I have trouble setting up Nginx Proxy for self hosted Supabase. The prompt for the Supabase login is appearing but after entering the credentials, it will show 404. Here is the nginx conf file, where actual domain name is replaced by example.com
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://127.0.0.1;
include proxy_params;
}
location /supabase {
proxy_pass http://127.0.0.1:8000;
include proxy_params;
}
location /websurvey {
proxy_pass http://127.0.0.1:1200;
include proxy_params;
}
}
I have a public IP address and was also given a domain name. This server will host several Docker containers so I chose to make them accessible through subdirectories.
What are the configurations that I need to do in the Supabase .env and/or in other config files? There was no issue if I use http://<IP_ADDRESS>:8000
or http://<DOMAIN_NAME>:8000
, I can log in Supabase, but if I use http://<DOMAIN_NAME>/supabase
, as mentioned, the login prompt will show. And after I entered the credentials it will go 404.
############
# Secrets
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
############
POSTGRES_PASSWORD=<REDACTED>
JWT_SECRET=<REDACTED>
ANON_KEY=<REDACTED>
SERVICE_ROLE_KEY=<REDACTED>
DASHBOARD_USERNAME=<REDACTED>
DASHBOARD_PASSWORD=<REDACTED>
############
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
############
POSTGRES_HOST=db
POSTGRES_DB=postgres
POSTGRES_PORT=5432
# default user is postgres
############
# API Proxy - Configuration for the Kong Reverse proxy.
############
KONG_HTTP_PORT=8000
KONG_HTTPS_PORT=8443
############
# API - Configuration for PostgREST.
############
PGRST_DB_SCHEMAS=public,storage,graphql_public
############
# Auth - Configuration for the GoTrue authentication server.
############
## General
SITE_URL=http://localhost:3000
ADDITIONAL_REDIRECT_URLS=
JWT_EXPIRY=3600
DISABLE_SIGNUP=false
API_EXTERNAL_URL=http://<PUBLIC_IP>/supabase
## Mailer Config
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
MAILER_URLPATHS_INVITE="/auth/v1/verify"
MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
## Email auth
ENABLE_EMAIL_SIGNUP=true
ENABLE_EMAIL_AUTOCONFIRM=false
[email protected]
SMTP_HOST=supabase-mail
SMTP_PORT=2500
SMTP_USER=fake_mail_user
SMTP_PASS=fake_mail_password
SMTP_SENDER_NAME=fake_sender
## Phone auth
ENABLE_PHONE_SIGNUP=true
ENABLE_PHONE_AUTOCONFIRM=true
############
# Studio - Configuration for the Dashboard
############
STUDIO_DEFAULT_ORGANIZATION=Default Organization
STUDIO_DEFAULT_PROJECT=Default Project
STUDIO_PORT=3000
# replace if you intend to use Studio outside of localhost
SUPABASE_PUBLIC_URL=http://<PUBLIC_IP>/supabase
# Enable webp support
IMGPROXY_ENABLE_WEBP_DETECTION=true
############
# Functions - Configuration for Functions
############
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
FUNCTIONS_VERIFY_JWT=false
############
# Logs - Configuration for Logflare
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
############
LOGFLARE_LOGGER_BACKEND_API_KEY=your-super-secret-and-long-logflare-key
# Change vector.toml sinks to reflect this change
LOGFLARE_API_KEY=your-super-secret-and-long-logflare-key
# Docker socket location - this value will differ depending on your OS
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
# Google Cloud Project details
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
Also, this the Web Survey App is a Flutter Web Application, in the initialization, I would like to use the http://<DOMAIN_NAME>/supabase
. And I will also install SSL certificates from Let's Encrypt later after I fixed this.
Thanks in advance!
I'm not sure if you've already figured this out, but leaving this here anyways.
As you've not shared any information on your Docker configuration, it's difficult to say but I suspect the issue lies in the docker network (I would leave a comment instead, but I'm a newer user and so I don't have the rep points yet).
If your containers are all on the default Docker bridge
network, then that would explain why your nginx configuration doesn't work. You should use the service name instead as the hostname (Docker's embedded DNS server will handle the lookup).
Here's an example Docker compose file (many fields removed for brevity):
services:
nginx:
ports:
- 80:80 # expose port 80 to host, listening internally on port 80
networks:
- my_bridge
app:
# listening on port 80
networks:
- my_bridge
kong: # Supabase services sit behind kong (see their docs)
# listening on port 8000
networks:
- my_bridge
websurvey:
# Your custom web survey docker container (listening on port 1200)
networks:
- my_bridge
networks:
my_bridge:
driver: bridge # default driver
The reason you get a 404 when visiting /supabase is because nginx proxies that route to localhost, which remains within the nginx container and therefore fails since port 8000 doesn't serve anything inside nginx.
You can imagine each container as a separate computer on a local network. So, to access the other containers, you would need to change your nginx configuration to reference services instead:
location / {
proxy_pass http://app:80;
include proxy_params;
}
location /supabase {
proxy_pass http://kong:8000;
include proxy_params;
}
location /websurvey {
proxy_pass http://websurvey:1200;
include proxy_params;
}
Alternatively, if it suits your need, you could set the Docker network (my_bridge
) to the host
driver and reference everything with localhost, but then you would have to move your app off of port 80 (since nginx listens on port 80). I'd prefer the bridge network here. The code above is not tested, but should work in theory.