Christian WellsIn the world of web development, having a reliable and efficient backend solution is crucial. Supabase, an open-source alternative to Firebase, offers developers a comprehensive suite of tools for developing powerful applications. With features like a PostgreSQL database, user authentication, storage, and a real-time API, Supabase has become a popular choice among developers working with frameworks like Angular, Flutter, Next.js, React, Svelte, and Vue.
There are two ways to use Supabase: signing up for their cloud-hosted app, which provides additional features, or self-hosting the code using Docker. While self-hosting with Docker offers more flexibility, it is important to note that the self-hosted version is currently in beta and should only be used for testing and local development purposes. For all other purposes, it is recommended to use Supabase’s cloud application.
In this tutorial, we will guide you through the process of installing Supabase on a Debian 11 based server and proxying it via the Nginx server. By following these steps, you will be able to set up Supabase on your own infrastructure, giving you full control over your application’s backend.
Prerequisites
Before you begin the installation process, make sure you have the following:
- A server running Debian 11 with a minimum of 2GB RAM.
- A non-root user with sudo privileges.
- A domain name (
supabase.example.com) pointing to your server. - Ensure that your server is up to date by running the following commands:
sudo apt update && sudo apt upgrade
Step 1 – Configure Firewall
The first step in setting up your server is to configure the firewall. Debian comes with Uncomplicated Firewall (UFW) pre-installed. You can check if the firewall is running by executing the following command:
sudo ufw status
If the firewall is inactive, you can enable it by running the following commands:
sudo ufw allow OpenSSH sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable
This will allow SSH, HTTP, and HTTPS traffic through the firewall. Remember that enabling the firewall may disrupt existing SSH connections, so proceed with caution.
Step 2 – Install Git
Next, we need to install Git, a version control system that will help us manage the Supabase installation. Run the following command to install Git:
sudo apt install git
To confirm that Git has been successfully installed, you can check its version:
git --version
You should see the Git version displayed, indicating that the installation was successful.
Step 3 – Install Docker
Docker is a containerization platform that allows us to package our application and its dependencies into a standardized unit. To install Docker, we need to add Docker’s official GPG key and repository. Run the following commands to add the key and repository:
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io
Once the installation is complete, check that Docker is running:
sudo systemctl status docker
You should see a message indicating that Docker is active and running.
Step 4 – Install Docker Compose
Docker Compose is a tool that allows us to define and run multi-container Docker applications. Although the latest version of Docker Compose is 2.0.x, we will be installing the stable version 1.29.2 for compatibility reasons. Run the following commands to download and install Docker Compose:
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo curl -L https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose source ~/.bashrc
This will download Docker Compose and make it executable. Additionally, it will download the bash completion script for Docker Compose and apply the changes to your environment.
Step 5 – Download and Configure Supabase
Now that we have all the necessary dependencies installed, we can proceed with downloading and configuring Supabase. Start by cloning the Supabase GitHub repository:
git clone --depth 1 https://github.com/supabase/supabase.git
The --depth 1 flag ensures that we only pull the latest commits and not the entire history, improving performance. Change to the docker directory within the Supabase repository:
cd supabase/docker
Within this directory, you will find an example environment file named .env.example. Copy this file to create your own environment file:
cp.env.example.env
Open the newly created .env file for editing:
nano.env
This file contains various configuration variables that we need to set up. The first variable we need to modify is POSTGRES_PASSWORD. Replace the placeholder value with a strongly generated unique password:
POSTGRES_PASSWORD=<your_postgresql_password>
Next, we need to generate a unique password for the JWT_SECRET variable. This password should have more than 32 characters and should not contain any special characters. Replace the value of JWT_SECRET with your generated password:
JWT_SECRET=<your_jwt_secret>
To generate the ANON_KEY and SERVICE_KEY values, you will need to visit the Supabase website. Open your browser and navigate to the Supabase website. Enter your JWT_SECRET in the designated field and select ANON_KEY from the Preconfigured Payload dropdown menu. Click on the Generate JWT button to generate the token. Copy the generated token and paste it as the value for ANON_KEY in the .env file.
Repeat the same steps to generate the SERVICE_KEY, but this time select SERVICE_KEY from the Preconfigured Payload dropdown menu. Copy the generated token and paste it as the value for SERVICE_KEY in the .env file.
Next, configure the email SMTP settings by setting the following variables:
SMTP_HOST=email-smtp.us-west-2.amazonaws.com SMTP_PORT=587 SMTP_USER=<your_amazon_ses_user> SMTP_PASS=<your_amazon_ses_password> SMTP_SENDER_NAME=SupabaseAdmin
Replace the placeholders with the appropriate values for your SMTP service. In this example, we are using Amazon’s SES service.
Configure the site URL and the public REST URL by setting the following variables:
SITE_URL=https://supabase.example.com PUBLIC_REST_URL=https://supabase.example.com/rest/v1/
Replace supabase.example.com with your own domain name.
Save the changes to the .env file by pressing Ctrl + X, followed by Y to confirm the changes.
Note: There is a bug in Supabase that causes authentication emails sent via SMTP to have broken links. To fix this issue, open the docker-compose.yml file:
nano docker-compose.yml
Add the following variable right below the GOTRUE_SITE_URL variable:
API_EXTERNAL_URL: ${SITE_URL}
Save the file by pressing Ctrl + X, followed by Y to confirm the changes. This file will be overwritten every time you upgrade your Supabase installation, so you will need to add this variable manually to prevent the email bug from recurring.
Open the volumes/api/kong.yml file for editing:
nano volumes/api/kong.yml
Under the consumers section, replace the anon user’s key with the ANON_KEY generated earlier. Similarly, replace the service_role‘s key with the SERVICE_KEY. Save the file by pressing Ctrl + X, followed byY to confirm the changes.
Step 6 – Install Supabase
With the configuration in place, we can now proceed with installing Supabase. Run the following command to start the Supabase containers:
docker-compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up -d
This process may take some time as it pulls the necessary Docker images and sets up the containers. Once the process is complete, you can check the status of the running containers:
docker ps
You should see a list of containers related to Supabase, indicating that the installation was successful.
Step 7 – Install SSL
To secure your Supabase installation, it is recommended to use SSL/TLS encryption. Let’s Encrypt provides free SSL certificates that we can use for this purpose. To install Let’s Encrypt and generate an SSL certificate, follow these steps.
First, install the Snapd package installer, which is required to install Certbot:
sudo apt install snapd
Ensure that Snapd is up to date:
sudo snap install core && sudo snap refresh core
Install Certbot, the Let’s Encrypt client:
sudo snap install --classic certbot
Create a symbolic link to the Certbot command:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Verify the installation:
certbot --version
Now, generate the SSL certificate for your domain. Replace supabase.example.com with your own domain name:
sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m test@example.com -d supabase.example.com
This command will download the SSL certificate and store it in the /etc/letsencrypt/live/supabase.example.com directory on your server.
To further enhance security, generate a Diffie-Hellman group certificate:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Create a challenge webroot directory for Let’s Encrypt auto-renewal:
sudo mkdir -p /var/lib/letsencrypt
Next, create a cron job to automatically renew the SSL certificate. Open the cron job file for editing:
sudo nano /etc/cron.daily/certbot-renew
Paste the following code into the file:
#!/bin/sh certbot renew --cert-name supabase.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
Save the file by pressing Ctrl + X, followed by Y to confirm the changes.
Make the task file executable:
sudo chmod +x /etc/cron.daily/certbot-renew
Step 8 – Install and Configure Nginx
Nginx is a popular web server that we will use as a reverse proxy for Supabase. By proxying Supabase through Nginx, we can enhance security and control access to our application. To install Nginx, follow these steps.
First, we need to add the official Nginx signing key:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Add the repository for Nginx’s stable version:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
Update the Debian repositories:
sudo apt update
Install Nginx:
sudo apt install nginx
Verify the installation:
sudo nginx -v
You should see the Nginx version displayed, indicating that the installation was successful.
Next, we need to configure Nginx to proxy requests to Supabase. Open the Nginx configuration file for Supabase:
sudo nano /etc/nginx/conf.d/supabase.conf
Paste the following code into the file:
map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream supabase { server localhost:3000; } upstream kong { server localhost:8000; } server { listen 80; listen [::]:80; server_name supabase.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name supabase.example.com; access_log /var/log/nginx/supabase.access.log; error_log /var/log/nginx/supabase.error.log; gzip on; ssl_certificate /etc/letsencrypt/live/supabase.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/supabase.example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/supabase.example.com/chain.pem; ssl_session_timeout 5m; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; ssl_stapling on; ssl_stapling_verify on; ssl_dhparam /etc/ssl/certs/dhparam.pem; resolver 8.8.8.8; client_max_body_size 100m; location ~ ^/rest/v1/(.*)$ { proxy_set_header Host $host; proxy_pass http://kong; proxy_redirect off; } location ~ ^/auth/v1/(.*)$ { proxy_set_header Host $host; proxy_pass http://kong; proxy_redirect off; } location ~ ^/realtime/v1/(.*)$ { proxy_redirect off; proxy_pass http://kong; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; } location / { proxy_set_header Host $host; proxy_pass http://supabase; proxy_redirect off; proxy_set_header Upgrade $http_upgrade; } }
Replace supabase.example.com with your own domain name in the above code. This Nginx configuration will handle SSL termination, proxy requests to the appropriate services, and enable HTTP/2 support.
Save the changes to the file by pressing Ctrl + X, followed by Y to confirm the changes.
To ensure that Nginx is properly configured, run the following command:
sudo nginx -t
If there are no syntax errors in the configuration file, you will see a message indicating that the configuration is valid.
Finally, start the Nginx service to enable the new configuration:
sudo systemctl start nginx
Step 9 – Access Supabase
You can now access your Supabase installation via the URL https://supabase.example.com in your web browser. Replace supabase.example.com with your own domain name. You will be greeted with the Supabase login screen.
Please note that you won’t be able to create new projects in the self-hosted version of Supabase. However, you can manage existing projects, configure the database, storage, and authentication settings.
Step 10 – Enable HTTP Authentication
To further secure your Supabase installation, it is recommended to enable HTTP authentication using Nginx. This will add an extra layer of protection to your application.
To enable HTTP authentication, we will use the apache2-utils package for Nginx. Install it by running the following command:
sudo apt install apache2-utils
Next, create a password file for the user supabase (you can choose any username you want). This file will store the credentials for accessing your Supabase installation. Run the following command and enter a strong password when prompted:
sudo htpasswd -c /etc/nginx/.htpasswd supabase
To apply HTTP authentication to the Supabase routes, open the supabase.conf Nginx configuration file:
sudo nano /etc/nginx/conf.d/supabase.conf
In the location blocks for /rest/v1/,/auth/v1/, and /realtime/v1/, add the following lines:
auth_basic off;
In the location block for /, add the following lines:
auth_basic "Supabase Studio Login"; auth_basic_user_file /etc/nginx/.htpasswd;
Save the changes to the file by pressing Ctrl + X, followed by Y to confirm the changes.
To verify the Nginx configuration, run the following command:
sudo nginx -t
If there are no syntax errors, restart the Nginx service:
sudo systemctl restart nginx
The next time you access your Supabase installation, you will be prompted to enter the username and password you created earlier.
Step 11 – Update Supabase
Supabase is a constantly evolving product, with updates and improvements being released regularly. To keep your Supabase installation up to date, follow these steps whenever a new version is available.
Navigate to the Supabase directory:
cd ~/supabase
Pull the latest changes from the GitHub repository:
git pull
Check if there are any changes to the .env and volumes/api/kong.yml files that require reconfiguration.
Shut down and clean up the existing Docker containers:
docker-compose down --remove-orphans
Pull the latest Docker images:
docker-compose pull
Start the containers again:
docker-compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up -d
Your Supabase installation will now be updated to the latest version.
Conclusion
Congratulations! You have successfully installed and configured Supabase on your Debian 11 server. By following this comprehensive guide, you now have the power to build and deploy applications using Supabase’s powerful features. Remember to keep your installation up to date by regularly checking for updates and following the steps outlined in this tutorial.
If you have any questions or need further assistance, feel free to reach out in the comments section below. Happy coding!
If you are looking for reliable and secure cloud hosting services, consider Shape.host. Shape.host offers Linux SSD VPS solutions that are optimized for performance and scalability. With Shape.host, you can deploy your Supabase installation on a robust and efficient infrastructure, ensuring seamless operation and high availability. Visit Shape.host to learn more about their services and find the perfect hosting solution for your needs.
