lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-25 07:47:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0dd72a700bb60233c19e3fd7cfebacbfeacb2f84
supabase/apps/reference/docs/guides/hosting/overview.mdx
Inian 965ac54be4 fix some links
2022-08-14 00:11:00 +08:00

152 lines
6.7 KiB
Plaintext
Raw Blame History

---
id: overview
title: Self Hosting
sidebar_label: Overview
description: Getting started with Self Hosting.
---
import JwtGenerator from '@site/src/components/JwtGenerator'
There are several ways to use Supabase:
- [Supabase Cloud](https://app.supabase.com): you don't need to deploy anything. We will manage and scale your infrastructure.
- [Docker](../../guides/hosting/docker): deploy to your own infrastructure.
- Kubernetes: coming soon.
## Architecture
Supabase is a combination of open source tools, each specifically chosen for Enterprise-readiness.
If the tools and communities already exist, with an MIT, Apache 2, or equivalent open license, we will use and support that tool.
If the tool doesn't exist, we build and open source it ourselves.
![Supabase Architecture](/img/supabase-architecture.png)
- [Kong](https://github.com/Kong/kong) is a cloud-native API gateway.
- [GoTrue](https://github.com/netlify/gotrue) is an SWT based API for managing users and issuing SWT tokens.
- [PostgREST](http://postgrest.org/) is a web server that turns your PostgreSQL database directly into a RESTful API
- [Realtime](https://github.com/supabase/realtime) is an Elixir server that allows you to listen to PostgreSQL inserts, updates, and deletes using websockets. Realtime polls Postgres' built-in replication functionality for database changes, converts changes to JSON, then broadcasts the JSON over websockets to authorized clients.
- [Storage](https://github.com/supabase/storage-api) provides a RESTful interface for managing Files stored in S3, using Postgres to manage permissions.
- [postgres-meta](https://github.com/supabase/postgres-meta) is a RESTful API for managing your Postgres, allowing you to fetch tables, add roles, and run queries, etc.
- [PostgreSQL](https://www.postgresql.org/) is an object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.
## Configuration
Each system has a number of configuration options which can be found in the relevant product documentation.
- [Postgres](https://hub.docker.com/_/postgres/)
- [PostgREST](https://postgrest.org/en/stable/configuration.html)
- [Realtime](https://github.com/supabase/realtime#server-set-up)
- [GoTrue](https://github.com/supabase/gotrue)
- [Storage](https://github.com/supabase/storage-api)
- [Kong](https://docs.konghq.com/install/docker/)
## Managing your database
It is recommended that you decouple your database from the middleware so that you can upgrade the middleware without any downtime.
The "middleware" is everything except Postgres, and it should work with any Postgres provider (such as AWS RDS), or your own Postgres cluster.
### Database Extensions
Supabase requires some Postgres extensions to be enabled by default for the API and Auth system to work. You can find the extensions inside the
[schema initialization script](https://github.com/supabase/supabase/blob/master/docker/volumes/db/init/00-initial-schema.sql).
We recommend installing all extensions into an `extensions` schema. This will keep your API clean,
since all tables in the `public` schema are exposed via the API.
```sql
create schema if not exists extensions;
create extension if not exists "uuid-ossp" with schema extensions;
create extension if not exists pgcrypto with schema extensions;
create extension if not exists pgjwt with schema extensions;
```
##### `uuid-ossp`
For UUID functions, required for PostgreSQL <13.
##### `pgcrypto` and `pgjwt`
For working with JWT and Auth functions.
### Database Roles
Supabase creates several default roles in your Postgres database. To restore defaults at any time you can run the commands inside the
[schema initialization script](https://github.com/supabase/supabase/blob/master/docker/volumes/db/init/00-initial-schema.sql).
##### `postgres`
The default PostgreSQL role. This has admin privileges.
##### `anon`
For "anonymous access". This is the role which the API (PostgREST) will use when a user _is not_ logged in.
##### `authenticator`
A special role for the API (PostgREST). It has very limited access, and is used to validate a JWT and then
"change into" another role determined by the JWT verification.
##### `authenticated`
For "authenticated access". This is the role which the API (PostgREST) will use when a user _is_ logged in.
##### `service_role`
For elevated access. This role is used by the API (PostgREST) to bypass Row Level Security.
##### `supabase_auth_admin`
Used by the Auth middleware to connect to the database and run migration. Access is scoped to the `auth` schema.
##### `supabase_storage_admin`
Used by the Auth middleware to connect to the database and run migration. Access is scoped to the `storage` schema.
##### `dashboard_user`
For running commands via the Supabase UI.
##### `supabase_admin`
Supabase Administrative role for maintaining your database.
## API Keys
The API Gateway (Kong) uses JWT to authenticate access through to the database. The JWT should correspond to a relevant Postgres Role,
and Supabase is designed to work with 2 roles: an `ANON_KEY` for unauthenticated access and a `SERVICE_KEY` for elevated access.
Use this tool to generate keys:
<JwtGenerator />
## Managing your secrets
Many components inside Supabase use secure secrets and passwords. These are listed in the self-hosting
[env file](https://github.com/supabase/supabase/blob/master/docker/.env.example), but we strongly recommend using a
secrets manager when deploying to production. Plain text files like dotenv lead to accidental costly leaks.
Some suggested systems include:
- [Doppler](https://www.doppler.com/)
- [Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) by Azure
- [Secrets Manager](https://aws.amazon.com/secrets-manager/) by AWS
- [Secrets Manager](https://cloud.google.com/secret-manager) by GCP
- [Vault](https://www.hashicorp.com/products/vault) by Hashicorp
## Migrating and Upgrading
If you have decoupled your database from the middleware, then you should be able to redeploy the latest middleware at any time as long as it has no breaking changes.
Supabase is evolving fast, and we'll continue to improve the migration strategy as part of our core offering.
We realize that database migrations are difficult, and this is one of the problems we plan to make easy for developers.
## Deployment options
While Supabase officially supports Docker, we have several other deployment strategies managed by the community:
- [supabase-docker](../../guides/hosting/docker) (Official)
- [supabase-kubernetes](https://github.com/supabase-community/supabase-kubernetes) (Unofficial)
- [supabase-terraform](https://github.com/supabase-community/supabase-terraform) (Unofficial)
- [supabase-traefik](https://github.com/supabase-community/supabase-traefik) (Unofficial)
Reference in New Issue View Git Blame Copy Permalink