Self-Hosting with Docker

Learn how to configure and deploy Supabase with Docker.

Docker is the easiest way to get started with self-hosted Supabase. This guide assumes you are running the command from the machine you intend to host from.

Before you begin#

You need the following installed in your system: Git and Docker (Windows, MacOS, or Linux).

Running Supabase#

Follow these steps to start Supabase locally:

After all the services have started you can see them running in the background:

Please secure your services as soon as possible using the instructions below.

Accessing Supabase Studio#

You can access the Supabase Dashboard through the API gateway on port 8000. For example: http://<your-ip>:8000, or localhost:8000 if you are running Docker locally.

You will be prompted for a username and password. By default, the credentials are:

• Username: supabase
• Password: this_password_is_insecure_and_should_be_updated

You should change these credentials as soon as possible using the instructions below.

Accessing the APIs#

Each of the APIs are available through the the same API gateway:

• REST: http://<your-ip>:8000/rest/v1/
• Auth: http://<your-domain>:8000/auth/v1/
• Storage: http://<your-domain>:8000/storage/v1/
• Realtime: http://<your-domain>:8000/realtime/v1/

Accessing your Edge Functions#

Edge Functions are stored in volumes/functions. The default setup has a hello Function that you can invoke on http://<your-domain>:8000/functions/v1/hello.

You can add new Functions as volumes/functions/<FUNCTION_NAME>/index.ts. Restart the functions service to pick up the changes: docker compose restart functions --no-deps

Accessing Postgres#

You can connect to the Postgres database locally on port 5432. For example, if you have psql on your local machine you can run:

The default password is your-super-secret-and-long-postgres-password. You should change this as soon as possible using the instructions below. By default the database is not accessible from outside the local machine. You can change this by updating the docker-compose.yml file.

Securing your services#

While we provided you with some example secrets for getting started, you should NEVER deploy your Supabase setup using the defaults we have provided. Please follow all of the steps in this section to ensure you have a secure setup, and then restart all services to pick up the changes.

Generate API Keys#

Create a new JWT_SECRET and store it securely.

We can use your JWT Secret to generate new anon and service API keys using the form below. Update the "JWT Secret" and then run "Generate JWT" once for the SERVICE_KEY and once for the ANON_KEY:

Update API Keys#

Replace the values in the .env file:

• ANON_KEY - replace with an anon key
• SERVICE_ROLE_KEY - replace with a service key

You will need to restart the services for the changes to take effect.

Update Secrets#

Update the .env file with your own secrets. In particular, these are required:

• POSTGRES_PASSWORD: the password for the postgres role.
• JWT_SECRET: used by PostgREST and GoTrue, among others.
• SITE_URL: the base URL of your site.
• SMTP_*: mail server credentials. You can use any SMTP server.

You will need to restart the services for the changes to take effect.

Dashboard Authentication#

The dashboard is protected with Basic Authentication. The default user and password MUST be updated before using Supabase in production. You can update the ./docker/volumes/api/kong.yml file with your own credentials. For example:

You will need to restart the services for the changes to take effect.

Restarting all services#

You can restart services to pick up any configuration changes by running:

Be aware that this will result in downtime while the services are restarting.

Stopping all services#

You can stop Supabase by running docker compose stop in same directory as your docker-compose.yml file.

Uninstalling#

You can stop Supabase by running the following in same directory as your docker-compose.yml file:

This will destroy all data in the database and storage volumes, so be careful!

Common configuration#

Each system can be configured independently. Some of the most common configuration options are listed below.

Configuring an email server#

You will need to use a production-ready SMTP server for sending emails. You can configure the SMTP server by updating the the following environment variables:

We recommend using AWS SES. It's extremely cheap and reliable. Restart all services to pick up the new configuration.

Configuring S3 Storage#

By default all files are stored locally on the server. You can connfigure the Storage service to use S3 by updating the following environment variables:

You can find all the available options in the storage repository. Restart the storage service to pick up the changes: docker compose restart storage --no-deps

Setting database's log_min_messages#

By default, docker compose sets the database's log_min_messages configuration to fatal to prevent redundant logs generated by Realtime. You can configure log_min_messages using any of the Postgres Severity Levels.

Exposing your Postgres database#

By default, the Postgres database is only accessible locally. If you want to expose it to the outside world, you can update the docker-compose.yml file and remove the 127.0.0.1: prefix from the ports section:

This is less-secure, so please make sure you are running a firewall in front of your server.

File storage backend on macOS#

By default, Storage backend is set to file, which is to use local files as the storage backend. For macOS compatibility, you need to choose VirtioFS as the Docker container file sharing implementation (in Docker Desktop -> Preferences -> General).

Setting up logging with the Analytics server#

Additional configuration is required for self-hosting the Analytics server. For the full setup instructions, see Self Hosting Analytics.