[ { "path": ".gitignore", "content": ".env" }, { "path": "README.md", "content": "# Supabase Docker with Traefik\n\nNote: this setup is unofficial. It is supported by the Supabase community only.\n\nThis guide is covering a self-hosted Supabase setup with [Traefik](https://github.com/traefik/traefik) as a reverse proxy.\n\nPlease make sure you read the [self-hosting guide](https://supabase.io/docs/guides/self-hosting#running-supabase).\n\n## Setup Instructions\n\n### Cloning the Repository\n\nFirst, clone this repository:\n\n```bash\ngit clone --depth 1 https://github.com/supabase-community/supabase-traefik\n```\n\nNavigate to the repository folder:\n```bash\ncd supabase-traefik\n```\n\n### Setting Up Traefik\n\nIf you haven't set up Traefik before, navigate to the Traefik directory:\n\n```bash\ncd traefik\n```\n\nCopy the example environment variables:\n\n```bash\ncp .env.example .env\n```\n\nIn the `.env`, replace all the variable values with your own.\n\n\nAfter configuring all the files, you can start Traefik using Docker Compose:\n\n```bash\ndocker-compose up -d\n```\n\n### Setting Up Supabase\n\nGet the Supabase code by cloning the Supabase repository:\n\n```bash\ngit clone --depth 1 https://github.com/supabase/supabase\n```\n\nNavigate to the Docker folder:\n\n```bash\ncd supabase/docker\n```\n\nCopy the example environment variables:\n\n```bash\ncp .env.example .env\n```\n\nIn the `docker-compose.yml` file, add the following to each service:\n\n```yaml\nnetworks:\n - supabase\n```\n\nChange the network name to match the one used by Traefik if necessary.\n\nAfter configuring all the files, you can start the Supabase services using Docker Compose:\n\n```bash\ndocker-compose up -d\n```" }, { "path": "docker-compose.example.yml", "content": "# Usage\n# Start: docker compose up\n# With helpers: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up\n# Stop: docker compose down\n# Destroy: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans\n\nversion: \"3.8\"\nservices:\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n studio:\n container_name: supabase-studio\n image: supabase/studio:20240101-8e4a094\n restart: unless-stopped\n healthcheck:\n test:\n [\n \"CMD\",\n \"node\",\n \"-e\",\n \"require('http').get('http://localhost:3000/api/profile', (r) => {if (r.statusCode !== 200) throw new Error(r.statusCode)})\"\n ]\n timeout: 5s\n interval: 5s\n retries: 3\n depends_on:\n analytics:\n condition: service_healthy\n environment:\n STUDIO_PG_META_URL: http://meta:8080\n POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}\n\n DEFAULT_ORGANIZATION_NAME: ${STUDIO_DEFAULT_ORGANIZATION}\n DEFAULT_PROJECT_NAME: ${STUDIO_DEFAULT_PROJECT}\n\n SUPABASE_URL: http://kong:8000\n SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL}\n SUPABASE_ANON_KEY: ${ANON_KEY}\n SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}\n\n LOGFLARE_API_KEY: ${LOGFLARE_API_KEY}\n LOGFLARE_URL: http://analytics:4000\n NEXT_PUBLIC_ENABLE_LOGS: true\n # Comment to use Big Query backend for analytics\n NEXT_ANALYTICS_BACKEND_PROVIDER: postgres\n # Uncomment to use Big Query backend for analytics\n # NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n kong:\n container_name: supabase-kong\n image: kong:2.8.1\n restart: unless-stopped\n # https://unix.stackexchange.com/a/294837\n entrypoint: bash -c 'eval \"echo \\\"$$(cat ~/temp.yml)\\\"\" > ~/kong.yml && /docker-entrypoint.sh kong docker-start'\n ports:\n - ${KONG_HTTP_PORT}:8000/tcp\n - ${KONG_HTTPS_PORT}:8443/tcp\n depends_on:\n analytics:\n condition: service_healthy\n environment:\n KONG_DATABASE: \"off\"\n KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml\n # https://github.com/supabase/cli/issues/14\n KONG_DNS_ORDER: LAST,A,CNAME\n KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth\n KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k\n KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k\n SUPABASE_ANON_KEY: ${ANON_KEY}\n SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}\n DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}\n DASHBOARD_PASSWORD: ${DASHBOARD_PASSWORD}\n volumes:\n # https://github.com/supabase/supabase/issues/12661\n - ./volumes/api/kong.yml:/home/kong/temp.yml:ro\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n auth:\n container_name: supabase-auth\n image: supabase/gotrue:v2.132.3\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n analytics:\n condition: service_healthy\n healthcheck:\n test:\n [\n \"CMD\",\n \"wget\",\n \"--no-verbose\",\n \"--tries=1\",\n \"--spider\",\n \"http://localhost:9999/health\"\n ]\n timeout: 5s\n interval: 5s\n retries: 3\n restart: unless-stopped\n environment:\n GOTRUE_API_HOST: 0.0.0.0\n GOTRUE_API_PORT: 9999\n API_EXTERNAL_URL: ${API_EXTERNAL_URL}\n\n GOTRUE_DB_DRIVER: postgres\n GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\n\n GOTRUE_SITE_URL: ${SITE_URL}\n GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS}\n GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP}\n\n GOTRUE_JWT_ADMIN_ROLES: service_role\n GOTRUE_JWT_AUD: authenticated\n GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated\n GOTRUE_JWT_EXP: ${JWT_EXPIRY}\n GOTRUE_JWT_SECRET: ${JWT_SECRET}\n\n GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP}\n GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM}\n # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true\n # GOTRUE_SMTP_MAX_FREQUENCY: 1s\n GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL}\n GOTRUE_SMTP_HOST: ${SMTP_HOST}\n GOTRUE_SMTP_PORT: ${SMTP_PORT}\n GOTRUE_SMTP_USER: ${SMTP_USER}\n GOTRUE_SMTP_PASS: ${SMTP_PASS}\n GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME}\n GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE}\n GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION}\n GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY}\n GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE}\n\n GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP}\n GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM}\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n rest:\n container_name: supabase-rest\n image: postgrest/postgrest:v12.0.1\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n analytics:\n condition: service_healthy\n restart: unless-stopped\n environment:\n PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\n PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS}\n PGRST_DB_ANON_ROLE: anon\n PGRST_JWT_SECRET: ${JWT_SECRET}\n PGRST_DB_USE_LEGACY_GUCS: \"false\"\n PGRST_APP_SETTINGS_JWT_SECRET: ${JWT_SECRET}\n PGRST_APP_SETTINGS_JWT_EXP: ${JWT_EXPIRY}\n command: \"postgrest\"\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n realtime:\n # This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain\n container_name: realtime-dev.supabase-realtime\n image: supabase/realtime:v2.25.50\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n analytics:\n condition: service_healthy\n healthcheck:\n test:\n [\n \"CMD\",\n \"bash\",\n \"-c\",\n \"printf \\\\0 > /dev/tcp/localhost/4000\"\n ]\n timeout: 5s\n interval: 5s\n retries: 3\n restart: unless-stopped\n environment:\n PORT: 4000\n DB_HOST: ${POSTGRES_HOST}\n DB_PORT: ${POSTGRES_PORT}\n DB_USER: supabase_admin\n DB_PASSWORD: ${POSTGRES_PASSWORD}\n DB_NAME: ${POSTGRES_DB}\n DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime'\n DB_ENC_KEY: supabaserealtime\n API_JWT_SECRET: ${JWT_SECRET}\n FLY_ALLOC_ID: fly123\n FLY_APP_NAME: realtime\n SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq\n ERL_AFLAGS: -proto_dist inet_tcp\n ENABLE_TAILSCALE: \"false\"\n DNS_NODES: \"''\"\n command: >\n sh -c \"/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server\"\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n storage:\n container_name: supabase-storage\n image: supabase/storage-api:v0.43.11\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n rest:\n condition: service_started\n imgproxy:\n condition: service_started\n healthcheck:\n test:\n [\n \"CMD\",\n \"wget\",\n \"--no-verbose\",\n \"--tries=1\",\n \"--spider\",\n \"http://localhost:5000/status\"\n ]\n timeout: 5s\n interval: 5s\n retries: 3\n restart: unless-stopped\n environment:\n ANON_KEY: ${ANON_KEY}\n SERVICE_KEY: ${SERVICE_ROLE_KEY}\n POSTGREST_URL: http://rest:3000\n PGRST_JWT_SECRET: ${JWT_SECRET}\n DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\n FILE_SIZE_LIMIT: 52428800\n STORAGE_BACKEND: file\n FILE_STORAGE_BACKEND_PATH: /var/lib/storage\n TENANT_ID: stub\n # TODO: https://github.com/supabase/storage-api/issues/55\n REGION: stub\n GLOBAL_S3_BUCKET: stub\n ENABLE_IMAGE_TRANSFORMATION: \"true\"\n IMGPROXY_URL: http://imgproxy:5001\n volumes:\n - ./volumes/storage:/var/lib/storage:z\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n imgproxy:\n container_name: supabase-imgproxy\n image: darthsim/imgproxy:v3.8.0\n healthcheck:\n test: [ \"CMD\", \"imgproxy\", \"health\" ]\n timeout: 5s\n interval: 5s\n retries: 3\n environment:\n IMGPROXY_BIND: \":5001\"\n IMGPROXY_LOCAL_FILESYSTEM_ROOT: /\n IMGPROXY_USE_ETAG: \"true\"\n IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}\n volumes:\n - ./volumes/storage:/var/lib/storage:z\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n meta:\n container_name: supabase-meta\n image: supabase/postgres-meta:v0.75.0\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n analytics:\n condition: service_healthy\n restart: unless-stopped\n environment:\n PG_META_PORT: 8080\n PG_META_DB_HOST: ${POSTGRES_HOST}\n PG_META_DB_PORT: ${POSTGRES_PORT}\n PG_META_DB_NAME: ${POSTGRES_DB}\n PG_META_DB_USER: supabase_admin\n PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n functions:\n container_name: supabase-edge-functions\n image: supabase/edge-runtime:v1.29.1\n restart: unless-stopped\n depends_on:\n analytics:\n condition: service_healthy\n environment:\n JWT_SECRET: ${JWT_SECRET}\n SUPABASE_URL: http://kong:8000\n SUPABASE_ANON_KEY: ${ANON_KEY}\n SUPABASE_SERVICE_ROLE_KEY: ${SERVICE_ROLE_KEY}\n SUPABASE_DB_URL: postgresql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\n # TODO: Allow configuring VERIFY_JWT per function. This PR might help: https://github.com/supabase/cli/pull/786\n VERIFY_JWT: \"${FUNCTIONS_VERIFY_JWT}\"\n volumes:\n - ./volumes/functions:/home/deno/functions:Z\n command:\n - start\n - --main-service\n - /home/deno/functions/main\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n\n analytics:\n container_name: supabase-analytics\n image: supabase/logflare:1.4.0\n healthcheck:\n test: [ \"CMD\", \"curl\", \"http://localhost:4000/health\" ]\n timeout: 5s\n interval: 5s\n retries: 10\n restart: unless-stopped\n depends_on:\n db:\n # Disable this if you are using an external Postgres database\n condition: service_healthy\n # Uncomment to use Big Query backend for analytics\n # volumes:\n # - type: bind\n # source: ${PWD}/gcloud.json\n # target: /opt/app/rel/logflare/bin/gcloud.json\n # read_only: true\n environment:\n LOGFLARE_NODE_HOST: 127.0.0.1\n DB_USERNAME: supabase_admin\n DB_DATABASE: ${POSTGRES_DB}\n DB_HOSTNAME: ${POSTGRES_HOST}\n DB_PORT: ${POSTGRES_PORT}\n DB_PASSWORD: ${POSTGRES_PASSWORD}\n DB_SCHEMA: _analytics\n LOGFLARE_API_KEY: ${LOGFLARE_API_KEY}\n LOGFLARE_SINGLE_TENANT: true\n LOGFLARE_SUPABASE_MODE: true\n\n # Comment variables to use Big Query backend for analytics\n POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}\n POSTGRES_BACKEND_SCHEMA: _analytics\n LOGFLARE_FEATURE_FLAG_OVERRIDE: multibackend=true\n\n # Uncomment to use Big Query backend for analytics\n # GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}\n # GOOGLE_PROJECT_NUMBER: ${GOOGLE_PROJECT_NUMBER}\n ports:\n - 4000:4000\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n # Comment out everything below this point if you are using an external Postgres database\n db:\n container_name: supabase-db\n image: supabase/postgres:15.1.0.147\n healthcheck:\n test: pg_isready -U postgres -h localhost\n interval: 5s\n timeout: 5s\n retries: 10\n depends_on:\n vector:\n condition: service_healthy\n command:\n - postgres\n - -c\n - config_file=/etc/postgresql/postgresql.conf\n - -c\n - log_min_messages=fatal # prevents Realtime polling queries from appearing in logs\n restart: unless-stopped\n ports:\n # Pass down internal port because it's set dynamically by other services\n - ${POSTGRES_PORT}:${POSTGRES_PORT}\n environment:\n POSTGRES_HOST: /var/run/postgresql\n PGPORT: ${POSTGRES_PORT}\n POSTGRES_PORT: ${POSTGRES_PORT}\n PGPASSWORD: ${POSTGRES_PASSWORD}\n POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}\n PGDATABASE: ${POSTGRES_DB}\n POSTGRES_DB: ${POSTGRES_DB}\n JWT_SECRET: ${JWT_SECRET}\n JWT_EXP: ${JWT_EXPIRY}\n volumes:\n - ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/migrations/99-realtime.sql:Z\n # Must be superuser to create event trigger\n - ./volumes/db/webhooks.sql:/docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql:Z\n # Must be superuser to alter reserved role\n - ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/init-scripts/99-roles.sql:Z\n # Initialize the database settings with JWT_SECRET and JWT_EXP\n - ./volumes/db/jwt.sql:/docker-entrypoint-initdb.d/init-scripts/99-jwt.sql:Z\n # PGDATA directory is persisted between restarts\n - ./volumes/db/data:/var/lib/postgresql/data:Z\n # Changes required for Analytics support\n - ./volumes/db/logs.sql:/docker-entrypoint-initdb.d/migrations/99-logs.sql:Z\n networks:\n - supabase\n\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\n vector:\n container_name: supabase-vector\n image: timberio/vector:0.28.1-alpine\n healthcheck:\n test:\n [\n\n \"CMD\",\n \"wget\",\n \"--no-verbose\",\n \"--tries=1\",\n \"--spider\",\n \"http://vector:9001/health\"\n ]\n timeout: 5s\n interval: 5s\n retries: 3\n volumes:\n - ./volumes/logs/vector.yml:/etc/vector/vector.yml:ro\n - ${DOCKER_SOCKET_LOCATION}:/var/run/docker.sock:ro\n\n command: [ \"--config\", \"etc/vector/vector.yml\" ]\n networks:\n - supabase\n\n# ----------------------------------------------------------------------------------------------------------------------------------------------------------------- #\n\nnetworks:\n supabase:\n driver: bridge\n external: true" }, { "path": "traefik/docker-compose.yml", "content": "version: '3.9'\nservices:\n traefik:\n container_name: traefik\n hostname: traefik\n image: traefik:latest\n ports:\n - 8001:80\n - 44301:443\n - 8181:8080\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n - ./traefik/:/etc/traefik/\n networks:\n - supabase # rename this to your custom docker network\n \n# labels: # Only for Traefik, unless you use the fileConfig.yml file.\n# traefik.http.routers.api.rule: Host(`traefik.domain.com`) # Define the subdomain for the traefik dashboard.\n# traefik.http.routers.api.entryPoints: https # Set the Traefik entry point.\n# traefik.http.routers.api.service: api@internal # Enable Traefik API.\n# traefik.enable: true # Enable Traefik reverse proxy for the Traefik dashboard.\n environment:\n CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}\n CLOUDFLARE_EMAIL: ${$CLOUDFLARE_EMAIL}\n DOMAIN: ${DOMAIN}\n restart: unless-stopped\n depends_on:\n - dockersocket\n \n dockersocket:\n container_name: dockersocket\n image: tecnativa/docker-socket-proxy\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock\n networks:\n - supabase\n environment:\n CONTAINERS: 1\n POST: 0\n privileged: true\n restart: unless-stopped\n\nnetworks:\n supabase:\n driver: bridge\n external: true" }, { "path": "traefik/traefik/fileConfig.yml", "content": "http:\n routers:\n ###############################################################################################################################################################################\n\n ## EXTERNAL ROUTING ##\n traefik:\n entryPoints:\n - https\n rule: \"Host(`traefik.$DOMAIN`)\"\n service: traefik\n middlewares:\n - \"securityHeaders\"\n\n #Supabase Kong routing\n supabase-kong:\n entryPoints:\n - https\n rule: \"Host(`studio.$DOMAIN`)\"\n service: supabase-kong\n middlewares:\n - \"securityHeaders\"\n\n #Supabase Analytics routing\n supabase-analytics:\n entryPoints:\n - https\n rule: \"Host(`analytics.$DOMAIN`)\"\n service: supabase-analytics\n middlewares:\n - \"securityHeaders\"\n\n########################################################################################################################################################################\n\n ## SERVICES ##\n services:\n # Traefik service\n traefik:\n loadBalancer:\n servers:\n - url: http://$IPV4:8181\n\n # Supabase Kong service\n supabase-kong:\n loadbalancer:\n servers:\n - url: \"http://IPv4:8000\"\n\n\n # Supabase Analytics service\n supabase-analytics:\n loadbalancer:\n servers:\n - url: \"http://IPv4:4000\"\n\n\n ###############################################################################################################################################################################\n\n ## MIDDLEWARES ##\n middlewares:\n\n # Security headers\n securityHeaders:\n headers:\n customResponseHeaders:\n X-Robots-Tag: \"none,noarchive,nosnippet,notranslate,noimageindex\"\n server: \"\"\n sslProxyHeaders:\n X-Forwarded-Proto: https\n referrerPolicy: \"same-origin\"\n hostsProxyHeaders:\n - \"X-Forwarded-Host\"\n customRequestHeaders:\n X-Forwarded-Proto: \"https\"\n contentTypeNosniff: true\n browserXssFilter: true\n forceSTSHeader: true\n stsIncludeSubdomains: true\n stsSeconds: 63072000\n stsPreload: true\n" }, { "path": "traefik/traefik/traefik.yml", "content": "global:\n checkNewVersion: true\n sendAnonymousUsage: false\n\nserversTransport:\n insecureSkipVerify: true\n\nentryPoints:\n # Not used in apps, but redirect everything from HTTP to HTTPS\n http:\n address: :80\n http:\n redirections:\n entryPoint:\n to: https\n scheme: https\n\n # HTTPS endpoint, with domain wildcard\n https:\n address: :443\n http:\n tls:\n # Generate a wildcard domain certificate\n certResolver: letsencrypt\n domains:\n - main: $DOMAIN\n sans:\n - '*.$DOMAIN'\n middlewares:\n - securityHeaders@file\n\nproviders:\n providersThrottleDuration: 2s\n\n # File provider for connecting things that are outside of docker / defining middleware\n file:\n filename: /etc/traefik/fileConfig.yml\n watch: true\n\n # Docker provider for connecting all apps that are inside of the docker network\n docker:\n watch: true\n network: supabase\n # Default host rule to containername.domain.example\n defaultRule: \"Host(`{{ lower (trimPrefix `/` .Name )}}.$DOMAIN`)\"\n swarmModeRefreshSeconds: 15s\n exposedByDefault: false\n\n# Enable traefik ui\napi:\n dashboard: true\n insecure: true\n\n# Log level INFO|DEBUG|ERROR\nlog:\n level: INFO\n\n# Use letsencrypt to generate ssl serficiates\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: $CLOUDFLARE_EMAIL\n storage: /etc/traefik/acme.json\n dnsChallenge:\n provider: cloudflare\n # Used to make sure the dns challenge is propagated to the rights dns servers\n resolvers:\n - \"1.1.1.1:53\"\n - \"1.0.0.1:53\"\n" } ]