion/querying, and for management
|
||||||
|
LOGFLARE_PUBLIC_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-public
|
||||||
|
LOGFLARE_PRIVATE_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-private
|
||||||
|
|
||||||
|
# Access to Storage via S3 protocol endpoint (see below)
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_ID=625729a08b95bf1b7ff351a663f3a23c
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET=850181e4652dd023b7a98c58ae0d2d34bd487ee0cc3254aed6eda37307425907
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
|
# URLs - Configure hostnames below to reflect your actual domain name
|
||||||
############
|
############
|
||||||
|
|
||||||
|
# Access to Dashboard and REST API
|
||||||
|
SUPABASE_PUBLIC_URL=http://localhost:8000
|
||||||
|
|
||||||
|
# Full external URL of the Auth service, used to construct OAuth callbacks,
|
||||||
|
# SAML endpoints, and email links
|
||||||
|
API_EXTERNAL_URL=http://localhost:8000
|
||||||
|
|
||||||
|
# See also the Auth section below for Site URL and Redirect URLs configuration
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# Database - Postgres configuration
|
||||||
|
############
|
||||||
|
|
||||||
|
# Using default user (postgres)
|
||||||
POSTGRES_HOST=db
|
POSTGRES_HOST=db
|
||||||
POSTGRES_DB=postgres
|
POSTGRES_DB=postgres
|
||||||
|
|
||||||
|
# Default configuration includes Supavisor exposing POSTGRES_PORT
|
||||||
|
# Postgres uses POSTGRES_PORT inside the container
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#accessing-postgres-through-supavisor
|
||||||
POSTGRES_PORT=5432
|
POSTGRES_PORT=5432
|
||||||
# default user is postgres
|
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Supavisor -- Database pooler
|
# Supavisor - Database pooler
|
||||||
############
|
############
|
||||||
# Port Supavisor listens on for transaction pooling connections
|
|
||||||
|
# Supavisor exposes POSTGRES_PORT and POOLER_PROXY_PORT_TRANSACTION,
|
||||||
|
# POSTGRES_PORT is used for session mode pooling
|
||||||
|
#
|
||||||
|
# Port to use for transaction mode pooling connections
|
||||||
POOLER_PROXY_PORT_TRANSACTION=6543
|
POOLER_PROXY_PORT_TRANSACTION=6543
|
||||||
|
|
||||||
# Maximum number of PostgreSQL connections Supavisor opens per pool
|
# Maximum number of PostgreSQL connections Supavisor opens per pool
|
||||||
POOLER_DEFAULT_POOL_SIZE=20
|
POOLER_DEFAULT_POOL_SIZE=20
|
||||||
|
|
||||||
# Maximum number of client connections Supavisor accepts per pool
|
# Maximum number of client connections Supavisor accepts per pool
|
||||||
POOLER_MAX_CLIENT_CONN=100
|
POOLER_MAX_CLIENT_CONN=100
|
||||||
# Unique tenant identifier
|
|
||||||
|
# Unique Supavisor tenant identifier
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/docker#accessing-postgres
|
||||||
POOLER_TENANT_ID=your-tenant-id
|
POOLER_TENANT_ID=your-tenant-id
|
||||||
|
|
||||||
# Pool size for internal metadata storage used by Supavisor
|
# Pool size for internal metadata storage used by Supavisor
|
||||||
# This is separate from client connections and used only by Supavisor itself
|
# This is separate from client connections and used only by Supavisor itself
|
||||||
POOLER_DB_POOL_SIZE=5
|
POOLER_DB_POOL_SIZE=5
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# API Proxy - Configuration for the Kong Reverse proxy.
|
# Studio - Configuration for the Dashboard
|
||||||
############
|
############
|
||||||
|
|
||||||
KONG_HTTP_PORT=8000
|
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
||||||
KONG_HTTPS_PORT=8443
|
STUDIO_DEFAULT_PROJECT=Default Project
|
||||||
|
|
||||||
|
# Add your OpenAI API key to enable AI Assistant
|
||||||
|
OPENAI_API_KEY=sk-proj-xxxxxxxx
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# API - Configuration for PostgREST.
|
# Auth - Configuration for the authentication server
|
||||||
############
|
############
|
||||||
|
|
||||||
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
## General settings
|
||||||
|
|
||||||
|
# Equivalent to "Site URL" and "Redirect URLs" platform configuration options
|
||||||
############
|
# Documentation: https://supabase.com/docs/guides/auth/redirect-urls
|
||||||
# Auth - Configuration for the GoTrue authentication server.
|
|
||||||
############
|
|
||||||
|
|
||||||
## General
|
|
||||||
SITE_URL=https://$(PRIMARY_DOMAIN)
|
SITE_URL=https://$(PRIMARY_DOMAIN)
|
||||||
ADDITIONAL_REDIRECT_URLS=
|
ADDITIONAL_REDIRECT_URLS=
|
||||||
|
|
||||||
JWT_EXPIRY=3600
|
JWT_EXPIRY=3600
|
||||||
DISABLE_SIGNUP=false
|
DISABLE_SIGNUP=false
|
||||||
API_EXTERNAL_URL=http://localhost:8000
|
|
||||||
|
|
||||||
## Mailer Config
|
## Mailer Config
|
||||||
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
|
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
|
||||||
@@ -86,41 +143,107 @@ ENABLE_ANONYMOUS_USERS=false
|
|||||||
ENABLE_PHONE_SIGNUP=true
|
ENABLE_PHONE_SIGNUP=true
|
||||||
ENABLE_PHONE_AUTOCONFIRM=true
|
ENABLE_PHONE_AUTOCONFIRM=true
|
||||||
|
|
||||||
|
## OAuth / Social login providers
|
||||||
|
|
||||||
############
|
# Uncomment and fill in the providers you want to enable.
|
||||||
# Studio - Configuration for the Dashboard
|
# You must ALSO uncomment the matching GOTRUE_EXTERNAL_* lines in docker-compose.yml.
|
||||||
############
|
# Documentation: https://supabase.com/docs/guides/self-hosting/self-hosted-oauth
|
||||||
|
# GOOGLE_ENABLED=false
|
||||||
|
# GOOGLE_CLIENT_ID=
|
||||||
|
# GOOGLE_SECRET=
|
||||||
|
|
||||||
STUDIO_DEFAULT_ORGANIZATION=Default Organization
|
# GITHUB_ENABLED=false
|
||||||
STUDIO_DEFAULT_PROJECT=Default Project
|
# GITHUB_CLIENT_ID=
|
||||||
|
# GITHUB_SECRET=
|
||||||
|
|
||||||
STUDIO_PORT=3000
|
# AZURE_ENABLED=false
|
||||||
# replace if you intend to use Studio outside of localhost
|
# AZURE_CLIENT_ID=
|
||||||
SUPABASE_PUBLIC_URL=http://localhost:8000
|
# AZURE_SECRET=
|
||||||
|
|
||||||
# Enable webp support
|
# Phone / SMS provider configuration
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION=true
|
# Uncomment to configure SMS delivery for phone auth and phone MFA.
|
||||||
|
# You must ALSO uncomment the matching GOTRUE_SMS_* lines in docker-compose.yml.
|
||||||
|
# Documentation: https://supabase.com/docs/guides/self-hosting/self-hosted-phone-mfa
|
||||||
|
# SMS_PROVIDER=twilio
|
||||||
|
# SMS_OTP_EXP=60
|
||||||
|
# SMS_OTP_LENGTH=6
|
||||||
|
# SMS_MAX_FREQUENCY=60s
|
||||||
|
# SMS_TEMPLATE=Your code is {{ .Code }}
|
||||||
|
|
||||||
# Add your OpenAI API key to enable SQL Editor Assistant
|
# SMS_TWILIO_ACCOUNT_SID=
|
||||||
OPENAI_API_KEY=
|
# SMS_TWILIO_AUTH_TOKEN=
|
||||||
|
# SMS_TWILIO_MESSAGE_SERVICE_SID=
|
||||||
|
|
||||||
|
# Test OTP: map phone numbers to fixed OTP codes for development
|
||||||
|
# Format: phone1:code1,phone2:code2
|
||||||
|
# SMS_TEST_OTP=
|
||||||
|
|
||||||
|
# Multi-factor authentication (MFA)
|
||||||
|
# Uncomment to change MFA defaults.
|
||||||
|
# You must ALSO uncomment the matching GOTRUE_MFA_* lines in docker-compose.yml.
|
||||||
|
|
||||||
|
# App Authenticator (TOTP) - enabled by default
|
||||||
|
# MFA_TOTP_ENROLL_ENABLED=true
|
||||||
|
# MFA_TOTP_VERIFY_ENABLED=true
|
||||||
|
|
||||||
|
# Phone MFA - disabled by default (opt-in)
|
||||||
|
# MFA_PHONE_ENROLL_ENABLED=false
|
||||||
|
# MFA_PHONE_VERIFY_ENABLED=false
|
||||||
|
|
||||||
|
## Maximum MFA factors a user can enroll
|
||||||
|
# MFA_MAX_ENROLLED_FACTORS=10
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Functions - Configuration for Functions
|
# Storage - Configuration for Storage
|
||||||
############
|
############
|
||||||
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
|
|
||||||
|
# Check the S3_PROTOCOL_ACCESS_KEY_ID/SECRET above, and
|
||||||
|
# refer to the documentation at:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-s3
|
||||||
|
# to learn how to configure the S3 protocol endpoint
|
||||||
|
|
||||||
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET=stub
|
||||||
|
|
||||||
|
# Used for S3 protocol endpoint configuration
|
||||||
|
REGION=stub
|
||||||
|
|
||||||
|
# Used by MinIO when added via:
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.s3.yml up -d
|
||||||
|
MINIO_ROOT_USER=supa-storage
|
||||||
|
MINIO_ROOT_PASSWORD=secret1234
|
||||||
|
|
||||||
|
# Equivalent to project_ref as described here:
|
||||||
|
# https://supabase.com/docs/guides/storage/s3/authentication#session-token
|
||||||
|
STORAGE_TENANT_ID=stub
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# Functions - Configuration for Edge functions
|
||||||
|
############
|
||||||
|
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-functions
|
||||||
|
|
||||||
|
# NOTE: VERIFY_JWT applies to all functions
|
||||||
FUNCTIONS_VERIFY_JWT=false
|
FUNCTIONS_VERIFY_JWT=false
|
||||||
|
|
||||||
|
|
||||||
############
|
############
|
||||||
# Logs - Configuration for Analytics
|
# API - Configuration for PostgREST
|
||||||
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
|
|
||||||
############
|
############
|
||||||
|
|
||||||
# Change vector.toml sinks to reflect this change
|
# Postgres schemas exposed via the REST API
|
||||||
# these cannot be the same value
|
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
||||||
LOGFLARE_PUBLIC_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-public
|
|
||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-private
|
|
||||||
|
############
|
||||||
|
# Analytics - Configuration for Logflare
|
||||||
|
############
|
||||||
|
|
||||||
|
# Check the LOGFLARE_* access token configuration above.
|
||||||
|
# If Logflare is externally exposed, configure securely!
|
||||||
|
|
||||||
# Docker socket location - this value will differ depending on your OS
|
# Docker socket location - this value will differ depending on your OS
|
||||||
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
||||||
@@ -128,3 +251,38 @@ DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
|||||||
# Google Cloud Project details
|
# Google Cloud Project details
|
||||||
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
|
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
|
||||||
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
|
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# API Proxy - Configuration for the Kong API gateway
|
||||||
|
############
|
||||||
|
|
||||||
|
KONG_HTTP_PORT=8000
|
||||||
|
KONG_HTTPS_PORT=8443
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# imgproxy
|
||||||
|
############
|
||||||
|
|
||||||
|
# Enable webp support
|
||||||
|
IMGPROXY_ENABLE_WEBP_DETECTION=true
|
||||||
|
|
||||||
|
|
||||||
|
############
|
||||||
|
# TLS Proxy - Optional Caddy or Nginx reverse proxy with Let's Encrypt
|
||||||
|
############
|
||||||
|
|
||||||
|
# Documentation:
|
||||||
|
# https://supabase.com/docs/guides/self-hosting/self-hosted-proxy-https
|
||||||
|
|
||||||
|
# Usage:
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
|
||||||
|
# docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
|
||||||
|
|
||||||
|
# Domain name for the proxy (must point to your server)
|
||||||
|
PROXY_DOMAIN=your-domain.example.com
|
||||||
|
|
||||||
|
# Email for Let's Encrypt certificate notifications (nginx only, Caddy uses PROXY_DOMAIN).
|
||||||
|
# This should be a valid email, not a placehoder (otherwise Certbot may fail to start).
|
||||||
|
CERTBOT_EMAIL=admin@example.com
|
||||||
|
|||||||
@@ -0,0 +1,383 @@
|
|||||||
|
# Changelog
|
||||||
|
|
||||||
|
All notable changes to the Supabase self-hosted Docker configuration.
|
||||||
|
|
||||||
|
Changes are grouped by service rather than by change type. See [versions.md](./versions.md)
|
||||||
|
for complete image version history and rollback information.
|
||||||
|
|
||||||
|
Check updates for each service to learn more.
|
||||||
|
|
||||||
|
**Note:** Configuration updates marked with "requires [...] update" are already included in the latest version of the repository. Pull the latest changes or refer to the linked PR for manual updates. After updating `docker-compose.yml`, pull latest images and recreate containers - use `docker compose pull && docker compose down && docker compose up -d`.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Unreleased
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-02-18]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated `supabase/storage-api` to `v1.37.8` in `docker-compose.s3.yml`
|
||||||
|
- Changed MinIO image in `docker-compose.s3.yml` to use Chainguard [minio](https://images.chainguard.dev/directory/image/minio/overview) and [minio-client](https://images.chainguard.dev/directory/image/minio-client/overview) (requires `docker-compose.s3.yml` update) - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
- Removed `imgproxy` service from `docker-compose.s3.yml` to minimize redundancy - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
- Fixed inconsistent `storage` service entry ordering in `docker-compose.yml` and `docker-compose.s3.yml` to improve diff readability (requires `docker-compose.yml` and `docker-compose.s3.yml` update) - PR [#42942](https://github.com/supabase/supabase/pull/42942)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Added a `deno-cache` named volume to to avoid re-downloading dependencies (requires `docker-compose.yml` and `volumes/functions/*` update) - PR [#40822](https://github.com/supabase/supabase/pull/40822)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-02-16]
|
||||||
|
|
||||||
|
⚠️ **Note:** This update includes several breaking changes, including a security fix for Analytics. Please check the details below. The following configuration files have been updated: `docker-compose.yml`, `.env.example`, `docker-compose.s3.yml`, `volumes/api/kong.yml`, and `volumes/logs/vector.yml`.
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2026.02.16-sha-26c615c`
|
||||||
|
- Added Edge Functions management UI (requires `docker-compose.yml` update) - PR [#40690](https://github.com/supabase/supabase/pull/40690), PR [#42322](https://github.com/supabase/supabase/pull/42322), PR [#42349](https://github.com/supabase/supabase/pull/42349), PR [#42350](https://github.com/supabase/supabase/pull/42350)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
- Updated to `v0.6.3` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.6.3)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
|
||||||
|
- Updated to `v2.186.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.186.0)
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
|
||||||
|
- Updated to `v14.5` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.5)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
|
||||||
|
- Updated to `v2.76.5` - [Release](https://github.com/supabase/realtime/releases/tag/v2.76.5)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
|
||||||
|
- Updated to `v1.37.8` - [Release](https://github.com/supabase/storage/releases/tag/v1.37.8)
|
||||||
|
- ⚠️ Added configuration to access buckets via `/storage/v1/s3` endpoint (requires `docker-compose.s3.yml` update) - PR [#37185](https://github.com/supabase/supabase/pull/37185)
|
||||||
|
- ⚠️ Changed environment variable configuration for Storage (requires `docker-compose.yml`, `.env.example` and `.env` update) - PR [#37185](https://github.com/supabase/supabase/pull/37185), PR [#42862](https://github.com/supabase/supabase/pull/42862)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Updated to `v1.70.3` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.70.3)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
|
||||||
|
- Updated to `v1.31.2` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.31.2)
|
||||||
|
- ⚠️ Changed default configuration to disable Logflare on `0.0.0.0:4000` to prevent access to `/dashboard` (requires `docker-compose.yml` update). Read more in "Production Recommendations" section of Logflare [documentation](https://supabase.com/docs/reference/self-hosting-analytics/introduction) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
- ⚠️ Changed Kong routes to not include `/analytics/v1` by default (requires `/volumes/api/kong.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
|
||||||
|
### Vector
|
||||||
|
|
||||||
|
- Updated to `0.53.0-alpine` - [Changelog](https://vector.dev/releases/0.53.0/) | [Release](https://github.com/vectordotdev/vector/releases/tag/v0.53.0)
|
||||||
|
- ⚠️ Major version jump from `0.28.1` (requires `volumes/logs/vector.yml` update) - PR [#42525](https://github.com/supabase/supabase/pull/42525)
|
||||||
|
- ⚠️ Changed Postgres sink configuration to bypass Kong (requires `volumes/logs/vector.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
- ⚠️ Changed retry settings for all sinks to increase timeouts (requires `volumes/logs/vector.yml` update) - PR [#42857](https://github.com/supabase/supabase/pull/42857)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-02-05]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.37.1` - [Release](https://github.com/supabase/storage/releases/tag/v1.37.1)
|
||||||
|
- Fixed an issue with Storage not starting because of an issue with migrations - PR [storage#845](https://github.com/supabase/storage/pull/845)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2026-01-27]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2026.01.27-sha-6aa59ff`
|
||||||
|
- Added SQL snippets (requires `docker-compose.yml` update) - PR [#41112](https://github.com/supabase/supabase/pull/41112), PR [#41557](https://github.com/supabase/supabase/pull/41557)
|
||||||
|
- Fixed type generator - PR [#40481](https://github.com/supabase/supabase/pull/40481)
|
||||||
|
- Fixed minor UI discrepancies - PR [#40579](https://github.com/supabase/supabase/pull/40579), PR [#41936](https://github.com/supabase/supabase/pull/41936), PR [#41970](https://github.com/supabase/supabase/pull/41970), PR [#41971](https://github.com/supabase/supabase/pull/41971), PR [#41972](https://github.com/supabase/supabase/pull/41972), PR [#42015](https://github.com/supabase/supabase/pull/42015)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.185.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.185.0)
|
||||||
|
- ⚠️ Fixed security related issues
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
- Updated to `v14.3` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.3)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.72.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.72.0)
|
||||||
|
- Changed healthchecks logging to off by default (requires `docker-compose.yml` update) - PR [realtime#1677](https://github.com/supabase/realtime/pull/1677), PR [#42156](https://github.com/supabase/supabase/pull/42156)
|
||||||
|
- Changed logging configuration and healthcheck frequency to reduce log volume (requires `docker-compose.yml` update) - PR [#42112](https://github.com/supabase/supabase/pull/42112)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.33.5` - [Release](https://github.com/supabase/storage/releases/tag/v1.33.5)
|
||||||
|
|
||||||
|
### imgproxy
|
||||||
|
- Updated to `v3.30.1` - [Changelog](https://github.com/imgproxy/imgproxy/blob/master/CHANGELOG.md) | [Release](https://github.com/imgproxy/imgproxy/releases/tag/v3.30.1)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.95.2` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.95.2)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.70.0` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.70.0)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.30.3` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.30.3)
|
||||||
|
|
||||||
|
### Postgres
|
||||||
|
- No image update
|
||||||
|
- Fixed Postgres logging configuration (requires `volumes/logs/vector.yml` update) - PR [#41800](https://github.com/supabase/supabase/pull/41800)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-18]
|
||||||
|
|
||||||
|
### Documentation
|
||||||
|
- Updated self-hosting installation and configuration guide - PR [#40901](https://github.com/supabase/supabase/pull/40901), PR [#41438](https://github.com/supabase/supabase/pull/41438)
|
||||||
|
|
||||||
|
### Utils
|
||||||
|
- Added `generate-keys.sh` - PR [#41363](https://github.com/supabase/supabase/pull/41363)
|
||||||
|
- Added `db-passwd.sh` - PR [#41432](https://github.com/supabase/supabase/pull/41432)
|
||||||
|
- Changed `reset.sh` to POSIX and added more checks - PR [#41361](https://github.com/supabase/supabase/pull/41361)
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.12.17-sha-43f4f7f`
|
||||||
|
- ⚠️ Fixed additional issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
|
- Fixed an issue with the Users page not being updated on changes - PR [#41254](https://github.com/supabase/supabase/pull/41254)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
- Updated to `v0.5.10` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.5.10)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.184.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.184.0)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.95.1` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.95.1)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.27.0` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.27.0)
|
||||||
|
- Fixed multiple issues, including a race condition
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-10]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
|
||||||
|
- Updated to `2025.12.09-sha-434634f`
|
||||||
|
- ⚠️ Fixed security issues related to [React2Shell](https://vercel.com/kb/bulletin/react2shell)
|
||||||
|
|
||||||
|
### MCP Server
|
||||||
|
|
||||||
|
- Updated to `v0.5.9` - [Release](https://github.com/supabase-community/supabase-mcp/releases/tag/v0.5.9)
|
||||||
|
- ⚠️ Changed MCP tool `get_anon_key` to `get_publishable_keys`
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
|
||||||
|
- Updated to `v14.1` - [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md) | [Release](https://github.com/PostgREST/postgrest/releases/tag/v14.1)
|
||||||
|
- ⚠️ **Major upgrade from v13.x to v14.x** - please report any unexpected behavior
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
|
||||||
|
- Updated to `v2.68.0` - [Releases](https://github.com/supabase/realtime/releases/tag/v2.68.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
|
||||||
|
- Updated to `v1.33.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.33.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
|
||||||
|
- Updated to `v1.69.28` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.28)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
|
||||||
|
- Updated to `v1.26.25` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.25)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-12-08]
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- No image update
|
||||||
|
- Changed boolean values to strings in Docker Compose for better compatibility with Podman - PR [#40994](https://github.com/supabase/supabase/pull/40994), also PR [realtime#1614](https://github.com/supabase/realtime/pull/1614)
|
||||||
|
- Changed healthcheck in Docker Compose for better compatibility with Podman - PR [#41159](https://github.com/supabase/supabase/pull/41159)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-26]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.26-sha-8f096b5`
|
||||||
|
- Fixed MCP `get_advisors` tool - PR [#40783](https://github.com/supabase/supabase/pull/40783)
|
||||||
|
- Fixed AI Assistant request schema - PR [#40830](https://github.com/supabase/supabase/pull/40830)
|
||||||
|
- Fixed log drains page - PR [#40835](https://github.com/supabase/supabase/pull/40835)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.65.3` - [Release](https://github.com/supabase/realtime/releases/tag/v2.65.3)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.26.13` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.13)
|
||||||
|
- Fixed crashdump when `POSTGRES_BACKEND_URL` is malformed - PR [logflare#2954](https://github.com/Logflare/logflare/pull/2954)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-25]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.24-sha-d990ae8` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40734)
|
||||||
|
- Fixed Queues configuration UI and added [documentation for exposed queue schema](https://supabase.com/docs/guides/queues/expose-self-hosted-queues) - PR [#40078](https://github.com/supabase/supabase/pull/40078)
|
||||||
|
- Fixed parameterized SQL queries in MCP tools - PR [#40499](https://github.com/supabase/supabase/pull/40499)
|
||||||
|
- Fixed Studio showing paid options for log drains - PR [#40510](https://github.com/supabase/supabase/pull/40510)
|
||||||
|
- Fixed AI Assistant authentication - PR [#40654](https://github.com/supabase/supabase/pull/40654)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.183.0` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md) | [Release](https://github.com/supabase/auth/releases/tag/v2.183.0)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.65.2` - [Release](https://github.com/supabase/realtime/releases/tag/v2.65.2)
|
||||||
|
- Fixed handling of boolean configurations options - PR [realtime#1614](https://github.com/supabase/realtime/pull/1614)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.32.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.32.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.25` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.25)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.26.12` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.26.12)
|
||||||
|
- Fixed Auth logs query - PR [logflare#2936](https://github.com/Logflare/logflare/pull/2936)
|
||||||
|
- Fixed build configuration to prevent crashes with "Illegal instruction (core dumped)" - PR [logflare#2942](https://github.com/Logflare/logflare/pull/2942)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-17]
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- No image update
|
||||||
|
- Fixed resumable uploads for files larger than 6MB (requires `docker-compose.yml` update) - PR [#40500](https://github.com/supabase/supabase/pull/40500)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-12]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.11.10-sha-5291fe3` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40083)
|
||||||
|
- Added log drains - PR [#28297](https://github.com/supabase/supabase/pull/28297)
|
||||||
|
- Fixed Studio using `postgres` role instead of `supabase_admin` - PR [#39946](https://github.com/supabase/supabase/pull/39946)
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.182.1` - [Changelog](https://github.com/supabase/auth/blob/master/CHANGELOG.md#21821-2025-11-05) | [Release](https://github.com/supabase/auth/releases/tag/v2.182.1)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.63.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.63.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.29.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.29.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.23` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.23)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `v2.7.4` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.4)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-11-05]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- No image update
|
||||||
|
- Fixed Studio failing to connect to Postgres with non-default settings (requires `docker-compose.yml` update) - PR [#40169](https://github.com/supabase/supabase/pull/40169)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- No image update
|
||||||
|
- Fixed realtime logs not showing in Studio (requires `volumes/logs/vector.yml` update) - PR [#39963](https://github.com/supabase/supabase/pull/39963)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-28]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.27-sha-85b84e0` - [Dashboard updates](https://github.com/orgs/supabase/discussions/40083)
|
||||||
|
- Fixed broken authentication when uploading files to Storage - PR [#39829](https://github.com/supabase/supabase/pull/39829)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.57.2` - [Release](https://github.com/supabase/realtime/releases/tag/v2.57.2)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.2` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.2)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.93.1` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.93.1)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.15` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.15)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-27]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- No image update
|
||||||
|
- Added Kong configuration for MCP server routes (requires `volumes/api/kong.yml` update) - PR [#39849](https://github.com/supabase/supabase/pull/39849)
|
||||||
|
- Added [documentation page](https://supabase.com/docs/guides/self-hosting/enable-mcp) for MCP server configuration - PR [#39952](https://github.com/supabase/supabase/pull/39952)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-21]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.20-sha-5005fc6` - [Dashboard updates](https://github.com/orgs/supabase/discussions/39709)
|
||||||
|
- Fixed issues with Edge Functions and cron logs not being visible in Studio - PR [#39388](https://github.com/supabase/supabase/pull/39388), PR [#39704](https://github.com/supabase/supabase/pull/39704), PR [#39711](https://github.com/supabase/supabase/pull/39711)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.56.0` - [Release](https://github.com/supabase/realtime/releases/tag/v2.56.0)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.1` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.1)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.93.0` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.93.0)
|
||||||
|
|
||||||
|
### Edge Runtime
|
||||||
|
- Updated to `v1.69.14` - [Release](https://github.com/supabase/edge-runtime/releases/tag/v1.69.14)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `v2.7.3` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.3)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-13]
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.22.6` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.22.6)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## [2025-10-08]
|
||||||
|
|
||||||
|
### Studio
|
||||||
|
- Updated to `2025.10.01-sha-8460121` - [Dashboard updates](https://github.com/orgs/supabase/discussions/39709)
|
||||||
|
- Added "local" remote MCP server - PR [#38797](https://github.com/supabase/supabase/pull/38797), PR [#39041](https://github.com/supabase/supabase/pull/39041)
|
||||||
|
- ⚠️ Changed Studio connection method to `postgres-meta` - affects non-standard database port configurations
|
||||||
|
|
||||||
|
### Auth
|
||||||
|
- Updated to `v2.180.0` - [Release](https://github.com/supabase/auth/releases/tag/v2.180.0)
|
||||||
|
|
||||||
|
### PostgREST
|
||||||
|
- Updated to `v13.0.7` - [Release](https://github.com/PostgREST/postgrest/releases/tag/v13.0.7) | [Changelog](https://github.com/PostgREST/postgrest/blob/main/CHANGELOG.md)
|
||||||
|
|
||||||
|
### Realtime
|
||||||
|
- Updated to `v2.51.11` - [Release](https://github.com/supabase/realtime/releases/tag/v2.51.11)
|
||||||
|
|
||||||
|
### Storage
|
||||||
|
- Updated to `v1.28.0` - [Release](https://github.com/supabase/storage/releases/tag/v1.28.0)
|
||||||
|
|
||||||
|
### Postgres Meta
|
||||||
|
- Updated to `v0.91.6` - [Release](https://github.com/supabase/postgres-meta/releases/tag/v0.91.6)
|
||||||
|
|
||||||
|
### Analytics (Logflare)
|
||||||
|
- Updated to `v1.22.4` - [Release](https://github.com/Logflare/logflare/releases/tag/v1.22.4)
|
||||||
|
|
||||||
|
### Postgres
|
||||||
|
- Updated to `15.8.1.085` - [Release](https://github.com/supabase/postgres/releases/tag/15.8.1.085)
|
||||||
|
|
||||||
|
### Supavisor
|
||||||
|
- Updated to `2.7.0` - [Release](https://github.com/supabase/supavisor/releases/tag/v2.7.0)
|
||||||
|
|
||||||
|
---
|
||||||
+86
-2
@@ -1,3 +1,87 @@
|
|||||||
# Supabase Docker
|
# Self-Hosted Supabase with Docker
|
||||||
|
|
||||||
This is a minimal Docker Compose setup for self-hosting Supabase. Follow the steps [here](https://supabase.com/docs/guides/hosting/docker) to get started.
|
This is the official Docker Compose setup for self-hosted Supabase. It provides a complete stack with all Supabase services running locally or on your infrastructure.
|
||||||
|
|
||||||
|
## Getting Started
|
||||||
|
|
||||||
|
Follow the detailed setup guide in our documentation: [Self-Hosting with Docker](https://supabase.com/docs/guides/self-hosting/docker)
|
||||||
|
|
||||||
|
The guide covers:
|
||||||
|
- Prerequisites (Git and Docker)
|
||||||
|
- Initial setup and configuration
|
||||||
|
- Securing your installation
|
||||||
|
- Accessing services
|
||||||
|
- Updating your instance
|
||||||
|
|
||||||
|
## What's Included
|
||||||
|
|
||||||
|
This Docker Compose configuration includes the following services:
|
||||||
|
|
||||||
|
- **[Studio](https://github.com/supabase/supabase/tree/master/apps/studio)** - A dashboard for managing your self-hosted Supabase project
|
||||||
|
- **[Kong](https://github.com/Kong/kong)** - Kong API gateway
|
||||||
|
- **[Auth](https://github.com/supabase/auth)** - JWT-based authentication API for user sign-ups, logins, and session management
|
||||||
|
- **[PostgREST](https://github.com/PostgREST/postgrest)** - Web server that turns your PostgreSQL database directly into a RESTful API
|
||||||
|
- **[Realtime](https://github.com/supabase/realtime)** - Elixir server that listens to PostgreSQL database changes and broadcasts them over websockets
|
||||||
|
- **[Storage](https://github.com/supabase/storage)** - RESTful API for managing files in S3, with Postgres handling permissions
|
||||||
|
- **[imgproxy](https://github.com/imgproxy/imgproxy)** - Fast and secure image processing server
|
||||||
|
- **[postgres-meta](https://github.com/supabase/postgres-meta)** - RESTful API for managing Postgres (fetch tables, add roles, run queries)
|
||||||
|
- **[PostgreSQL](https://github.com/supabase/postgres)** - Object-relational database with over 30 years of active development
|
||||||
|
- **[Edge Runtime](https://github.com/supabase/edge-runtime)** - Web server based on Deno runtime for running JavaScript, TypeScript, and WASM services
|
||||||
|
- **[Logflare](https://github.com/Logflare/logflare)** - Log management and event analytics platform
|
||||||
|
- **[Vector](https://github.com/vectordotdev/vector)** - High-performance observability data pipeline for logs
|
||||||
|
- **[Supavisor](https://github.com/supabase/supavisor)** - Supabase's Postgres connection pooler
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
- **[Documentation](https://supabase.com/docs/guides/self-hosting/docker)** - Setup and configuration guides
|
||||||
|
- **[CHANGELOG.md](./CHANGELOG.md)** - Track recent updates and changes to services
|
||||||
|
- **[versions.md](./versions.md)** - Complete history of Docker image versions for rollback reference
|
||||||
|
|
||||||
|
## Updates
|
||||||
|
|
||||||
|
To update your self-hosted Supabase instance:
|
||||||
|
|
||||||
|
1. Review [CHANGELOG.md](./CHANGELOG.md) for breaking changes
|
||||||
|
2. Check [versions.md](./versions.md) for new image versions
|
||||||
|
3. Update `docker-compose.yml` if there are configuration changes
|
||||||
|
4. Pull the latest images: `docker compose pull`
|
||||||
|
5. Stop services: `docker compose down`
|
||||||
|
6. Start services with new configuration: `docker compose up -d`
|
||||||
|
|
||||||
|
**Note:** Consider to always backup your database before updating.
|
||||||
|
|
||||||
|
## Community & Support
|
||||||
|
|
||||||
|
For troubleshooting common issues, see:
|
||||||
|
- [GitHub Discussions](https://github.com/orgs/supabase/discussions?discussions_q=is%3Aopen+label%3Aself-hosted) - Questions, feature requests, and workarounds
|
||||||
|
- [GitHub Issues](https://github.com/supabase/supabase/issues?q=is%3Aissue%20state%3Aopen%20label%3Aself-hosted) - Known issues
|
||||||
|
- [Documentation](https://supabase.com/docs/guides/self-hosting) - Setup and configuration guides
|
||||||
|
|
||||||
|
Self-hosted Supabase is community-supported. Get help and connect with other users:
|
||||||
|
|
||||||
|
- [Discord](https://discord.supabase.com) - Real-time chat and community support
|
||||||
|
- [Reddit](https://www.reddit.com/r/Supabase/) - Official Supabase subreddit
|
||||||
|
|
||||||
|
Share your self-hosting experience:
|
||||||
|
|
||||||
|
- [GitHub Discussions](https://github.com/orgs/supabase/discussions/39820) - "Self-hosting: What's working (and what's not)?"
|
||||||
|
|
||||||
|
## Important Notes
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
⚠️ **The default configuration is not secure for production use.**
|
||||||
|
|
||||||
|
Before deploying to production, you must:
|
||||||
|
- Update all default passwords and secrets in the `.env` file
|
||||||
|
- Generate new JWT secrets
|
||||||
|
- Review and update CORS settings
|
||||||
|
- Consider setting up a secure proxy in front of self-hosted Supabase
|
||||||
|
- Review and adjust network security configuration (ACLs, etc.)
|
||||||
|
- Set up proper backup procedures
|
||||||
|
|
||||||
|
See the [security section](https://supabase.com/docs/guides/self-hosting/docker#configuring-and-securing-supabase) in the documentation.
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
This repository is licensed under the Apache 2.0 License. See the main [Supabase repository](https://github.com/supabase/supabase) for details.
|
||||||
|
|||||||
@@ -8,6 +8,16 @@ services:
|
|||||||
target: dev
|
target: dev
|
||||||
ports:
|
ports:
|
||||||
- 8082:8082
|
- 8082:8082
|
||||||
|
develop:
|
||||||
|
watch:
|
||||||
|
- action: sync
|
||||||
|
path: ../apps/studio
|
||||||
|
target: /app/apps/studio
|
||||||
|
ignore:
|
||||||
|
- node_modules/
|
||||||
|
- action: rebuild
|
||||||
|
path: package.json
|
||||||
|
|
||||||
mail:
|
mail:
|
||||||
container_name: supabase-mail
|
container_name: supabase-mail
|
||||||
image: inbucket/inbucket:3.0.3
|
image: inbucket/inbucket:3.0.3
|
||||||
|
|||||||
@@ -0,0 +1,34 @@
|
|||||||
|
services:
|
||||||
|
|
||||||
|
kong:
|
||||||
|
ports: !reset []
|
||||||
|
|
||||||
|
caddy:
|
||||||
|
container_name: supabase-caddy
|
||||||
|
image: caddy:2
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
- "443:443/udp"
|
||||||
|
depends_on:
|
||||||
|
kong:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
PROXY_DOMAIN: ${PROXY_DOMAIN}
|
||||||
|
PROXY_AUTH_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
|
PROXY_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}
|
||||||
|
command:
|
||||||
|
- /bin/sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
PROXY_AUTH_PASSWORD=$$(caddy hash-password --plaintext "$$PROXY_AUTH_PASSWORD") && \
|
||||||
|
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
|
||||||
|
volumes:
|
||||||
|
- ./volumes/proxy/caddy:/etc/caddy
|
||||||
|
- caddy_data:/data
|
||||||
|
- caddy_config:/config
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
caddy_data:
|
||||||
|
caddy_config:
|
||||||
@@ -0,0 +1,33 @@
|
|||||||
|
services:
|
||||||
|
|
||||||
|
kong:
|
||||||
|
ports: !reset []
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
container_name: supabase-nginx
|
||||||
|
image: jonasal/nginx-certbot:6.0.1-nginx1.29.5
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
depends_on:
|
||||||
|
kong:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
PROXY_DOMAIN: ${PROXY_DOMAIN}
|
||||||
|
CERTBOT_EMAIL: ${CERTBOT_EMAIL}
|
||||||
|
PROXY_AUTH_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
|
PROXY_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
printf '%s:%s\n' "$${PROXY_AUTH_USERNAME}" "$$(openssl passwd -apr1 "$${PROXY_AUTH_PASSWORD}")" > /etc/nginx/user_conf.d/dashboard-passwd && \
|
||||||
|
envsubst '$${PROXY_DOMAIN}' < /etc/nginx/supabase-nginx.conf.tpl > /etc/nginx/user_conf.d/nginx.conf && \
|
||||||
|
/scripts/start_nginx_certbot.sh
|
||||||
|
volumes:
|
||||||
|
- ./volumes/proxy/nginx/supabase-nginx.conf.tpl:/etc/nginx/supabase-nginx.conf.tpl:ro
|
||||||
|
- nginx_letsencrypt:/etc/letsencrypt
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
nginx_letsencrypt:
|
||||||
@@ -1,16 +1,16 @@
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
minio:
|
minio:
|
||||||
image: minio/minio
|
image: cgr.dev/chainguard/minio
|
||||||
ports:
|
#ports:
|
||||||
- '9000:9000'
|
# - '9000:9000'
|
||||||
- '9001:9001'
|
# - '9001:9001'
|
||||||
environment:
|
environment:
|
||||||
MINIO_ROOT_USER: supa-storage
|
MINIO_ROOT_USER: ${MINIO_ROOT_USER}
|
||||||
MINIO_ROOT_PASSWORD: secret1234
|
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
|
||||||
command: server --console-address ":9001" /data
|
command: server --console-address ":9001" /data
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: [ "CMD", "curl", "-f", "http://minio:9000/minio/health/live" ]
|
test: [ "CMD", "mc", "ready", "local" ]
|
||||||
interval: 2s
|
interval: 2s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
@@ -18,20 +18,20 @@ services:
|
|||||||
- ./volumes/storage:/data:z
|
- ./volumes/storage:/data:z
|
||||||
|
|
||||||
minio-createbucket:
|
minio-createbucket:
|
||||||
image: minio/mc
|
image: cgr.dev/chainguard/minio-client:latest-dev
|
||||||
depends_on:
|
depends_on:
|
||||||
minio:
|
minio:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
entrypoint: >
|
entrypoint: >
|
||||||
/bin/sh -c "
|
/bin/sh -ec "
|
||||||
/usr/bin/mc alias set supa-minio http://minio:9000 supa-storage secret1234;
|
mc alias set supa-minio http://minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD} &&
|
||||||
/usr/bin/mc mb supa-minio/stub;
|
mc mb --ignore-existing supa-minio/${GLOBAL_S3_BUCKET}
|
||||||
exit 0;
|
|
||||||
"
|
"
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
container_name: supabase-storage
|
container_name: supabase-storage
|
||||||
image: supabase/storage-api:v1.11.13
|
image: supabase/storage-api:v1.37.8
|
||||||
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
# Disable this if you are using an external Postgres database
|
# Disable this if you are using an external Postgres database
|
||||||
@@ -40,6 +40,8 @@ services:
|
|||||||
condition: service_started
|
condition: service_started
|
||||||
imgproxy:
|
imgproxy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
|
minio-createbucket:
|
||||||
|
condition: service_completed_successfully
|
||||||
minio:
|
minio:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -50,45 +52,36 @@ services:
|
|||||||
"--no-verbose",
|
"--no-verbose",
|
||||||
"--tries=1",
|
"--tries=1",
|
||||||
"--spider",
|
"--spider",
|
||||||
"http://localhost:5000/status"
|
"http://storage:5000/status"
|
||||||
]
|
]
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
environment:
|
||||||
ANON_KEY: ${ANON_KEY}
|
ANON_KEY: ${ANON_KEY}
|
||||||
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
POSTGREST_URL: http://rest:3000
|
POSTGREST_URL: http://rest:3000
|
||||||
PGRST_JWT_SECRET: ${JWT_SECRET}
|
PGRST_JWT_SECRET: ${JWT_SECRET}
|
||||||
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
|
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
||||||
FILE_SIZE_LIMIT: 52428800
|
FILE_SIZE_LIMIT: 52428800
|
||||||
STORAGE_BACKEND: s3
|
STORAGE_BACKEND: s3
|
||||||
GLOBAL_S3_BUCKET: stub
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET: ${GLOBAL_S3_BUCKET}
|
||||||
|
# S3 Backend configuration
|
||||||
GLOBAL_S3_ENDPOINT: http://minio:9000
|
GLOBAL_S3_ENDPOINT: http://minio:9000
|
||||||
GLOBAL_S3_PROTOCOL: http
|
GLOBAL_S3_PROTOCOL: http
|
||||||
GLOBAL_S3_FORCE_PATH_STYLE: true
|
GLOBAL_S3_FORCE_PATH_STYLE: true
|
||||||
AWS_ACCESS_KEY_ID: supa-storage
|
AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER}
|
||||||
AWS_SECRET_ACCESS_KEY: secret1234
|
AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD}
|
||||||
AWS_DEFAULT_REGION: stub
|
#FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
||||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
TENANT_ID: ${STORAGE_TENANT_ID}
|
||||||
TENANT_ID: stub
|
|
||||||
# TODO: https://github.com/supabase/storage-api/issues/55
|
# TODO: https://github.com/supabase/storage-api/issues/55
|
||||||
REGION: stub
|
REGION: ${REGION}
|
||||||
ENABLE_IMAGE_TRANSFORMATION: "true"
|
ENABLE_IMAGE_TRANSFORMATION: "true"
|
||||||
IMGPROXY_URL: http://imgproxy:5001
|
IMGPROXY_URL: http://imgproxy:5001
|
||||||
volumes:
|
# S3 protocol endpoint configuration
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
S3_PROTOCOL_ACCESS_KEY_ID: ${S3_PROTOCOL_ACCESS_KEY_ID}
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET: ${S3_PROTOCOL_ACCESS_KEY_SECRET}
|
||||||
imgproxy:
|
#volumes:
|
||||||
container_name: supabase-imgproxy
|
# - ./volumes/storage:/var/lib/storage:z
|
||||||
image: darthsim/imgproxy:v3.8.0
|
|
||||||
healthcheck:
|
|
||||||
test: [ "CMD", "imgproxy", "health" ]
|
|
||||||
timeout: 5s
|
|
||||||
interval: 5s
|
|
||||||
retries: 3
|
|
||||||
environment:
|
|
||||||
IMGPROXY_BIND: ":5001"
|
|
||||||
IMGPROXY_USE_ETAG: "true"
|
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ name: supabase
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
studio:
|
studio:
|
||||||
image: supabase/studio:2025.06.30-sha-6f5982d
|
image: supabase/studio:2026.02.16-sha-26c615c
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -28,8 +28,15 @@ services:
|
|||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
environment:
|
environment:
|
||||||
|
# Binds nestjs listener to both IPv4 and IPv6 network interfaces
|
||||||
|
HOSTNAME: "::"
|
||||||
|
|
||||||
STUDIO_PG_META_URL: http://meta:8080
|
STUDIO_PG_META_URL: http://meta:8080
|
||||||
|
POSTGRES_PORT: ${POSTGRES_PORT}
|
||||||
|
POSTGRES_HOST: ${POSTGRES_HOST}
|
||||||
|
POSTGRES_DB: ${POSTGRES_DB}
|
||||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
PG_META_CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
||||||
|
|
||||||
DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}
|
DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}
|
||||||
DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}
|
DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}
|
||||||
@@ -41,13 +48,22 @@ services:
|
|||||||
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
AUTH_JWT_SECRET: ${JWT_SECRET}
|
AUTH_JWT_SECRET: ${JWT_SECRET}
|
||||||
|
|
||||||
|
# LOGFLARE_API_KEY is deprecated
|
||||||
|
LOGFLARE_API_KEY: ${LOGFLARE_PUBLIC_ACCESS_TOKEN}
|
||||||
|
LOGFLARE_PUBLIC_ACCESS_TOKEN: ${LOGFLARE_PUBLIC_ACCESS_TOKEN}
|
||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
||||||
|
|
||||||
LOGFLARE_URL: http://analytics:4000
|
LOGFLARE_URL: http://analytics:4000
|
||||||
NEXT_PUBLIC_ENABLE_LOGS: true
|
NEXT_PUBLIC_ENABLE_LOGS: true
|
||||||
# Comment to use Big Query backend for analytics
|
# Comment to use Big Query backend for analytics
|
||||||
NEXT_ANALYTICS_BACKEND_PROVIDER: postgres
|
NEXT_ANALYTICS_BACKEND_PROVIDER: postgres
|
||||||
# Uncomment to use Big Query backend for analytics
|
# Uncomment to use Big Query backend for analytics
|
||||||
# NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
|
# NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
|
||||||
|
SNIPPETS_MANAGEMENT_FOLDER: /app/snippets
|
||||||
|
EDGE_FUNCTIONS_MANAGEMENT_FOLDER: /app/edge-functions
|
||||||
|
volumes:
|
||||||
|
- ./volumes/snippets:/app/snippets:Z
|
||||||
|
- ./volumes/functions:/app/edge-functions:Z
|
||||||
|
|
||||||
kong:
|
kong:
|
||||||
image: kong:2.8.1
|
image: kong:2.8.1
|
||||||
@@ -55,6 +71,8 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
# https://github.com/supabase/supabase/issues/12661
|
# https://github.com/supabase/supabase/issues/12661
|
||||||
- ./volumes/api/kong.yml:/home/kong/temp.yml:ro,z
|
- ./volumes/api/kong.yml:/home/kong/temp.yml:ro,z
|
||||||
|
#- ./volumes/api/server.crt:/home/kong/server.crt:ro
|
||||||
|
#- ./volumes/api/server.key:/home/kong/server.key:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -63,9 +81,11 @@ services:
|
|||||||
KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
|
KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
|
||||||
# https://github.com/supabase/cli/issues/14
|
# https://github.com/supabase/cli/issues/14
|
||||||
KONG_DNS_ORDER: LAST,A,CNAME
|
KONG_DNS_ORDER: LAST,A,CNAME
|
||||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
|
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
||||||
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
||||||
|
#KONG_SSL_CERT: /home/kong/server.crt
|
||||||
|
#KONG_SSL_CERT_KEY: /home/kong/server.key
|
||||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||||
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}
|
DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}
|
||||||
@@ -75,7 +95,7 @@ services:
|
|||||||
/docker-entrypoint.sh kong docker-start'
|
/docker-entrypoint.sh kong docker-start'
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
image: supabase/gotrue:v2.177.0
|
image: supabase/gotrue:v2.186.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@@ -136,7 +156,47 @@ services:
|
|||||||
|
|
||||||
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}
|
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}
|
||||||
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}
|
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}
|
||||||
# Uncomment to enable custom access token hook. Please see: https://supabase.com/docs/guides/auth/auth-hooks for full list of hooks and additional details about custom_access_token_hook
|
# Uncomment to enable OAuth / social login providers.
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_ENABLED: ${GOOGLE_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_SECRET: ${GOOGLE_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_ENABLED: ${GITHUB_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_SECRET: ${GITHUB_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_ENABLED: ${AZURE_ENABLED}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_SECRET: ${AZURE_SECRET}
|
||||||
|
# GOTRUE_EXTERNAL_AZURE_REDIRECT_URI: ${API_EXTERNAL_URL}/auth/v1/callback
|
||||||
|
|
||||||
|
# Uncomment to configure SMS delivery (phone auth and phone MFA).
|
||||||
|
# GOTRUE_SMS_PROVIDER: ${SMS_PROVIDER}
|
||||||
|
# GOTRUE_SMS_OTP_EXP: ${SMS_OTP_EXP}
|
||||||
|
# GOTRUE_SMS_OTP_LENGTH: ${SMS_OTP_LENGTH}
|
||||||
|
# GOTRUE_SMS_MAX_FREQUENCY: ${SMS_MAX_FREQUENCY}
|
||||||
|
# GOTRUE_SMS_TEMPLATE: ${SMS_TEMPLATE}
|
||||||
|
|
||||||
|
# Twilio credentials (when SMS_PROVIDER=twilio)
|
||||||
|
# GOTRUE_SMS_TWILIO_ACCOUNT_SID: ${SMS_TWILIO_ACCOUNT_SID}
|
||||||
|
# GOTRUE_SMS_TWILIO_AUTH_TOKEN: ${SMS_TWILIO_AUTH_TOKEN}
|
||||||
|
# GOTRUE_SMS_TWILIO_MESSAGE_SERVICE_SID: ${SMS_TWILIO_MESSAGE_SERVICE_SID}
|
||||||
|
|
||||||
|
# Test OTP mappings for development
|
||||||
|
# GOTRUE_SMS_TEST_OTP: ${SMS_TEST_OTP}
|
||||||
|
|
||||||
|
# Uncomment to configure multi-factor authentication (MFA).
|
||||||
|
# GOTRUE_MFA_TOTP_ENROLL_ENABLED: ${MFA_TOTP_ENROLL_ENABLED}
|
||||||
|
# GOTRUE_MFA_TOTP_VERIFY_ENABLED: ${MFA_TOTP_VERIFY_ENABLED}
|
||||||
|
# GOTRUE_MFA_PHONE_ENROLL_ENABLED: ${MFA_PHONE_ENROLL_ENABLED}
|
||||||
|
# GOTRUE_MFA_PHONE_VERIFY_ENABLED: ${MFA_PHONE_VERIFY_ENABLED}
|
||||||
|
# GOTRUE_MFA_MAX_ENROLLED_FACTORS: ${MFA_MAX_ENROLLED_FACTORS}
|
||||||
|
|
||||||
|
# Uncomment to enable custom access token hook.
|
||||||
|
# See: https://supabase.com/docs/guides/auth/auth-hooks for
|
||||||
|
# full list of hooks and additional details about custom_access_token_hook
|
||||||
|
|
||||||
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true"
|
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true"
|
||||||
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook"
|
# GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook"
|
||||||
@@ -157,7 +217,7 @@ services:
|
|||||||
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
# GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
|
||||||
|
|
||||||
rest:
|
rest:
|
||||||
image: postgrest/postgrest:v12.2.12
|
image: postgrest/postgrest:v14.5
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -177,7 +237,7 @@ services:
|
|||||||
|
|
||||||
realtime:
|
realtime:
|
||||||
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
|
||||||
image: supabase/realtime:v2.34.47
|
image: supabase/realtime:v2.76.5
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -188,19 +248,14 @@ services:
|
|||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
"CMD",
|
"CMD-SHELL",
|
||||||
"curl",
|
"curl -sSfL --head -o /dev/null -H \"Authorization: Bearer
|
||||||
"-sSfL",
|
${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"
|
||||||
"--head",
|
|
||||||
"-o",
|
|
||||||
"/dev/null",
|
|
||||||
"-H",
|
|
||||||
"Authorization: Bearer ${ANON_KEY}",
|
|
||||||
"http://localhost:4000/api/tenants/realtime-dev/health"
|
|
||||||
]
|
]
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 30s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
start_period: 10s
|
||||||
environment:
|
environment:
|
||||||
PORT: 4000
|
PORT: 4000
|
||||||
DB_HOST: ${POSTGRES_HOST}
|
DB_HOST: ${POSTGRES_HOST}
|
||||||
@@ -216,15 +271,22 @@ services:
|
|||||||
DNS_NODES: "''"
|
DNS_NODES: "''"
|
||||||
RLIMIT_NOFILE: "10000"
|
RLIMIT_NOFILE: "10000"
|
||||||
APP_NAME: realtime
|
APP_NAME: realtime
|
||||||
SEED_SELF_HOST: true
|
SEED_SELF_HOST: "true"
|
||||||
RUN_JANITOR: true
|
RUN_JANITOR: "true"
|
||||||
|
DISABLE_HEALTHCHECK_LOGGING: "true"
|
||||||
|
|
||||||
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
# To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
|
||||||
storage:
|
storage:
|
||||||
image: supabase/storage-api:v1.25.7
|
image: supabase/storage-api:v1.37.8
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
depends_on:
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
db:
|
||||||
|
# Disable this if you are using an external Postgres database
|
||||||
|
condition: service_healthy
|
||||||
|
rest:
|
||||||
|
condition: service_started
|
||||||
|
imgproxy:
|
||||||
|
condition: service_started
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
[
|
[
|
||||||
@@ -238,32 +300,37 @@ services:
|
|||||||
timeout: 5s
|
timeout: 5s
|
||||||
interval: 5s
|
interval: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
# Disable this if you are using an external Postgres database
|
|
||||||
condition: service_healthy
|
|
||||||
rest:
|
|
||||||
condition: service_started
|
|
||||||
imgproxy:
|
|
||||||
condition: service_started
|
|
||||||
environment:
|
environment:
|
||||||
ANON_KEY: ${ANON_KEY}
|
ANON_KEY: ${ANON_KEY}
|
||||||
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
POSTGREST_URL: http://rest:3000
|
POSTGREST_URL: http://rest:3000
|
||||||
PGRST_JWT_SECRET: ${JWT_SECRET}
|
PGRST_JWT_SECRET: ${JWT_SECRET}
|
||||||
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
|
REQUEST_ALLOW_X_FORWARDED_PATH: "true"
|
||||||
FILE_SIZE_LIMIT: 52428800
|
FILE_SIZE_LIMIT: 52428800
|
||||||
STORAGE_BACKEND: file
|
STORAGE_BACKEND: file
|
||||||
|
# S3 bucket when using S3 backend, directory name when using 'file'
|
||||||
|
GLOBAL_S3_BUCKET: ${GLOBAL_S3_BUCKET}
|
||||||
|
# S3 Backend configuration
|
||||||
|
#GLOBAL_S3_ENDPOINT: https://your-s3-endpoint
|
||||||
|
#GLOBAL_S3_PROTOCOL: https
|
||||||
|
#GLOBAL_S3_FORCE_PATH_STYLE: true
|
||||||
|
#AWS_ACCESS_KEY_ID: your-access-key-id
|
||||||
|
#AWS_SECRET_ACCESS_KEY: your-secret-access-key
|
||||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
||||||
TENANT_ID: stub
|
TENANT_ID: ${STORAGE_TENANT_ID}
|
||||||
# TODO: https://github.com/supabase/storage-api/issues/55
|
# TODO: https://github.com/supabase/storage-api/issues/55
|
||||||
REGION: stub
|
REGION: ${REGION}
|
||||||
GLOBAL_S3_BUCKET: stub
|
|
||||||
ENABLE_IMAGE_TRANSFORMATION: "true"
|
ENABLE_IMAGE_TRANSFORMATION: "true"
|
||||||
IMGPROXY_URL: http://imgproxy:5001
|
IMGPROXY_URL: http://imgproxy:5001
|
||||||
|
# S3 protocol endpoint configuration
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_ID: ${S3_PROTOCOL_ACCESS_KEY_ID}
|
||||||
|
S3_PROTOCOL_ACCESS_KEY_SECRET: ${S3_PROTOCOL_ACCESS_KEY_SECRET}
|
||||||
|
volumes:
|
||||||
|
- ./volumes/storage:/var/lib/storage:z
|
||||||
|
|
||||||
imgproxy:
|
imgproxy:
|
||||||
image: darthsim/imgproxy:v3.8.0
|
image: darthsim/imgproxy:v3.30.1
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/storage:/var/lib/storage:z
|
- ./volumes/storage:/var/lib/storage:z
|
||||||
@@ -277,9 +344,10 @@ services:
|
|||||||
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
|
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
|
||||||
IMGPROXY_USE_ETAG: "true"
|
IMGPROXY_USE_ETAG: "true"
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|
||||||
|
IMGPROXY_MAX_SRC_RESOLUTION: 16.8
|
||||||
|
|
||||||
meta:
|
meta:
|
||||||
image: supabase/postgres-meta:v0.91.0
|
image: supabase/postgres-meta:v0.95.2
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
@@ -294,18 +362,21 @@ services:
|
|||||||
PG_META_DB_NAME: ${POSTGRES_DB}
|
PG_META_DB_NAME: ${POSTGRES_DB}
|
||||||
PG_META_DB_USER: supabase_admin
|
PG_META_DB_USER: supabase_admin
|
||||||
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
CRYPTO_KEY: ${PG_META_CRYPTO_KEY}
|
||||||
|
|
||||||
functions:
|
functions:
|
||||||
image: supabase/edge-runtime:v1.67.4
|
image: supabase/edge-runtime:v1.70.3
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/functions:/home/deno/functions:Z
|
- ./volumes/functions:/home/deno/functions:Z
|
||||||
|
- deno-cache:/root/.cache/deno
|
||||||
depends_on:
|
depends_on:
|
||||||
analytics:
|
analytics:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
environment:
|
environment:
|
||||||
JWT_SECRET: ${JWT_SECRET}
|
JWT_SECRET: ${JWT_SECRET}
|
||||||
SUPABASE_URL: http://kong:8000
|
SUPABASE_URL: http://kong:8000
|
||||||
|
SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL}
|
||||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||||
SUPABASE_SERVICE_ROLE_KEY: ${SERVICE_ROLE_KEY}
|
SUPABASE_SERVICE_ROLE_KEY: ${SERVICE_ROLE_KEY}
|
||||||
SUPABASE_DB_URL: postgresql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
SUPABASE_DB_URL: postgresql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
||||||
@@ -314,8 +385,10 @@ services:
|
|||||||
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
command: [ "start", "--main-service", "/home/deno/functions/main" ]
|
||||||
|
|
||||||
analytics:
|
analytics:
|
||||||
image: supabase/logflare:1.14.2
|
image: supabase/logflare:1.31.2
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
# ports:
|
||||||
|
# - 4000:4000
|
||||||
# Uncomment to use Big Query backend for analytics
|
# Uncomment to use Big Query backend for analytics
|
||||||
# volumes:
|
# volumes:
|
||||||
# - type: bind
|
# - type: bind
|
||||||
@@ -343,7 +416,6 @@ services:
|
|||||||
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
|
||||||
LOGFLARE_SINGLE_TENANT: true
|
LOGFLARE_SINGLE_TENANT: true
|
||||||
LOGFLARE_SUPABASE_MODE: true
|
LOGFLARE_SUPABASE_MODE: true
|
||||||
LOGFLARE_MIN_CLUSTER_SIZE: 1
|
|
||||||
|
|
||||||
# Comment variables to use Big Query backend for analytics
|
# Comment variables to use Big Query backend for analytics
|
||||||
POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/_supabase
|
POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/_supabase
|
||||||
@@ -355,7 +427,7 @@ services:
|
|||||||
|
|
||||||
# Comment out everything below this point if you are using an external Postgres database
|
# Comment out everything below this point if you are using an external Postgres database
|
||||||
db:
|
db:
|
||||||
image: supabase/postgres:15.8.1.060
|
image: supabase/postgres:15.8.1.085
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
|
- ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
|
||||||
@@ -403,7 +475,7 @@ services:
|
|||||||
]
|
]
|
||||||
|
|
||||||
vector:
|
vector:
|
||||||
image: timberio/vector:0.28.1-alpine
|
image: timberio/vector:0.53.0-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/logs/vector.yml:/etc/vector/vector.yml:ro,z
|
- ./volumes/logs/vector.yml:/etc/vector/vector.yml:ro,z
|
||||||
@@ -429,7 +501,7 @@ services:
|
|||||||
|
|
||||||
# Update the DATABASE_URL if you are using an external Postgres database
|
# Update the DATABASE_URL if you are using an external Postgres database
|
||||||
supavisor:
|
supavisor:
|
||||||
image: supabase/supavisor:2.5.7
|
image: supabase/supavisor:2.7.4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/pooler/pooler.exs:/etc/pooler/pooler.exs:ro,z
|
- ./volumes/pooler/pooler.exs:/etc/pooler/pooler.exs:ro,z
|
||||||
@@ -480,3 +552,4 @@ services:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
db-config:
|
db-config:
|
||||||
|
deno-cache:
|
||||||
|
|||||||
+62
-30
@@ -1,44 +1,76 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
|
|
||||||
echo "WARNING: This will remove all containers and container data, and will reset the .env file. This action cannot be undone!"
|
set -e
|
||||||
read -p "Are you sure you want to proceed? (y/N) " -n 1 -r
|
|
||||||
echo # Move to a new line
|
auto_confirm=0
|
||||||
if [[ ! $REPLY =~ ^[Yy]$ ]]
|
|
||||||
then
|
confirm () {
|
||||||
echo "Operation cancelled."
|
if [ "$auto_confirm" = "1" ]; then
|
||||||
exit 1
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Are you sure you want to proceed? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Script canceled."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$1" = "-y" ]; then
|
||||||
|
auto_confirm=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Stopping and removing all containers..."
|
echo ""
|
||||||
docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
echo "*** WARNING: This will remove all containers and container data, and optionally reset .env ***"
|
||||||
|
echo ""
|
||||||
|
|
||||||
echo "Cleaning up bind-mounted directories..."
|
confirm
|
||||||
BIND_MOUNTS=(
|
|
||||||
"./volumes/db/data"
|
|
||||||
)
|
|
||||||
|
|
||||||
for DIR in "${BIND_MOUNTS[@]}"; do
|
echo "===> Stopping and removing all containers..."
|
||||||
if [ -d "$DIR" ]; then
|
|
||||||
echo "Deleting $DIR..."
|
if [ -f ".env" ]; then
|
||||||
rm -rf "$DIR"
|
docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
||||||
else
|
elif [ -f ".env.example" ]; then
|
||||||
echo "Directory $DIR does not exist. Skipping bind mount deletion step..."
|
echo "No .env found, using .env.example for docker compose down..."
|
||||||
fi
|
docker compose --env-file .env.example -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans
|
||||||
|
else
|
||||||
|
echo "Skipping 'docker compose down' because there's no env-file."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "===> Cleaning up bind-mounted directories..."
|
||||||
|
BIND_MOUNTS="./volumes/db/data ./volumes/storage"
|
||||||
|
|
||||||
|
for dir in $BIND_MOUNTS; do
|
||||||
|
if [ -d "$dir" ]; then
|
||||||
|
echo "Removing $dir..."
|
||||||
|
confirm
|
||||||
|
rm -rf "$dir"
|
||||||
|
else
|
||||||
|
echo "$dir not found."
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Resetting .env file..."
|
echo "===> Resetting .env file (will save backup to .env.old)..."
|
||||||
if [ -f ".env" ]; then
|
confirm
|
||||||
echo "Removing existing .env file..."
|
if [ -f ".env" ] || [ -L ".env" ]; then
|
||||||
rm -f .env
|
echo "Renaming existing .env file to .env.old"
|
||||||
|
mv .env .env.old
|
||||||
else
|
else
|
||||||
echo "No .env file found. Skipping .env removal step..."
|
echo "No .env file found."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f ".env.example" ]; then
|
if [ -f ".env.example" ]; then
|
||||||
echo "Copying .env.example to .env..."
|
echo "===> Copying .env.example to .env"
|
||||||
cp .env.example .env
|
cp .env.example .env
|
||||||
else
|
else
|
||||||
echo ".env.example file not found. Skipping .env reset step..."
|
echo "No .env.example found, can't restore .env to default values."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Cleanup complete!"
|
echo "Cleanup complete!"
|
||||||
|
echo "Re-run 'docker compose pull' to update images."
|
||||||
|
echo ""
|
||||||
|
|||||||
@@ -0,0 +1,157 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Portions of this code are derived from Inder Singh's update-db-pass.sh
|
||||||
|
# Copyright 2025 Inder Singh. Licensed under Apache License 2.0.
|
||||||
|
# Original source:
|
||||||
|
# https://github.com/singh-inder/supabase-automated-self-host/blob/main/docker/update-db-pass.sh
|
||||||
|
#
|
||||||
|
# GitHub discussion here:
|
||||||
|
# https://github.com/supabase/supabase/issues/22605#issuecomment-3323382144
|
||||||
|
#
|
||||||
|
# Changed:
|
||||||
|
# - POSIX shell compatibility
|
||||||
|
# - No hardcoded values for database service and admin user
|
||||||
|
# - Use .env for the admin user and database service port
|
||||||
|
# - Does _not_ set password for supabase_read_only_user (this role is not
|
||||||
|
# supposed to have a password)
|
||||||
|
# - Print all values and confirm before updating
|
||||||
|
# - Stop on any errors
|
||||||
|
#
|
||||||
|
# Heads up:
|
||||||
|
# - Updating _analytics.source_backends is not needed after PR logflare#2069
|
||||||
|
# - Newer Logflare versions use a different table and update connection string
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if ! docker compose version > /dev/null 2>&1; then
|
||||||
|
echo "Docker Compose not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f .env ]; then
|
||||||
|
echo "Missing .env file. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate random hex-only password to avoid issues with SQL/shell
|
||||||
|
new_passwd="$(openssl rand -hex 16)"
|
||||||
|
# If replacing with a custom password, avoid using @/?#:&
|
||||||
|
# https://supabase.com/docs/guides/database/postgres/roles#passwords
|
||||||
|
# new_passwd="d0notUseSpecialSymbolsForPq123-"
|
||||||
|
|
||||||
|
# Check Postgres service
|
||||||
|
db_image_prefix="supabase.postgres:"
|
||||||
|
|
||||||
|
compose_output=$(docker compose ps \
|
||||||
|
--format '{{.Image}}\t{{.Service}}\t{{.Status}}' 2>/dev/null | \
|
||||||
|
grep -m1 "^$db_image_prefix" || true)
|
||||||
|
|
||||||
|
if [ -z "$compose_output" ]; then
|
||||||
|
echo "Postgres container not found. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
db_image=$(echo "$compose_output" | cut -f1)
|
||||||
|
db_srv_name=$(echo "$compose_output" | cut -f2)
|
||||||
|
db_srv_status=$(echo "$compose_output" | cut -f3)
|
||||||
|
|
||||||
|
case "$db_srv_status" in
|
||||||
|
Up*)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Postgres container status: $db_srv_status"
|
||||||
|
echo "Exiting."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
db_srv_port=$(grep "^POSTGRES_PORT=" .env | cut -d '=' -f 2)
|
||||||
|
port_source=" (.env):"
|
||||||
|
if [ -z "$db_srv_port" ]; then
|
||||||
|
db_srv_port="5432"
|
||||||
|
port_source=" (default):"
|
||||||
|
fi
|
||||||
|
|
||||||
|
db_admin_user="supabase_admin"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "*** Check configuration below before updating database passwords! ***"
|
||||||
|
echo ""
|
||||||
|
echo "Service name: $db_srv_name"
|
||||||
|
echo "Service status: $db_srv_status"
|
||||||
|
echo "Service port${port_source} $db_srv_port"
|
||||||
|
echo "Image: $db_image"
|
||||||
|
echo ""
|
||||||
|
echo "Admin user: $db_admin_user"
|
||||||
|
|
||||||
|
if ! test -t 0; then
|
||||||
|
echo ""
|
||||||
|
echo "Running non-interactively. Not updating passwords."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "New database password: $new_passwd"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
printf "Update database passwords? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Canceled. Not updating passwords."
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo "Updating passwords..."
|
||||||
|
echo "Connecting to the database service container..."
|
||||||
|
|
||||||
|
docker compose exec -T "$db_srv_name" psql -U "$db_admin_user" -d "_supabase" -v ON_ERROR_STOP=1 <<EOF
|
||||||
|
alter user anon with password '${new_passwd}';
|
||||||
|
alter user authenticated with password '${new_passwd}';
|
||||||
|
alter user authenticator with password '${new_passwd}';
|
||||||
|
alter user dashboard_user with password '${new_passwd}';
|
||||||
|
alter user pgbouncer with password '${new_passwd}';
|
||||||
|
alter user postgres with password '${new_passwd}';
|
||||||
|
alter user service_role with password '${new_passwd}';
|
||||||
|
alter user supabase_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_auth_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_functions_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_replication_admin with password '${new_passwd}';
|
||||||
|
alter user supabase_storage_admin with password '${new_passwd}';
|
||||||
|
|
||||||
|
DROP SCHEMA _supavisor CASCADE;
|
||||||
|
create schema if not exists _supavisor;
|
||||||
|
alter schema _supavisor owner to supabase_admin;
|
||||||
|
|
||||||
|
DO \$\$
|
||||||
|
BEGIN
|
||||||
|
IF EXISTS (
|
||||||
|
SELECT 1
|
||||||
|
FROM information_schema.tables
|
||||||
|
WHERE table_schema = '_analytics'
|
||||||
|
AND table_name = 'source_backends'
|
||||||
|
) THEN
|
||||||
|
UPDATE _analytics.source_backends
|
||||||
|
SET config = jsonb_set(
|
||||||
|
config,
|
||||||
|
'{url}',
|
||||||
|
'"postgresql://${db_admin_user}:${new_passwd}@${db_srv_name}:${db_srv_port}/postgres"',
|
||||||
|
false
|
||||||
|
)
|
||||||
|
WHERE type = 'postgres';
|
||||||
|
END IF;
|
||||||
|
END
|
||||||
|
\$\$;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Updating POSTGRES_PASSWORD in .env..."
|
||||||
|
sed -i.old "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=$new_passwd|" .env
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Success. To update and restart containers use:"
|
||||||
|
echo ""
|
||||||
|
echo "docker compose up -d --force-recreate"
|
||||||
|
echo ""
|
||||||
@@ -0,0 +1,123 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Portions of this code are derived from Inder Singh's setup.sh shell script.
|
||||||
|
# Copyright 2025 Inder Singh. Licensed under Apache License 2.0.
|
||||||
|
# Original source: https://github.com/singh-inder/supabase-automated-self-host/blob/main/setup.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
gen_hex() {
|
||||||
|
openssl rand -hex "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_base64() {
|
||||||
|
openssl rand -base64 "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
base64_url_encode() {
|
||||||
|
openssl enc -base64 -A | tr '+/' '-_' | tr -d '='
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_token() {
|
||||||
|
payload=$1
|
||||||
|
payload_base64=$(printf %s "$payload" | base64_url_encode)
|
||||||
|
header_base64=$(printf %s "$header" | base64_url_encode)
|
||||||
|
signed_content="${header_base64}.${payload_base64}"
|
||||||
|
signature=$(printf %s "$signed_content" | openssl dgst -binary -sha256 -hmac "$jwt_secret" | base64_url_encode)
|
||||||
|
printf '%s' "${signed_content}.${signature}"
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! command -v openssl >/dev/null 2>&1; then
|
||||||
|
echo "Error: openssl is required but not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
jwt_secret="$(gen_base64 30)"
|
||||||
|
|
||||||
|
# Used in get_token()
|
||||||
|
header='{"alg":"HS256","typ":"JWT"}'
|
||||||
|
iat=$(date +%s)
|
||||||
|
exp=$((iat + 5 * 3600 * 24 * 365)) # 5 years
|
||||||
|
|
||||||
|
# Normalizes JSON formatting so that the token matches https://www.jwt.io/ results
|
||||||
|
anon_payload="{\"role\":\"anon\",\"iss\":\"supabase\",\"iat\":$iat,\"exp\":$exp}"
|
||||||
|
service_role_payload="{\"role\":\"service_role\",\"iss\":\"supabase\",\"iat\":$iat,\"exp\":$exp}"
|
||||||
|
|
||||||
|
#echo "anon_payload=$anon_payload"
|
||||||
|
#echo "service_role_payload=$service_role_payload"
|
||||||
|
|
||||||
|
anon_key=$(gen_token "$anon_payload")
|
||||||
|
service_role_key=$(gen_token "$service_role_payload")
|
||||||
|
|
||||||
|
secret_key_base=$(gen_base64 48)
|
||||||
|
vault_enc_key=$(gen_hex 16)
|
||||||
|
pg_meta_crypto_key=$(gen_base64 24)
|
||||||
|
|
||||||
|
logflare_public_access_token=$(gen_base64 24)
|
||||||
|
logflare_private_access_token=$(gen_base64 24)
|
||||||
|
|
||||||
|
s3_protocol_access_key_id=$(gen_hex 16)
|
||||||
|
s3_protocol_access_key_secret=$(gen_hex 32)
|
||||||
|
|
||||||
|
minio_root_password=$(gen_hex 16)
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "JWT_SECRET=${jwt_secret}"
|
||||||
|
echo ""
|
||||||
|
#echo "Issued at: $iat"
|
||||||
|
#echo "Expire: $exp"
|
||||||
|
echo "ANON_KEY=${anon_key}"
|
||||||
|
echo "SERVICE_ROLE_KEY=${service_role_key}"
|
||||||
|
echo ""
|
||||||
|
echo "SECRET_KEY_BASE=${secret_key_base}"
|
||||||
|
echo "VAULT_ENC_KEY=${vault_enc_key}"
|
||||||
|
echo "PG_META_CRYPTO_KEY=${pg_meta_crypto_key}"
|
||||||
|
echo "LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public_access_token}"
|
||||||
|
echo "LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}"
|
||||||
|
echo "S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}"
|
||||||
|
echo "S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}"
|
||||||
|
echo "MINIO_ROOT_PASSWORD=${minio_root_password}"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
postgres_password=$(gen_hex 16)
|
||||||
|
dashboard_password=$(gen_hex 16)
|
||||||
|
|
||||||
|
echo "POSTGRES_PASSWORD=${postgres_password}"
|
||||||
|
echo "DASHBOARD_PASSWORD=${dashboard_password}"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
if ! test -t 0; then
|
||||||
|
echo "Running non-interactively. Skipping .env update."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Update .env file? (y/N) "
|
||||||
|
read -r REPLY
|
||||||
|
case "$REPLY" in
|
||||||
|
[Yy])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Not updating .env"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo "Updating .env..."
|
||||||
|
|
||||||
|
sed \
|
||||||
|
-i.old \
|
||||||
|
-e "s|^JWT_SECRET=.*$|JWT_SECRET=${jwt_secret}|" \
|
||||||
|
-e "s|^ANON_KEY=.*$|ANON_KEY=${anon_key}|" \
|
||||||
|
-e "s|^SERVICE_ROLE_KEY=.*$|SERVICE_ROLE_KEY=${service_role_key}|" \
|
||||||
|
-e "s|^SECRET_KEY_BASE=.*$|SECRET_KEY_BASE=${secret_key_base}|" \
|
||||||
|
-e "s|^VAULT_ENC_KEY=.*$|VAULT_ENC_KEY=${vault_enc_key}|" \
|
||||||
|
-e "s|^PG_META_CRYPTO_KEY=.*$|PG_META_CRYPTO_KEY=${pg_meta_crypto_key}|" \
|
||||||
|
-e "s|^LOGFLARE_PUBLIC_ACCESS_TOKEN=.*$|LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public_access_token}|" \
|
||||||
|
-e "s|^LOGFLARE_PRIVATE_ACCESS_TOKEN=.*$|LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private_access_token}|" \
|
||||||
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_ID=.*$|S3_PROTOCOL_ACCESS_KEY_ID=${s3_protocol_access_key_id}|" \
|
||||||
|
-e "s|^S3_PROTOCOL_ACCESS_KEY_SECRET=.*$|S3_PROTOCOL_ACCESS_KEY_SECRET=${s3_protocol_access_key_secret}|" \
|
||||||
|
-e "s|^MINIO_ROOT_PASSWORD=.*$|MINIO_ROOT_PASSWORD=${minio_root_password}|" \
|
||||||
|
-e "s|^POSTGRES_PASSWORD=.*$|POSTGRES_PASSWORD=${postgres_password}|" \
|
||||||
|
-e "s|^DASHBOARD_PASSWORD=.*$|DASHBOARD_PASSWORD=${dashboard_password}|" \
|
||||||
|
.env
|
||||||
@@ -0,0 +1,107 @@
|
|||||||
|
# Docker Image Versions
|
||||||
|
|
||||||
|
## 2026-02-16
|
||||||
|
- supabase/studio:2026.02.16-sha-26c615c (prev supabase/studio:2026.01.27-sha-6aa59ff)
|
||||||
|
- supabase/gotrue:v2.186.0 (prev supabase/gotrue:v2.185.0)
|
||||||
|
- postgrest/postgrest:v14.5 (prev postgrest/postgrest:v14.3)
|
||||||
|
- supabase/realtime:v2.76.5 (prev supabase/realtime:v2.72.0)
|
||||||
|
- supabase/storage-api:v1.37.8 (prev supabase/storage-api:v1.37.1)
|
||||||
|
- supabase/edge-runtime:v1.70.3 (prev supabase/edge-runtime:v1.70.0)
|
||||||
|
- supabase/logflare:1.31.2 (prev supabase/logflare:1.30.3)
|
||||||
|
- timberio/vector:0.53.0-alpine (prev timberio/vector:0.28.1-alpine)
|
||||||
|
|
||||||
|
## 2026-02-05
|
||||||
|
- supabase/storage-api:v1.37.1 (prev supabase/storage-api:v1.33.5)
|
||||||
|
|
||||||
|
## 2026-01-27
|
||||||
|
- supabase/studio:2026.01.27-sha-6aa59ff (prev supabase/studio:2025.12.17-sha-43f4f7f)
|
||||||
|
- supabase/gotrue:v2.185.0 (prev supabase/gotrue:v2.184.0)
|
||||||
|
- postgrest/postgrest:v14.3 (prev postgrest/postgrest:v14.1)
|
||||||
|
- supabase/realtime:v2.72.0 (prev supabase/realtime:v2.68.0)
|
||||||
|
- supabase/storage-api:v1.33.5 (prev supabase/storage-api:v1.33.0)
|
||||||
|
- darthsim/imgproxy:v3.30.1 (prev darthsim/imgproxy:v3.8.0)
|
||||||
|
- supabase/postgres-meta:v0.95.2 (prev supabase/postgres-meta:v0.95.1)
|
||||||
|
- supabase/edge-runtime:v1.70.0 (prev supabase/edge-runtime:v1.69.28)
|
||||||
|
- supabase/logflare:1.30.3 (prev supabase/logflare:1.27.0)
|
||||||
|
|
||||||
|
## 2025-12-18
|
||||||
|
- supabase/studio:2025.12.17-sha-43f4f7f (prev supabase/studio:2025.12.09-sha-434634f)
|
||||||
|
- supabase/gotrue:v2.184.0 (prev supabase/gotrue:v2.183.0)
|
||||||
|
- supabase/postgres-meta:v0.95.1 (prev supabase/postgres-meta:v0.93.1)
|
||||||
|
- supabase/logflare:1.27.0 (prev supabase/logflare:1.26.25)
|
||||||
|
|
||||||
|
## 2025-12-10
|
||||||
|
- supabase/studio:2025.12.09-sha-434634f (prev supabase/studio:2025.11.26-sha-8f096b5)
|
||||||
|
- postgrest/postgrest:v14.1 (prev postgrest/postgrest:v13.0.7)
|
||||||
|
- supabase/realtime:v2.68.0 (prev supabase/realtime:v2.65.3)
|
||||||
|
- supabase/storage-api:v1.33.0 (prev supabase/storage-api:v1.32.0)
|
||||||
|
- supabase/edge-runtime:v1.69.28 (prev supabase/edge-runtime:v1.69.25)
|
||||||
|
- supabase/logflare:1.26.25 (prev supabase/logflare:1.26.13)
|
||||||
|
|
||||||
|
## 2025-11-26
|
||||||
|
- supabase/studio:2025.11.26-sha-8f096b5 (prev supabase/studio:2025.11.24-sha-d990ae8)
|
||||||
|
- supabase/realtime:v2.65.3 (prev supabase/realtime:v2.65.2)
|
||||||
|
- supabase/logflare:1.26.13 (prev supabase/logflare:1.26.12)
|
||||||
|
|
||||||
|
## 2025-11-25
|
||||||
|
- supabase/studio:2025.11.24-sha-d990ae8 (prev supabase/studio:2025.11.10-sha-5291fe3)
|
||||||
|
- supabase/gotrue:v2.183.0 (prev supabase/gotrue:v2.182.1)
|
||||||
|
- supabase/realtime:v2.65.2 (prev supabase/realtime:v2.63.0)
|
||||||
|
- supabase/storage-api:v1.32.0 (prev supabase/storage-api:v1.29.0)
|
||||||
|
- supabase/edge-runtime:v1.69.25 (prev supabase/edge-runtime:v1.69.23)
|
||||||
|
- supabase/logflare:1.26.12 (prev supabase/logflare:1.22.6)
|
||||||
|
|
||||||
|
## 2025-11-12
|
||||||
|
- supabase/studio:2025.11.10-sha-5291fe3 (prev 2025.10.27-sha-85b84e0)
|
||||||
|
- supabase/gotrue:v2.182.1 (prev v2.180.0)
|
||||||
|
- supabase/realtime:v2.63.0 (prev v2.57.2)
|
||||||
|
- supabase/storage-api:v1.29.0 (prev v1.28.2)
|
||||||
|
- supabase/edge-runtime:v1.69.23 (prev v1.69.15)
|
||||||
|
- supabase/supavisor:2.7.4 (prev 2.7.3)
|
||||||
|
|
||||||
|
## 2025-10-28
|
||||||
|
- supabase/studio:2025.10.27-sha-85b84e0 (prev 2025.10.20-sha-5005fc6)
|
||||||
|
- supabase/realtime:v2.57.2 (prev v2.56.0)
|
||||||
|
- supabase/storage-api:v1.28.2 (prev v1.28.1)
|
||||||
|
- supabase/postgres-meta:v0.93.1 (prev v0.93.0)
|
||||||
|
- supabase/edge-runtime:v1.69.15 (prev v1.69.14)
|
||||||
|
|
||||||
|
## 2025-10-21
|
||||||
|
- supabase/studio:2025.10.20-sha-5005fc6 (prev 2025.10.01-sha-8460121)
|
||||||
|
- supabase/realtime:v2.56.0 (prev v2.51.11)
|
||||||
|
- supabase/storage-api:v1.28.1 (prev v1.28.0)
|
||||||
|
- supabase/postgres-meta:v0.93.0 (prev v0.91.6)
|
||||||
|
- supabase/edge-runtime:v1.69.14 (prev v1.69.6)
|
||||||
|
- supabase/supavisor:2.7.3 (prev 2.7.0)
|
||||||
|
|
||||||
|
## 2025-10-13
|
||||||
|
- supabase/logflare:1.22.6 (prev 1.22.4)
|
||||||
|
|
||||||
|
## 2025-10-08
|
||||||
|
- supabase/studio:2025.10.01-sha-8460121 (prev 2025.06.30-sha-6f5982d)
|
||||||
|
- supabase/gotrue:v2.180.0 (prev v2.177.0)
|
||||||
|
- postgrest/postgrest:v13.0.7 (prev v12.2.12)
|
||||||
|
- supabase/realtime:v2.51.11 (prev v2.34.47)
|
||||||
|
- supabase/storage-api:v1.28.0 (prev v1.25.7)
|
||||||
|
- supabase/postgres-meta:v0.91.6 (prev v0.91.0)
|
||||||
|
- supabase/logflare:1.22.4 (prev 1.14.2)
|
||||||
|
- supabase/postgres:15.8.1.085 (prev 15.8.1.060)
|
||||||
|
- supabase/supavisor:2.7.0 (prev 2.5.7)
|
||||||
|
|
||||||
|
## 2025-07-15
|
||||||
|
- supabase/gotrue:v2.177.0 (prev v2.176.1)
|
||||||
|
- supabase/storage-api:v1.25.7 (prev v1.24.7)
|
||||||
|
- supabase/postgres-meta:v0.91.0 (prev v0.89.3)
|
||||||
|
- supabase/supavisor:2.5.7 (prev 2.5.6)
|
||||||
|
|
||||||
|
## 2025-07-02
|
||||||
|
- supabase/studio:2025.06.30-sha-6f5982d (prev 2025.06.02-sha-8f2993d)
|
||||||
|
- supabase/gotrue:v2.176.1 (prev v2.174.0)
|
||||||
|
- supabase/storage-api:v1.24.7 (prev v1.23.0)
|
||||||
|
- supabase/supavisor:2.5.6 (prev 2.5.1)
|
||||||
|
|
||||||
|
## 2025-06-03
|
||||||
|
- supabase/studio:2025.06.02-sha-8f2993d (prev 2025.05.19-sha-3487831)
|
||||||
|
- supabase/gotrue:v2.174.0 (prev v2.172.1)
|
||||||
|
- supabase/storage-api:v1.23.0 (prev v1.22.17)
|
||||||
|
- supabase/postgres-meta:v0.89.3 (prev v0.89.0)
|
||||||
@@ -27,8 +27,8 @@ acls:
|
|||||||
###
|
###
|
||||||
basicauth_credentials:
|
basicauth_credentials:
|
||||||
- consumer: DASHBOARD
|
- consumer: DASHBOARD
|
||||||
username: $DASHBOARD_USERNAME
|
username: '$DASHBOARD_USERNAME'
|
||||||
password: $DASHBOARD_PASSWORD
|
password: '$DASHBOARD_PASSWORD'
|
||||||
|
|
||||||
###
|
###
|
||||||
### API Routes
|
### API Routes
|
||||||
@@ -197,14 +197,29 @@ services:
|
|||||||
- name: cors
|
- name: cors
|
||||||
|
|
||||||
## Analytics routes
|
## Analytics routes
|
||||||
- name: analytics-v1
|
## Not used - Studio and Vector talk directly to analytics via Docker networking.
|
||||||
_comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
|
## If external access is needed, add routes with key-auth matching Logflare's x-api-key auth.
|
||||||
url: http://analytics:4000/
|
# - name: analytics-v1-api
|
||||||
routes:
|
# _comment: 'Analytics: /analytics/v1/api/endpoints/* -> http://logflare:4000/api/endpoints/*'
|
||||||
- name: analytics-v1-all
|
# url: http://analytics:4000/api/endpoints
|
||||||
strip_path: true
|
# routes:
|
||||||
paths:
|
# - name: analytics-v1-api
|
||||||
- /analytics/v1/
|
# strip_path: true
|
||||||
|
# paths:
|
||||||
|
# - /analytics/v1/api/endpoints/
|
||||||
|
# - name: analytics-v1
|
||||||
|
# _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
|
||||||
|
# url: http://analytics:4000/
|
||||||
|
# routes:
|
||||||
|
# - name: dashboard-v1-all
|
||||||
|
# strip_path: true
|
||||||
|
# paths:
|
||||||
|
# - /analytics/v1
|
||||||
|
# plugins:
|
||||||
|
# - name: cors
|
||||||
|
# - name: basic-auth
|
||||||
|
# config:
|
||||||
|
# hide_credentials: true
|
||||||
|
|
||||||
## Secure Database routes
|
## Secure Database routes
|
||||||
- name: meta
|
- name: meta
|
||||||
@@ -225,6 +240,48 @@ services:
|
|||||||
allow:
|
allow:
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
|
## Block access to /api/mcp
|
||||||
|
- name: mcp-blocker
|
||||||
|
_comment: 'Block direct access to /api/mcp'
|
||||||
|
url: http://studio:3000/api/mcp
|
||||||
|
routes:
|
||||||
|
- name: mcp-blocker-route
|
||||||
|
strip_path: true
|
||||||
|
paths:
|
||||||
|
- /api/mcp
|
||||||
|
plugins:
|
||||||
|
- name: request-termination
|
||||||
|
config:
|
||||||
|
status_code: 403
|
||||||
|
message: "Access is forbidden."
|
||||||
|
|
||||||
|
## MCP endpoint - local access
|
||||||
|
- name: mcp
|
||||||
|
_comment: 'MCP: /mcp -> http://studio:3000/api/mcp (local access)'
|
||||||
|
url: http://studio:3000/api/mcp
|
||||||
|
routes:
|
||||||
|
- name: mcp
|
||||||
|
strip_path: true
|
||||||
|
paths:
|
||||||
|
- /mcp
|
||||||
|
plugins:
|
||||||
|
# Block access to /mcp by default
|
||||||
|
- name: request-termination
|
||||||
|
config:
|
||||||
|
status_code: 403
|
||||||
|
message: "Access is forbidden."
|
||||||
|
# Enable local access (danger zone!)
|
||||||
|
# 1. Comment out the 'request-termination' section above
|
||||||
|
# 2. Uncomment the entire section below, including 'deny'
|
||||||
|
# 3. Add your local IPs to the 'allow' list
|
||||||
|
#- name: cors
|
||||||
|
#- name: ip-restriction
|
||||||
|
# config:
|
||||||
|
# allow:
|
||||||
|
# - 127.0.0.1
|
||||||
|
# - ::1
|
||||||
|
# deny: []
|
||||||
|
|
||||||
## Protected Dashboard - catch all remaining routes
|
## Protected Dashboard - catch all remaining routes
|
||||||
- name: dashboard
|
- name: dashboard
|
||||||
_comment: 'Studio: /* -> http://studio:3000/*'
|
_comment: 'Studio: /* -> http://studio:3000/*'
|
||||||
|
|||||||
@@ -2,9 +2,7 @@
|
|||||||
// https://deno.land/manual/getting_started/setup_your_environment
|
// https://deno.land/manual/getting_started/setup_your_environment
|
||||||
// This enables autocomplete, go to definition, etc.
|
// This enables autocomplete, go to definition, etc.
|
||||||
|
|
||||||
import { serve } from "https://deno.land/std@0.177.1/http/server.ts"
|
Deno.serve(async () => {
|
||||||
|
|
||||||
serve(async () => {
|
|
||||||
return new Response(
|
return new Response(
|
||||||
`"Hello from Edge Functions!"`,
|
`"Hello from Edge Functions!"`,
|
||||||
{ headers: { "Content-Type": "application/json" } },
|
{ headers: { "Content-Type": "application/json" } },
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
import { serve } from 'https://deno.land/std@0.131.0/http/server.ts'
|
|
||||||
import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
|
import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
|
||||||
|
|
||||||
console.log('main function started')
|
console.log('main function started')
|
||||||
@@ -30,7 +29,7 @@ async function verifyJWT(jwt: string): Promise<boolean> {
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
serve(async (req: Request) => {
|
Deno.serve(async (req: Request) => {
|
||||||
if (req.method !== 'OPTIONS' && VERIFY_JWT) {
|
if (req.method !== 'OPTIONS' && VERIFY_JWT) {
|
||||||
try {
|
try {
|
||||||
const token = getAuthToken(req)
|
const token = getAuthToken(req)
|
||||||
|
|||||||
@@ -33,9 +33,9 @@ transforms:
|
|||||||
kong: '.appname == "supabase-kong"'
|
kong: '.appname == "supabase-kong"'
|
||||||
auth: '.appname == "supabase-auth"'
|
auth: '.appname == "supabase-auth"'
|
||||||
rest: '.appname == "supabase-rest"'
|
rest: '.appname == "supabase-rest"'
|
||||||
realtime: '.appname == "supabase-realtime"'
|
realtime: '.appname == "realtime-dev.supabase-realtime"'
|
||||||
storage: '.appname == "supabase-storage"'
|
storage: '.appname == "supabase-storage"'
|
||||||
functions: '.appname == "supabase-functions"'
|
functions: '.appname == "supabase-edge-functions"'
|
||||||
db: '.appname == "supabase-db"'
|
db: '.appname == "supabase-db"'
|
||||||
# Ignores non nginx errors since they are related with kong booting up
|
# Ignores non nginx errors since they are related with kong booting up
|
||||||
kong_logs:
|
kong_logs:
|
||||||
@@ -49,10 +49,13 @@ transforms:
|
|||||||
.metadata.request.headers.referer = req.referer
|
.metadata.request.headers.referer = req.referer
|
||||||
.metadata.request.headers.user_agent = req.agent
|
.metadata.request.headers.user_agent = req.agent
|
||||||
.metadata.request.headers.cf_connecting_ip = req.client
|
.metadata.request.headers.cf_connecting_ip = req.client
|
||||||
.metadata.request.method = req.method
|
|
||||||
.metadata.request.path = req.path
|
|
||||||
.metadata.request.protocol = req.protocol
|
|
||||||
.metadata.response.status_code = req.status
|
.metadata.response.status_code = req.status
|
||||||
|
url, split_err = split(req.request, " ")
|
||||||
|
if split_err == null {
|
||||||
|
.metadata.request.method = url[0]
|
||||||
|
.metadata.request.path = url[1]
|
||||||
|
.metadata.request.protocol = url[2]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if err != null {
|
if err != null {
|
||||||
abort
|
abort
|
||||||
@@ -101,14 +104,20 @@ transforms:
|
|||||||
parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
|
parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
|
||||||
if err == null {
|
if err == null {
|
||||||
.event_message = parsed.msg
|
.event_message = parsed.msg
|
||||||
.timestamp = to_timestamp!(parsed.time)
|
.timestamp = parse_timestamp!(value: parsed.time,format: "%d/%b/%Y:%H:%M:%S %z")
|
||||||
.metadata.host = .project
|
.metadata.host = .project
|
||||||
}
|
}
|
||||||
|
# Filter out healthcheck logs from Realtime
|
||||||
|
realtime_logs_filtered:
|
||||||
|
type: filter
|
||||||
|
inputs:
|
||||||
|
- router.realtime
|
||||||
|
condition: '!contains(string!(.event_message), "/health")'
|
||||||
# Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
|
# Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
|
||||||
realtime_logs:
|
realtime_logs:
|
||||||
type: remap
|
type: remap
|
||||||
inputs:
|
inputs:
|
||||||
- router.realtime
|
- realtime_logs_filtered
|
||||||
source: |-
|
source: |-
|
||||||
.metadata.project = del(.project)
|
.metadata.project = del(.project)
|
||||||
.metadata.external_id = .metadata.project
|
.metadata.external_id = .metadata.project
|
||||||
@@ -117,6 +126,13 @@ transforms:
|
|||||||
.event_message = parsed.msg
|
.event_message = parsed.msg
|
||||||
.metadata.level = parsed.level
|
.metadata.level = parsed.level
|
||||||
}
|
}
|
||||||
|
# Function logs are unstructured messages on stderr
|
||||||
|
functions_logs:
|
||||||
|
type: remap
|
||||||
|
inputs:
|
||||||
|
- router.functions
|
||||||
|
source: |-
|
||||||
|
.metadata.project_ref = del(.project)
|
||||||
# Storage logs may contain json objects so we parse them for completeness
|
# Storage logs may contain json objects so we parse them for completeness
|
||||||
storage_logs:
|
storage_logs:
|
||||||
type: remap
|
type: remap
|
||||||
@@ -147,7 +163,7 @@ transforms:
|
|||||||
if err != null || parsed == null {
|
if err != null || parsed == null {
|
||||||
.metadata.parsed.error_severity = "info"
|
.metadata.parsed.error_severity = "info"
|
||||||
}
|
}
|
||||||
if parsed != null {
|
if parsed.level != null {
|
||||||
.metadata.parsed.error_severity = parsed.level
|
.metadata.parsed.error_severity = parsed.level
|
||||||
}
|
}
|
||||||
if .metadata.parsed.error_severity == "info" {
|
if .metadata.parsed.error_severity == "info" {
|
||||||
@@ -164,7 +180,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=gotrue.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=gotrue.logs.prod'
|
||||||
@@ -176,7 +193,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=realtime.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=realtime.logs.prod'
|
||||||
@@ -188,7 +206,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=postgREST.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=postgREST.logs.prod'
|
||||||
@@ -200,22 +219,23 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
# We must route the sink through kong because ingesting logs before logflare is fully initialised will
|
# Route directly to analytics like other sinks. Retry handles the startup
|
||||||
# lead to broken queries from studio. This works by the assumption that containers are started in the
|
# race where analytics may not be ready yet when early DB logs arrive.
|
||||||
# following order: vector > db > logflare > kong
|
uri: 'http://analytics:4000/api/logs?source_name=postgres.logs'
|
||||||
uri: 'http://kong:8000/analytics/v1/api/logs?source_name=postgres.logs'
|
|
||||||
logflare_functions:
|
logflare_functions:
|
||||||
type: 'http'
|
type: 'http'
|
||||||
inputs:
|
inputs:
|
||||||
- router.functions
|
- functions_logs
|
||||||
encoding:
|
encoding:
|
||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=deno-relay-logs'
|
uri: 'http://analytics:4000/api/logs?source_name=deno-relay-logs'
|
||||||
@@ -227,7 +247,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=storage.logs.prod.2'
|
uri: 'http://analytics:4000/api/logs?source_name=storage.logs.prod.2'
|
||||||
@@ -240,7 +261,8 @@ sinks:
|
|||||||
codec: 'json'
|
codec: 'json'
|
||||||
method: 'post'
|
method: 'post'
|
||||||
request:
|
request:
|
||||||
retry_max_duration_secs: 10
|
retry_max_duration_secs: 30
|
||||||
|
retry_initial_backoff_secs: 1
|
||||||
headers:
|
headers:
|
||||||
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
|
||||||
uri: 'http://analytics:4000/api/logs?source_name=cloudflare.logs.prod'
|
uri: 'http://analytics:4000/api/logs?source_name=cloudflare.logs.prod'
|
||||||
|
|||||||
@@ -0,0 +1,36 @@
|
|||||||
|
{$PROXY_DOMAIN} {
|
||||||
|
@supabase_api path /auth/v1/* /rest/v1/* /graphql/v1/* /realtime/v1/* /functions/v1/* /mcp
|
||||||
|
|
||||||
|
handle @supabase_api {
|
||||||
|
reverse_proxy kong:8000
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_path /storage/v1/* {
|
||||||
|
# CORS headers for Storage (bypasses Kong, which normally handles CORS)
|
||||||
|
@cors_preflight method OPTIONS
|
||||||
|
handle @cors_preflight {
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
header Access-Control-Allow-Methods "GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS"
|
||||||
|
header Access-Control-Allow-Headers *
|
||||||
|
respond 204
|
||||||
|
}
|
||||||
|
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
|
||||||
|
reverse_proxy storage:5000 {
|
||||||
|
# Required for TUS resumable upload Location headers and S3 signature verification.
|
||||||
|
header_up X-Forwarded-Prefix /{http.request.orig_uri.path.0}/{http.request.orig_uri.path.1}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle {
|
||||||
|
basic_auth {
|
||||||
|
# PROXY_AUTH_PASSWORD is overwritten with the bcrypt on startup
|
||||||
|
{$PROXY_AUTH_USERNAME} {$PROXY_AUTH_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy studio:3000
|
||||||
|
}
|
||||||
|
|
||||||
|
header -server
|
||||||
|
}
|
||||||
@@ -0,0 +1,109 @@
|
|||||||
|
upstream kong_upstream {
|
||||||
|
server kong:8000;
|
||||||
|
keepalive 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
|
|
||||||
|
server_name ${PROXY_DOMAIN};
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/${PROXY_DOMAIN}/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/chain.pem;
|
||||||
|
|
||||||
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||||
|
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
|
||||||
|
# Prevent 502 errors from large Supabase auth cookies
|
||||||
|
large_client_header_buffers 4 16k;
|
||||||
|
proxy_buffer_size 128k;
|
||||||
|
proxy_buffers 4 256k;
|
||||||
|
proxy_busy_buffers_size 256k;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
auth_basic "supabase";
|
||||||
|
auth_basic_user_file /etc/nginx/user_conf.d/dashboard-passwd;
|
||||||
|
|
||||||
|
proxy_pass http://studio:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /auth {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /rest {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /realtime/v1/ {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_read_timeout 3600s;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /storage/v1/ {
|
||||||
|
proxy_pass http://storage:5000/;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
# Required for TUS resumable upload Location headers and S3 signature verification.
|
||||||
|
proxy_set_header X-Forwarded-Prefix /storage/v1;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
# CORS headers for Storage (bypasses Kong, which normally handles CORS)
|
||||||
|
if ($request_method = OPTIONS) {
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Headers' '*';
|
||||||
|
add_header 'Content-Length' 0;
|
||||||
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
||||||
|
return 204;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /functions {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /graphql {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /mcp {
|
||||||
|
proxy_pass http://kong_upstream;
|
||||||
|
}
|
||||||
|
}
|
||||||
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
import utils from "../utils.js";
|
import utils from "../utils.js";
|
||||||
|
|
||||||
await utils.cloneOrPullRepo({ repo: "https://github.com/supabase/supabase" });
|
await utils.cloneOrPullRepo({ repo: "https://github.com/supabase/supabase", branch: "master" });
|
||||||
await utils.copyDir("./repo/docker", "./code");
|
await utils.copyDir("./repo/docker", "./code");
|
||||||
|
|
||||||
await utils.removeContainerNames("./code/docker-compose.yml");
|
await utils.removeContainerNames("./code/docker-compose.yml");
|
||||||
|
|||||||
Reference in New Issue
Block a user