Supabase Studio Supabase Studio

Postgres development platform

Open-source Postgres development platform with authentication, instant APIs, and realtime subscriptions. Supabase provides hosted Postgres database, authentication & authorization, auto-generated APIs (REST, GraphQL, and real-time subscriptions), serverless functions, file storage, and AI & vector toolkit for embeddings and semantic search.

Links:

Note: The self-hosted version supports only one project - https://github.com/orgs/supabase/discussions/4907

TODO: Configure SMTP settings for authentication emails (password reset, magic links, etc.) TODO: Consider implementing automated PostgreSQL backups TODO: Add Prometheus metrics and Grafana dashboards for service monitoring TODO: Optimize connection pooler settings based on expected load

name: supabase
services:

  studio:
    container_name: supabase-studio
    image: supabase/studio:2025.11.10-sha-5291fe3
    restart: unless-stopped
    healthcheck:
      test:
        [
          "CMD",
          "node",
          "-e",
          "fetch('http://studio:3000/api/platform/profile').then((r) => {if (r.status !== 200) throw new Error(r.status)})"
        ]
      timeout: 10s
      interval: 5s
      retries: 3
    depends_on:
      analytics:
        condition: service_healthy
    environment:
      # Binds nestjs listener to both IPv4 and IPv6 network interfaces
      HOSTNAME: "::"

      STUDIO_PG_META_URL: http://meta:8080
      POSTGRES_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      PG_META_CRYPTO_KEY: ${SUPABASE_PG_META_CRYPTO_KEY}

      DEFAULT_ORGANIZATION_NAME: ${SUPABASE_STUDIO_DEFAULT_ORGANIZATION}
      DEFAULT_PROJECT_NAME: ${SUPABASE_STUDIO_DEFAULT_PROJECT}
      OPENAI_API_KEY: ${SUPABASE_OPENAI_API_KEY:-}

      SUPABASE_URL: http://kong:8000
      SUPABASE_PUBLIC_URL: https://supabase.${MYDOMAIN}
      SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
      AUTH_JWT_SECRET: ${SUPABASE_JWT_SECRET}

      LOGFLARE_PRIVATE_ACCESS_TOKEN: ${SUPABASE_LOGFLARE_PRIVATE_ACCESS_TOKEN}
      LOGFLARE_URL: http://analytics:4000
      NEXT_PUBLIC_ENABLE_LOGS: true
      # Comment to use Big Query backend for analytics
      NEXT_ANALYTICS_BACKEND_PROVIDER: postgres
      # Uncomment to use Big Query backend for analytics
      # NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
    networks:
      - supabase
    labels:
      homepage.group: Development
      homepage.name: Supabase Studio
      homepage.icon: supabase.png
      homepage.href: https://supabase.${MYDOMAIN}/
      homepage.description: "Postgres development platform"

  kong:
    container_name: supabase-kong
    image: kong:2.8.5
    restart: unless-stopped
    ports:
      - ${SUPABASE_KONG_HTTP_PORT}:8000/tcp
      - ${SUPABASE_KONG_HTTPS_PORT}:8443/tcp
    volumes:
      # https://github.com/supabase/supabase/issues/12661
      - ./supabase/api/kong.yml:/home/kong/temp.yml:ro
    depends_on:
      analytics:
        condition: service_healthy
    environment:
      KONG_DATABASE: "off"
      KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
      # https://github.com/supabase/cli/issues/14
      KONG_DNS_ORDER: LAST,A,CNAME
      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction
      KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
      KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
      SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
      DASHBOARD_USERNAME: ${SUPABASE_DASHBOARD_USERNAME}
      DASHBOARD_PASSWORD: ${SUPABASE_DASHBOARD_PASSWORD}
    # https://unix.stackexchange.com/a/294837
    entrypoint: bash -c 'eval "echo \"$$(cat ~/temp.yml)\"" > ~/kong.yml && /docker-entrypoint.sh kong docker-start'
    networks:
      - supabase
      - proxy
    labels:
      traefik.enable: true
      traefik.http.routers.supabase-kong.rule: Host(`supabase.${MYDOMAIN}`)
      traefik.http.routers.supabase-kong.middlewares: localaccess@file
      traefik.http.services.supabase-kong.loadbalancer.server.port: 8000

  auth:
    container_name: supabase-auth
    image: supabase/gotrue:v2.183.0
    restart: unless-stopped
    healthcheck:
      test:
        [
          "CMD",
          "wget",
          "--no-verbose",
          "--tries=1",
          "--spider",
          "http://localhost:9999/health"
        ]
      timeout: 5s
      interval: 5s
      retries: 3
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
      analytics:
        condition: service_healthy
    environment:
      GOTRUE_API_HOST: 0.0.0.0
      GOTRUE_API_PORT: 9999
      API_EXTERNAL_URL: ${SUPABASE_API_EXTERNAL_URL}

      GOTRUE_DB_DRIVER: postgres
      GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/${SUPABASE_POSTGRES_DB}

      GOTRUE_SITE_URL: ${SUPABASE_SITE_URL}
      GOTRUE_URI_ALLOW_LIST: ${SUPABASE_ADDITIONAL_REDIRECT_URLS}
      GOTRUE_DISABLE_SIGNUP: ${SUPABASE_DISABLE_SIGNUP}

      GOTRUE_JWT_ADMIN_ROLES: service_role
      GOTRUE_JWT_AUD: authenticated
      GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated
      GOTRUE_JWT_EXP: ${SUPABASE_JWT_EXPIRY}
      GOTRUE_JWT_SECRET: ${SUPABASE_JWT_SECRET}

      GOTRUE_EXTERNAL_EMAIL_ENABLED: ${SUPABASE_ENABLE_EMAIL_SIGNUP}
      GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED: ${SUPABASE_ENABLE_ANONYMOUS_USERS}
      GOTRUE_MAILER_AUTOCONFIRM: ${SUPABASE_ENABLE_EMAIL_AUTOCONFIRM}

      # Uncomment to bypass nonce check in ID Token flow. Commonly set to true when using Google Sign In on mobile.
      # GOTRUE_EXTERNAL_SKIP_NONCE_CHECK: true

      # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true
      # GOTRUE_SMTP_MAX_FREQUENCY: 1s
      GOTRUE_SMTP_ADMIN_EMAIL: ${SUPABASE_SMTP_ADMIN_EMAIL}
      GOTRUE_SMTP_HOST: ${SUPABASE_SMTP_HOST}
      GOTRUE_SMTP_PORT: ${SUPABASE_SMTP_PORT}
      GOTRUE_SMTP_USER: ${SUPABASE_SMTP_USER}
      GOTRUE_SMTP_PASS: ${SUPABASE_SMTP_PASS}
      GOTRUE_SMTP_SENDER_NAME: ${SUPABASE_SMTP_SENDER_NAME}
      GOTRUE_MAILER_URLPATHS_INVITE: ${SUPABASE_MAILER_URLPATHS_INVITE}
      GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${SUPABASE_MAILER_URLPATHS_CONFIRMATION}
      GOTRUE_MAILER_URLPATHS_RECOVERY: ${SUPABASE_MAILER_URLPATHS_RECOVERY}
      GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${SUPABASE_MAILER_URLPATHS_EMAIL_CHANGE}

      GOTRUE_EXTERNAL_PHONE_ENABLED: ${SUPABASE_ENABLE_PHONE_SIGNUP}
      GOTRUE_SMS_AUTOCONFIRM: ${SUPABASE_ENABLE_PHONE_AUTOCONFIRM}
      # Uncomment to enable custom access token hook. Please see: https://supabase.com/docs/guides/auth/auth-hooks for full list of hooks and additional details about custom_access_token_hook

      # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true"
      # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook"
      # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS: "<standard-base64-secret>"

      # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED: "true"
      # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/mfa_verification_attempt"

      # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED: "true"
      # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/password_verification_attempt"

      # GOTRUE_HOOK_SEND_SMS_ENABLED: "false"
      # GOTRUE_HOOK_SEND_SMS_URI: "pg-functions://postgres/public/custom_access_token_hook"
      # GOTRUE_HOOK_SEND_SMS_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"

      # GOTRUE_HOOK_SEND_EMAIL_ENABLED: "false"
      # GOTRUE_HOOK_SEND_EMAIL_URI: "http://host.docker.internal:54321/functions/v1/email_sender"
      # GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n"
    networks:
      - supabase

  rest:
    container_name: supabase-rest
    image: postgrest/postgrest:v13.0.8
    restart: unless-stopped
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
      analytics:
        condition: service_healthy
    environment:
      PGRST_DB_URI: postgres://authenticator:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/${SUPABASE_POSTGRES_DB}
      PGRST_DB_SCHEMAS: ${SUPABASE_PGRST_DB_SCHEMAS}
      PGRST_DB_ANON_ROLE: anon
      PGRST_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      PGRST_DB_USE_LEGACY_GUCS: "false"
      PGRST_APP_SETTINGS_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      PGRST_APP_SETTINGS_JWT_EXP: ${SUPABASE_JWT_EXPIRY}
    command:
      [
        "postgrest"
      ]
    networks:
      - supabase

  realtime:
    # This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
    container_name: realtime-dev.supabase-realtime
    image: supabase/realtime:v2.66.0
    restart: unless-stopped
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
      analytics:
        condition: service_healthy
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-sSfL",
          "--head",
          "-o",
          "/dev/null",
          "-H",
          "Authorization: Bearer ${SUPABASE_ANON_KEY}",
          "http://localhost:4000/api/tenants/realtime-dev/health"
        ]
      timeout: 5s
      interval: 5s
      retries: 3
    environment:
      PORT: 4000
      DB_HOST: ${SUPABASE_POSTGRES_HOST}
      DB_PORT: ${SUPABASE_POSTGRES_PORT}
      DB_USER: supabase_admin
      DB_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      DB_NAME: ${SUPABASE_POSTGRES_DB}
      DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime'
      DB_ENC_KEY: supabaserealtime
      API_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      SECRET_KEY_BASE: ${SUPABASE_SECRET_KEY_BASE}
      ERL_AFLAGS: -proto_dist inet_tcp
      DNS_NODES: "''"
      RLIMIT_NOFILE: "10000"
      APP_NAME: realtime
      SEED_SELF_HOST: true
      RUN_JANITOR: true
    networks:
      - supabase

  storage:
    container_name: supabase-storage
    image: supabase/storage-api:v1.32.0
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUMES}/supabase/storage:/var/lib/storage
    healthcheck:
      test:
        [
          "CMD",
          "wget",
          "--no-verbose",
          "--tries=1",
          "--spider",
          "http://storage:5000/status"
        ]
      timeout: 5s
      interval: 5s
      retries: 3
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
      rest:
        condition: service_started
      imgproxy:
        condition: service_started
    environment:
      ANON_KEY: ${SUPABASE_ANON_KEY}
      SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
      POSTGREST_URL: http://rest:3000
      PGRST_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      DATABASE_URL: postgres://supabase_storage_admin:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/${SUPABASE_POSTGRES_DB}
      REQUEST_ALLOW_X_FORWARDED_PATH: "true"
      FILE_SIZE_LIMIT: 52428800
      STORAGE_BACKEND: file
      FILE_STORAGE_BACKEND_PATH: /var/lib/storage
      TENANT_ID: stub
      # TODO: https://github.com/supabase/storage-api/issues/55
      REGION: stub
      GLOBAL_S3_BUCKET: stub
      ENABLE_IMAGE_TRANSFORMATION: "true"
      IMGPROXY_URL: http://imgproxy:5001
    networks:
      - supabase

  imgproxy:
    container_name: supabase-imgproxy
    image: darthsim/imgproxy:v3.30.1
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUMES}/supabase/storage:/var/lib/storage
    healthcheck:
      test:
        [
          "CMD",
          "imgproxy",
          "health"
        ]
      timeout: 5s
      interval: 5s
      retries: 3
    environment:
      IMGPROXY_BIND: ":5001"
      IMGPROXY_LOCAL_FILESYSTEM_ROOT: /
      IMGPROXY_USE_ETAG: "true"
      IMGPROXY_ENABLE_WEBP_DETECTION: ${SUPABASE_IMGPROXY_ENABLE_WEBP_DETECTION}
    networks:
      - supabase

  meta:
    container_name: supabase-meta
    image: supabase/postgres-meta:v0.93.1
    restart: unless-stopped
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
      analytics:
        condition: service_healthy
    environment:
      PG_META_PORT: 8080
      PG_META_DB_HOST: ${SUPABASE_POSTGRES_HOST}
      PG_META_DB_PORT: ${SUPABASE_POSTGRES_PORT}
      PG_META_DB_NAME: ${SUPABASE_POSTGRES_DB}
      PG_META_DB_USER: supabase_admin
      PG_META_DB_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      CRYPTO_KEY: ${SUPABASE_PG_META_CRYPTO_KEY}
    networks:
      - supabase

  functions:
    container_name: supabase-edge-functions
    image: supabase/edge-runtime:v1.69.26
    restart: unless-stopped
    volumes:
      - ./supabase/functions:/home/deno/functions:Z
    depends_on:
      analytics:
        condition: service_healthy
    environment:
      JWT_SECRET: ${SUPABASE_JWT_SECRET}
      SUPABASE_URL: http://kong:8000
      SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
      SUPABASE_SERVICE_ROLE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
      SUPABASE_DB_URL: postgresql://postgres:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/${SUPABASE_POSTGRES_DB}
      # TODO: Allow configuring VERIFY_JWT per function. This PR might help: https://github.com/supabase/cli/pull/786
      VERIFY_JWT: "${SUPABASE_FUNCTIONS_VERIFY_JWT}"
    command:
      [
        "start",
        "--main-service",
        "/home/deno/functions/main"
      ]
    networks:
      - supabase

  analytics:
    container_name: supabase-analytics
    image: supabase/logflare:1.26.14
    restart: unless-stopped
    # Uncomment to use Big Query backend for analytics
    # volumes:
    #   - type: bind
    #     source: ${PWD}/gcloud.json
    #     target: /opt/app/rel/logflare/bin/gcloud.json
    #     read_only: true
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "http://localhost:4000/health"
        ]
      timeout: 5s
      interval: 5s
      retries: 10
    depends_on:
      db:
        # Disable this if you are using an external Postgres database
        condition: service_healthy
    environment:
      LOGFLARE_NODE_HOST: 127.0.0.1
      DB_USERNAME: supabase_admin
      DB_DATABASE: _supabase
      DB_HOSTNAME: ${SUPABASE_POSTGRES_HOST}
      DB_PORT: ${SUPABASE_POSTGRES_PORT}
      DB_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      DB_SCHEMA: _analytics
      LOGFLARE_PUBLIC_ACCESS_TOKEN: ${SUPABASE_LOGFLARE_PUBLIC_ACCESS_TOKEN}
      LOGFLARE_PRIVATE_ACCESS_TOKEN: ${SUPABASE_LOGFLARE_PRIVATE_ACCESS_TOKEN}
      LOGFLARE_SINGLE_TENANT: true
      LOGFLARE_SUPABASE_MODE: true
      LOGFLARE_MIN_CLUSTER_SIZE: 1

      # Comment variables to use Big Query backend for analytics
      POSTGRES_BACKEND_URL: postgresql://supabase_admin:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/_supabase
      POSTGRES_BACKEND_SCHEMA: _analytics
      LOGFLARE_FEATURE_FLAG_OVERRIDE: multibackend=true
      # Uncomment to use Big Query backend for analytics
      # GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
      # GOOGLE_PROJECT_NUMBER: ${GOOGLE_PROJECT_NUMBER}
    networks:
      - supabase

  # Comment out everything below this point if you are using an external Postgres database
  db:
    container_name: supabase-db
    image: supabase/postgres:15.14.1.056
    restart: unless-stopped
    volumes:
      - ./supabase/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z
      # Must be superuser to create event trigger
      - ./supabase/db/webhooks.sql:/docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql:Z
      # Must be superuser to alter reserved role
      - ./supabase/db/roles.sql:/docker-entrypoint-initdb.d/init-scripts/99-roles.sql:Z
      # Initialize the database settings with JWT_SECRET and JWT_EXP
      - ./supabase/db/jwt.sql:/docker-entrypoint-initdb.d/init-scripts/99-jwt.sql:Z
      # PGDATA directory is persisted between restarts
      - supabase-db-data:/var/lib/postgresql/data
      # Changes required for internal supabase data such as _analytics
      - ./supabase/db/_supabase.sql:/docker-entrypoint-initdb.d/migrations/97-_supabase.sql:Z
      # Changes required for Analytics support
      - ./supabase/db/logs.sql:/docker-entrypoint-initdb.d/migrations/99-logs.sql:Z
      # Changes required for Pooler support
      - ./supabase/db/pooler.sql:/docker-entrypoint-initdb.d/migrations/99-pooler.sql:Z
      # Use named volume to persist pgsodium decryption key between restarts
      - supabase-db-config:/etc/postgresql-custom
    healthcheck:
      test:
        [
          "CMD",
          "pg_isready",
          "-U",
          "postgres",
          "-h",
          "localhost"
        ]
      interval: 5s
      timeout: 5s
      retries: 10
    depends_on:
      vector:
        condition: service_healthy
    environment:
      POSTGRES_HOST: /var/run/postgresql
      PGPORT: ${SUPABASE_POSTGRES_PORT}
      POSTGRES_PORT: ${SUPABASE_POSTGRES_PORT}
      PGPASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      POSTGRES_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      PGDATABASE: ${SUPABASE_POSTGRES_DB}
      POSTGRES_DB: ${SUPABASE_POSTGRES_DB}
      JWT_SECRET: ${SUPABASE_JWT_SECRET}
      JWT_EXP: ${SUPABASE_JWT_EXPIRY}
    command:
      [
        "postgres",
        "-c",
        "config_file=/etc/postgresql/postgresql.conf",
        "-c",
        "log_min_messages=fatal" # prevents Realtime polling queries from appearing in logs
      ]
    networks:
      - supabase

  vector:
    container_name: supabase-vector
    image: timberio/vector:0.51.1-alpine
    restart: unless-stopped
    volumes:
      - ./supabase/logs/vector.yml:/etc/vector/vector.yml:ro
      - ${SUPABASE_DOCKER_SOCKET_LOCATION}:/var/run/docker.sock:ro
    healthcheck:
      test:
        [
          "CMD",
          "wget",
          "--no-verbose",
          "--tries=1",
          "--spider",
          "http://vector:9001/health"
        ]
      timeout: 5s
      interval: 5s
      retries: 3
    environment:
      LOGFLARE_PUBLIC_ACCESS_TOKEN: ${SUPABASE_LOGFLARE_PUBLIC_ACCESS_TOKEN}
    command:
      [
        "--config",
        "/etc/vector/vector.yml"
      ]
    # kics-scan ignore-line
    security_opt:
      - "label=disable"
    networks:
      - supabase

  # Update the DATABASE_URL if you are using an external Postgres database
  supavisor:
    container_name: supabase-pooler
    image: supabase/supavisor:2.7.4
    restart: unless-stopped
    ports:
      - ${SUPABASE_POSTGRES_PORT}:5432
      - ${SUPABASE_POOLER_PROXY_PORT_TRANSACTION}:6543
    volumes:
      - ./supabase/pooler/pooler.exs:/etc/pooler/pooler.exs:ro
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-sSfL",
          "--head",
          "-o",
          "/dev/null",
          "http://127.0.0.1:4000/api/health"
        ]
      interval: 10s
      timeout: 5s
      retries: 5
    depends_on:
      db:
        condition: service_healthy
      analytics:
        condition: service_healthy
    environment:
      PORT: 4000
      POSTGRES_PORT: ${SUPABASE_POSTGRES_PORT}
      POSTGRES_DB: ${SUPABASE_POSTGRES_DB}
      POSTGRES_PASSWORD: ${SUPABASE_POSTGRES_PASSWORD}
      DATABASE_URL: ecto://supabase_admin:${SUPABASE_POSTGRES_PASSWORD}@${SUPABASE_POSTGRES_HOST}:${SUPABASE_POSTGRES_PORT}/_supabase
      CLUSTER_POSTGRES: true
      SECRET_KEY_BASE: ${SUPABASE_SECRET_KEY_BASE}
      VAULT_ENC_KEY: ${SUPABASE_VAULT_ENC_KEY}
      API_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      METRICS_JWT_SECRET: ${SUPABASE_JWT_SECRET}
      REGION: local
      ERL_AFLAGS: -proto_dist inet_tcp
      POOLER_TENANT_ID: ${SUPABASE_POOLER_TENANT_ID}
      POOLER_DEFAULT_POOL_SIZE: ${SUPABASE_POOLER_DEFAULT_POOL_SIZE}
      POOLER_MAX_CLIENT_CONN: ${SUPABASE_POOLER_MAX_CLIENT_CONN}
      POOLER_POOL_MODE: transaction
      DB_POOL_SIZE: ${SUPABASE_POOLER_DB_POOL_SIZE}
    command:
      [
        "/bin/sh",
        "-c",
        "/app/bin/migrate && /app/bin/supavisor eval \"$$(cat /etc/pooler/pooler.exs)\" && /app/bin/server"
      ]
    networks:
      - supabase

volumes:
  supabase-db-config:
  supabase-db-data:

networks:
  supabase:
    external: false
  proxy:
    external: true