{$PROXY_DOMAIN} { @supabase_api path /auth/v1/* /rest/v1/* /graphql/v1/* /realtime/v1/* /functions/v1/* /mcp handle @supabase_api { reverse_proxy kong:8000 } handle_path /storage/v1/* { # CORS headers for Storage (bypasses Kong, which normally handles CORS) @cors_preflight method OPTIONS handle @cors_preflight { header Access-Control-Allow-Origin * header Access-Control-Allow-Methods "GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS" header Access-Control-Allow-Headers * respond 204 } header Access-Control-Allow-Origin * reverse_proxy storage:5000 { # Required for TUS resumable upload Location headers and S3 signature verification. header_up X-Forwarded-Prefix /{http.request.orig_uri.path.0}/{http.request.orig_uri.path.1} } } handle { basic_auth { # PROXY_AUTH_PASSWORD is overwritten with the bcrypt on startup {$PROXY_AUTH_USERNAME} {$PROXY_AUTH_PASSWORD} } reverse_proxy studio:3000 } header -server }