Jared Smith
1 month ago
13 changed files with 672 additions and 8 deletions
@ -0,0 +1,38 @@
|
||||
version: "3" |
||||
|
||||
services: |
||||
db: |
||||
image: postgres:12 |
||||
restart: always |
||||
ports: |
||||
- 5432:5432 |
||||
environment: |
||||
POSTGRES_USER: documize |
||||
POSTGRES_PASSWORD: ${DOCUMIZE_PASSWORD} |
||||
POSTGRES_DB: documize |
||||
volumes: |
||||
- db-data:/var/lib/postgresql/data |
||||
networks: |
||||
- documizenet |
||||
|
||||
app: |
||||
image: debian:latest |
||||
command: /bin/sh -c "apt-get -qq update && apt-get -qq install -y wget && wget https://community-downloads.s3.us-east-2.amazonaws.com/documize-community-plus-linux-amd64 && chmod 777 ./documize-community-plus-linux-amd64 && ./documize-community-plus-linux-amd64" |
||||
depends_on: |
||||
- db |
||||
ports: |
||||
- 5001:5001 |
||||
environment: |
||||
DOCUMIZEPORT: 5001 |
||||
DOCUMIZEDB: host=db port=5432 dbname=documize user=documize password=${DOCUMIZE_PASSWORD} sslmode=disable |
||||
DOCUMIZEDBTYPE: postgresql |
||||
DOCUMIZESALT: ${DOCUMIZE_SALT} |
||||
DOCUMIZELOCATION: selfhost |
||||
networks: |
||||
- documizenet |
||||
|
||||
volumes: |
||||
db-data: |
||||
|
||||
networks: |
||||
documizenet: |
||||
@ -0,0 +1,48 @@
|
||||
version: "3.7" |
||||
|
||||
services: |
||||
grampsweb: &grampsweb |
||||
image: ghcr.io/gramps-project/grampsweb:latest |
||||
restart: always |
||||
ports: |
||||
- "3000:5000" # host:docker |
||||
environment: |
||||
GRAMPSWEB_TREE: "Gramps Web" # will create a new tree if not exists |
||||
GUNICORN_NUM_WORKERS: 2 |
||||
GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://grampsweb_redis:6379/0" |
||||
GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://grampsweb_redis:6379/0" |
||||
GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://grampsweb_redis:6379/1 |
||||
depends_on: |
||||
- grampsweb_redis |
||||
volumes: |
||||
- gramps_users:/app/users # persist user database |
||||
- gramps_index:/app/indexdir # persist search index |
||||
- gramps_thumb_cache:/app/thumbnail_cache # persist thumbnails |
||||
- gramps_cache:/app/cache # persist export and report caches |
||||
- gramps_secret:/app/secret # persist flask secret |
||||
- gramps_db:/root/.gramps/grampsdb # persist Gramps database |
||||
- gramps_media:/app/media # persist media files |
||||
- gramps_tmp:/tmp |
||||
|
||||
grampsweb_celery: |
||||
<<: *grampsweb # YAML merge key copying the entire grampsweb service config |
||||
ports: [] |
||||
container_name: grampsweb_celery |
||||
depends_on: |
||||
- grampsweb_redis |
||||
command: celery -A gramps_webapi.celery worker --loglevel=INFO |
||||
|
||||
grampsweb_redis: |
||||
image: redis:alpine |
||||
container_name: grampsweb_redis |
||||
restart: always |
||||
|
||||
volumes: |
||||
gramps_users: |
||||
gramps_index: |
||||
gramps_thumb_cache: |
||||
gramps_cache: |
||||
gramps_secret: |
||||
gramps_db: |
||||
gramps_media: |
||||
gramps_tmp: |
||||
@ -0,0 +1,79 @@
|
||||
--- |
||||
version: "3.5" |
||||
|
||||
networks: |
||||
penpot: |
||||
|
||||
volumes: |
||||
penpot_postgres_v15: |
||||
penpot_assets: |
||||
|
||||
services: |
||||
penpot-frontend: |
||||
image: "penpotapp/frontend:latest" |
||||
restart: always |
||||
ports: |
||||
- 3000:80 |
||||
|
||||
volumes: |
||||
- penpot_assets:/opt/data/assets |
||||
|
||||
depends_on: |
||||
- penpot-backend |
||||
- penpot-exporter |
||||
|
||||
networks: |
||||
- penpot |
||||
|
||||
environment: |
||||
- PENPOT_FLAGS=enable-registration enable-login-with-password |
||||
|
||||
penpot-backend: |
||||
image: "penpotapp/backend:latest" |
||||
restart: always |
||||
|
||||
volumes: |
||||
- penpot_assets:/opt/data/assets |
||||
|
||||
depends_on: |
||||
- penpot-postgres |
||||
- penpot-redis |
||||
|
||||
networks: |
||||
- penpot |
||||
|
||||
environment: |
||||
- PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server |
||||
|
||||
penpot-exporter: |
||||
image: "penpotapp/exporter:latest" |
||||
restart: always |
||||
networks: |
||||
- penpot |
||||
|
||||
environment: |
||||
- PENPOT_PUBLIC_URI=http://penpot-frontend |
||||
- PENPOT_REDIS_URI=redis://penpot-redis/0 |
||||
|
||||
penpot-postgres: |
||||
image: "postgres:15" |
||||
restart: always |
||||
stop_signal: SIGINT |
||||
|
||||
volumes: |
||||
- penpot_postgres_v15:/var/lib/postgresql/data |
||||
|
||||
networks: |
||||
- penpot |
||||
|
||||
environment: |
||||
- POSTGRES_INITDB_ARGS=--data-checksums |
||||
- POSTGRES_DB=penpot |
||||
- POSTGRES_USER=penpot |
||||
- POSTGRES_PASSWORD=penpot |
||||
|
||||
penpot-redis: |
||||
image: redis:7 |
||||
restart: always |
||||
networks: |
||||
- penpot |
||||
@ -1,4 +0,0 @@
|
||||
DB_USER=dev |
||||
DB_PASSWORD=Sprite-Marmalade-Freight-Immunize |
||||
ADMIN_USER=admin@jaredtsmith.com |
||||
ADMIN_PASSWORD=QV^dT9XXgiUM |
||||
@ -0,0 +1,78 @@
|
||||
############ |
||||
# Secrets |
||||
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION |
||||
############ |
||||
|
||||
POSTGRES_PASSWORD= |
||||
JWT_SECRET= |
||||
ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 |
||||
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk |
||||
|
||||
|
||||
############ |
||||
# Database - You can change these to any PostgreSQL database that has logical replication enabled. |
||||
############ |
||||
|
||||
POSTGRES_HOST=db |
||||
POSTGRES_DB=postgres |
||||
POSTGRES_USER=postgres |
||||
POSTGRES_PORT=5432 |
||||
|
||||
|
||||
############ |
||||
# API Proxy - Configuration for the Kong Reverse proxy. |
||||
############ |
||||
|
||||
KONG_HTTP_PORT=8000 |
||||
KONG_HTTPS_PORT=8443 |
||||
|
||||
|
||||
############ |
||||
# API - Configuration for PostgREST. |
||||
############ |
||||
|
||||
PGRST_DB_SCHEMAS=public,storage,graphql_public |
||||
|
||||
|
||||
############ |
||||
# Auth - Configuration for the GoTrue authentication server. |
||||
############ |
||||
|
||||
## General |
||||
SITE_URL=http://localhost:3000 |
||||
ADDITIONAL_REDIRECT_URLS= |
||||
JWT_EXPIRY=3600 |
||||
DISABLE_SIGNUP=false |
||||
API_EXTERNAL_URL=http://localhost:8000 |
||||
|
||||
## Mailer Config |
||||
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" |
||||
MAILER_URLPATHS_INVITE="/auth/v1/verify" |
||||
MAILER_URLPATHS_RECOVERY="/auth/v1/verify" |
||||
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify" |
||||
|
||||
## Email auth |
||||
ENABLE_EMAIL_SIGNUP=true |
||||
ENABLE_EMAIL_AUTOCONFIRM=false |
||||
SMTP_ADMIN_EMAIL= |
||||
SMTP_HOST= |
||||
SMTP_PORT= |
||||
SMTP_USER= |
||||
SMTP_PASS= |
||||
SMTP_SENDER_NAME= |
||||
|
||||
## Phone auth |
||||
ENABLE_PHONE_SIGNUP=false |
||||
ENABLE_PHONE_AUTOCONFIRM=false |
||||
|
||||
|
||||
############ |
||||
# Studio - Configuration for the Dashboard |
||||
############ |
||||
|
||||
STUDIO_DEFAULT_ORGANIZATION=app.jaredtsmith.com |
||||
STUDIO_DEFAULT_PROJECT=app.jaredtsmith.com |
||||
|
||||
STUDIO_PORT=3000 |
||||
# replace if you intend to use Studio outside of localhost |
||||
SUPABASE_PUBLIC_URL=https://app.jaredtsmith.com |
||||
@ -0,0 +1,239 @@
|
||||
# Usage |
||||
# Start: docker compose up |
||||
# With helpers: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up |
||||
# Stop: docker compose down |
||||
# Destroy: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans |
||||
|
||||
version: "3.8" |
||||
|
||||
services: |
||||
studio: |
||||
container_name: supabase-studio |
||||
image: supabase/studio:20230127-123d704 |
||||
restart: unless-stopped |
||||
healthcheck: |
||||
test: [ "CMD", "node", "-e", "require('http').get('http://localhost:3000/api/profile', (r) => {if (r.statusCode !== 200) throw new Error(r.statusCode)})" ] |
||||
timeout: 5s |
||||
interval: 5s |
||||
retries: 3 |
||||
ports: |
||||
- ${STUDIO_PORT}:3000/tcp |
||||
environment: |
||||
STUDIO_PG_META_URL: http://meta:8080 |
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} |
||||
|
||||
DEFAULT_ORGANIZATION: ${STUDIO_DEFAULT_ORGANIZATION} |
||||
DEFAULT_PROJECT: ${STUDIO_DEFAULT_PROJECT} |
||||
|
||||
SUPABASE_URL: http://kong:8000 |
||||
SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL} |
||||
SUPABASE_ANON_KEY: ${ANON_KEY} |
||||
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} |
||||
|
||||
kong: |
||||
container_name: supabase-kong |
||||
image: kong:2.8.1 |
||||
restart: unless-stopped |
||||
ports: |
||||
- ${KONG_HTTP_PORT}:8000/tcp |
||||
- ${KONG_HTTPS_PORT}:8443/tcp |
||||
environment: |
||||
KONG_DATABASE: "off" |
||||
KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml |
||||
# https://github.com/supabase/cli/issues/14 |
||||
KONG_DNS_ORDER: LAST,A,CNAME |
||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl |
||||
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k |
||||
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k |
||||
volumes: |
||||
- /root/docker-infrastructure/supabase/volumes/api:/var/lib/kong:ro |
||||
|
||||
auth: |
||||
container_name: supabase-auth |
||||
image: supabase/gotrue:v2.40.1 |
||||
depends_on: |
||||
db: # Disable this if you are using an external Postgres database |
||||
condition: service_healthy |
||||
healthcheck: |
||||
test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ] |
||||
timeout: 5s |
||||
interval: 5s |
||||
retries: 3 |
||||
restart: unless-stopped |
||||
environment: |
||||
GOTRUE_API_HOST: 0.0.0.0 |
||||
GOTRUE_API_PORT: 9999 |
||||
API_EXTERNAL_URL: ${API_EXTERNAL_URL} |
||||
|
||||
GOTRUE_DB_DRIVER: postgres |
||||
GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} |
||||
|
||||
GOTRUE_SITE_URL: ${SITE_URL} |
||||
GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} |
||||
GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} |
||||
|
||||
GOTRUE_JWT_ADMIN_ROLES: service_role |
||||
GOTRUE_JWT_AUD: authenticated |
||||
GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated |
||||
GOTRUE_JWT_EXP: ${JWT_EXPIRY} |
||||
GOTRUE_JWT_SECRET: ${JWT_SECRET} |
||||
|
||||
GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} |
||||
GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} |
||||
# GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true |
||||
# GOTRUE_SMTP_MAX_FREQUENCY: 1s |
||||
GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} |
||||
GOTRUE_SMTP_HOST: ${SMTP_HOST} |
||||
GOTRUE_SMTP_PORT: ${SMTP_PORT} |
||||
GOTRUE_SMTP_USER: ${SMTP_USER} |
||||
GOTRUE_SMTP_PASS: ${SMTP_PASS} |
||||
GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME} |
||||
GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE} |
||||
GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION} |
||||
GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY} |
||||
GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE} |
||||
|
||||
GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} |
||||
GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} |
||||
MFA_ENABLED: ${MFA_ENABLED} |
||||
|
||||
rest: |
||||
container_name: supabase-rest |
||||
image: postgrest/postgrest:v9.0.1.20220717 |
||||
depends_on: |
||||
db: # Disable this if you are using an external Postgres database |
||||
condition: service_healthy |
||||
restart: unless-stopped |
||||
environment: |
||||
PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} |
||||
PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} |
||||
PGRST_DB_ANON_ROLE: anon |
||||
PGRST_JWT_SECRET: ${JWT_SECRET} |
||||
PGRST_DB_USE_LEGACY_GUCS: "false" |
||||
|
||||
realtime: |
||||
container_name: realtime-dev.supabase-realtime |
||||
image: supabase/realtime:v2.1.0 |
||||
depends_on: |
||||
db: # Disable this if you are using an external Postgres database |
||||
condition: service_healthy |
||||
healthcheck: |
||||
test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ] |
||||
timeout: 5s |
||||
interval: 5s |
||||
retries: 3 |
||||
restart: unless-stopped |
||||
environment: |
||||
PORT: 4000 |
||||
DB_HOST: ${POSTGRES_HOST} |
||||
DB_PORT: ${POSTGRES_PORT} |
||||
DB_USER: supabase_admin |
||||
DB_PASSWORD: ${POSTGRES_PASSWORD} |
||||
DB_NAME: ${POSTGRES_DB} |
||||
DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime' |
||||
DB_ENC_KEY: supabaserealtime |
||||
API_JWT_SECRET: ${JWT_SECRET} |
||||
FLY_ALLOC_ID: fly123 |
||||
FLY_APP_NAME: realtime |
||||
SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq |
||||
ERL_AFLAGS: -proto_dist inet_tcp |
||||
ENABLE_TAILSCALE: "false" |
||||
DNS_NODES: "''" |
||||
command: > |
||||
sh -c "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server" |
||||
|
||||
storage: |
||||
container_name: supabase-storage |
||||
image: supabase/storage-api:v0.26.1 |
||||
depends_on: |
||||
db: # Disable this if you are using an external Postgres database |
||||
condition: service_healthy |
||||
rest: |
||||
condition: service_started |
||||
imgproxy: |
||||
condition: service_started |
||||
healthcheck: |
||||
test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/status" ] |
||||
timeout: 5s |
||||
interval: 5s |
||||
retries: 3 |
||||
restart: unless-stopped |
||||
environment: |
||||
ANON_KEY: ${ANON_KEY} |
||||
SERVICE_KEY: ${SERVICE_ROLE_KEY} |
||||
POSTGREST_URL: http://rest:3000 |
||||
PGRST_JWT_SECRET: ${JWT_SECRET} |
||||
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} |
||||
FILE_SIZE_LIMIT: 52428800 |
||||
STORAGE_BACKEND: file |
||||
FILE_STORAGE_BACKEND_PATH: /var/lib/storage |
||||
TENANT_ID: stub |
||||
# TODO: https://github.com/supabase/storage-api/issues/55 |
||||
REGION: stub |
||||
GLOBAL_S3_BUCKET: stub |
||||
ENABLE_IMAGE_TRANSFORMATION: "true" |
||||
IMGPROXY_URL: http://imgproxy:5001 |
||||
volumes: |
||||
- ./volumes/storage:/var/lib/storage |
||||
|
||||
imgproxy: |
||||
container_name: supabase-imgproxy |
||||
image: darthsim/imgproxy:v3.11 |
||||
healthcheck: |
||||
test: [ "CMD", "imgproxy", "health" ] |
||||
timeout: 5s |
||||
interval: 5s |
||||
retries: 3 |
||||
environment: |
||||
IMGPROXY_BIND: ":5001" |
||||
IMGPROXY_LOCAL_FILESYSTEM_ROOT: / |
||||
IMGPROXY_USE_ETAG: "true" |
||||
volumes: |
||||
- ./volumes/storage:/var/lib/storage |
||||
|
||||
meta: |
||||
container_name: supabase-meta |
||||
image: supabase/postgres-meta:v0.59.0 |
||||
depends_on: |
||||
db: # Disable this if you are using an external Postgres database |
||||
condition: service_healthy |
||||
restart: unless-stopped |
||||
environment: |
||||
PG_META_PORT: 8080 |
||||
PG_META_DB_HOST: ${POSTGRES_HOST} |
||||
PG_META_DB_PORT: ${POSTGRES_PORT} |
||||
PG_META_DB_NAME: ${POSTGRES_DB} |
||||
PG_META_DB_USER: supabase_admin |
||||
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} |
||||
|
||||
# Comment out everything below this point if you are using an external Postgres database |
||||
db: |
||||
container_name: supabase-db |
||||
image: supabase/postgres:14.1.0.106 |
||||
healthcheck: |
||||
test: pg_isready -U postgres -h localhost |
||||
interval: 5s |
||||
timeout: 5s |
||||
retries: 10 |
||||
command: |
||||
- postgres |
||||
- -c |
||||
- config_file=/etc/postgresql/postgresql.conf |
||||
- -c |
||||
- log_min_messages=fatal # prevents Realtime polling queries from appearing in logs |
||||
restart: unless-stopped |
||||
ports: |
||||
# Pass down internal port because it's set dynamically by other services |
||||
- ${POSTGRES_PORT}:${POSTGRES_PORT} |
||||
environment: |
||||
POSTGRES_HOST: /var/run/postgresql |
||||
PGPORT: ${POSTGRES_PORT} |
||||
POSTGRES_PORT: ${POSTGRES_PORT} |
||||
PGPASSWORD: ${POSTGRES_PASSWORD} |
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} |
||||
PGDATABASE: ${POSTGRES_DB} |
||||
POSTGRES_DB: ${POSTGRES_DB} |
||||
volumes: |
||||
- /root/docker-infrastructure/supabase/volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql |
||||
- /root/docker-infrastructure/supabase/volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql |
||||
- ./volumes/db/data:/var/lib/postgresql/data |
||||
@ -0,0 +1,174 @@
|
||||
_format_version: "1.1" |
||||
|
||||
### |
||||
### Consumers / Users |
||||
### |
||||
consumers: |
||||
- username: anon |
||||
keyauth_credentials: |
||||
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 |
||||
- username: service_role |
||||
keyauth_credentials: |
||||
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk |
||||
|
||||
### |
||||
### Access Control List |
||||
### |
||||
acls: |
||||
- consumer: anon |
||||
group: anon |
||||
- consumer: service_role |
||||
group: admin |
||||
|
||||
### |
||||
### API Routes |
||||
### |
||||
services: |
||||
## Open Auth routes |
||||
- name: auth-v1-open |
||||
url: http://auth:9999/verify |
||||
routes: |
||||
- name: auth-v1-open |
||||
strip_path: true |
||||
paths: |
||||
- /auth/v1/verify |
||||
plugins: |
||||
- name: cors |
||||
- name: auth-v1-open-callback |
||||
url: http://auth:9999/callback |
||||
routes: |
||||
- name: auth-v1-open-callback |
||||
strip_path: true |
||||
paths: |
||||
- /auth/v1/callback |
||||
plugins: |
||||
- name: cors |
||||
- name: auth-v1-open-authorize |
||||
url: http://auth:9999/authorize |
||||
routes: |
||||
- name: auth-v1-open-authorize |
||||
strip_path: true |
||||
paths: |
||||
- /auth/v1/authorize |
||||
plugins: |
||||
- name: cors |
||||
|
||||
## Secure Auth routes |
||||
- name: auth-v1 |
||||
_comment: "GoTrue: /auth/v1/* -> http://auth:9999/*" |
||||
url: http://auth:9999/ |
||||
routes: |
||||
- name: auth-v1-all |
||||
strip_path: true |
||||
paths: |
||||
- /auth/v1/ |
||||
plugins: |
||||
- name: cors |
||||
- name: key-auth |
||||
config: |
||||
hide_credentials: false |
||||
- name: acl |
||||
config: |
||||
hide_groups_header: true |
||||
allow: |
||||
- admin |
||||
- anon |
||||
|
||||
## Secure REST routes |
||||
- name: rest-v1 |
||||
_comment: "PostgREST: /rest/v1/* -> http://rest:3000/*" |
||||
url: http://rest:3000/ |
||||
routes: |
||||
- name: rest-v1-all |
||||
strip_path: true |
||||
paths: |
||||
- /rest/v1/ |
||||
plugins: |
||||
- name: cors |
||||
- name: key-auth |
||||
config: |
||||
hide_credentials: true |
||||
- name: acl |
||||
config: |
||||
hide_groups_header: true |
||||
allow: |
||||
- admin |
||||
- anon |
||||
|
||||
## Secure GraphQL routes |
||||
- name: graphql-v1 |
||||
_comment: "PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql" |
||||
url: http://rest:3000/rpc/graphql |
||||
routes: |
||||
- name: graphql-v1-all |
||||
strip_path: true |
||||
paths: |
||||
- /graphql/v1 |
||||
plugins: |
||||
- name: cors |
||||
- name: key-auth |
||||
config: |
||||
hide_credentials: true |
||||
- name: request-transformer |
||||
config: |
||||
add: |
||||
headers: |
||||
- Content-Profile:graphql_public |
||||
- name: acl |
||||
config: |
||||
hide_groups_header: true |
||||
allow: |
||||
- admin |
||||
- anon |
||||
|
||||
## Secure Realtime routes |
||||
- name: realtime-v1 |
||||
_comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*" |
||||
url: http://realtime-dev.supabase-realtime:4000/socket/ |
||||
routes: |
||||
- name: realtime-v1-all |
||||
strip_path: true |
||||
paths: |
||||
- /realtime/v1/ |
||||
plugins: |
||||
- name: cors |
||||
- name: key-auth |
||||
config: |
||||
hide_credentials: false |
||||
- name: acl |
||||
config: |
||||
hide_groups_header: true |
||||
allow: |
||||
- admin |
||||
- anon |
||||
|
||||
## Storage routes: the storage server manages its own auth |
||||
- name: storage-v1 |
||||
_comment: "Storage: /storage/v1/* -> http://storage:5000/*" |
||||
url: http://storage:5000/ |
||||
routes: |
||||
- name: storage-v1-all |
||||
strip_path: true |
||||
paths: |
||||
- /storage/v1/ |
||||
plugins: |
||||
- name: cors |
||||
|
||||
## Secure Database routes |
||||
- name: meta |
||||
_comment: "pg-meta: /pg/* -> http://pg-meta:8080/*" |
||||
url: http://meta:8080/ |
||||
routes: |
||||
- name: meta-all |
||||
strip_path: true |
||||
paths: |
||||
- /pg/ |
||||
plugins: |
||||
- name: key-auth |
||||
config: |
||||
hide_credentials: false |
||||
- name: acl |
||||
config: |
||||
hide_groups_header: true |
||||
allow: |
||||
- admin |
||||
@ -0,0 +1,4 @@
|
||||
\set pguser `echo "$POSTGRES_USER"` |
||||
|
||||
create schema if not exists _realtime; |
||||
alter schema _realtime owner to :pguser; |
||||
@ -0,0 +1,7 @@
|
||||
-- NOTE: change to your own passwords for production environments |
||||
\set pgpass `echo "$POSTGRES_PASSWORD"` |
||||
|
||||
ALTER USER authenticator WITH PASSWORD :'pgpass'; |
||||
ALTER USER pgbouncer WITH PASSWORD :'pgpass'; |
||||
ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; |
||||
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; |
||||
Loading…
Reference in new issue