supabase
使用 Pigsty 托管的 PostgreSQL 自建 Supabase 开源 Firebase 替代方案
supabase 配置模板提供了自建 Supabase 的参考配置,使用 Pigsty 托管的 PostgreSQL 作为底层存储。
更多细节,请参考 Supabase 自建教程
配置概览
- 配置名称:
supabase - 节点数量: 单节点
- 配置说明:使用 Pigsty 托管的 PostgreSQL 自建 Supabase
- 适用系统:
el8,el9,d12,u22,u24 - 适用架构:
x86_64 - 相关配置:
meta,rich
启用方式:
./configure -c supabase [-i <primary_ip>]
配置内容
源文件地址:pigsty/conf/supabase.yml
all:
children:
infra: { hosts: { 10.10.10.10: { infra_seq: 1 } }, vars: { repo_enabled: false } }
etcd: { hosts: { 10.10.10.10: { etcd_seq: 1 } }, vars: { etcd_cluster: etcd } }
minio: { hosts: { 10.10.10.10: { minio_seq: 1 } }, vars: { minio_cluster: minio } }
#----------------------------------------------#
# PostgreSQL cluster for Supabase self-hosting
#----------------------------------------------#
pg-meta:
hosts: { 10.10.10.10: { pg_seq: 1, pg_role: primary } }
vars:
pg_cluster: pg-meta
pg_users:
# supabase 角色
- { name: anon ,login: false }
- { name: authenticated ,login: false }
- { name: dashboard_user ,login: false ,replication: true ,createdb: true ,createrole: true }
- { name: service_role ,login: false ,bypassrls: true }
# supabase 用户
- { name: supabase_admin ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: true ,roles: [ dbrole_admin ] ,superuser: true ,replication: true ,createdb: true ,createrole: true ,bypassrls: true }
- { name: authenticator ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false ,roles: [ dbrole_admin, authenticated ,anon ,service_role ] }
- { name: supabase_auth_admin ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false ,roles: [ dbrole_admin ] ,createrole: true }
- { name: supabase_storage_admin ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false ,roles: [ dbrole_admin, authenticated ,anon ,service_role ] ,createrole: true }
- { name: supabase_functions_admin ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false ,roles: [ dbrole_admin ] ,createrole: true }
- { name: supabase_replication_admin ,password: 'DBUser.Supa' ,replication: true ,roles: [ dbrole_admin ]}
- { name: supabase_etl_admin ,password: 'DBUser.Supa' ,replication: true ,roles: [ pg_read_all_data ]}
- { name: supabase_read_only_user ,password: 'DBUser.Supa' ,bypassrls: true ,roles: [ pg_read_all_data, dbrole_readonly ]}
pg_databases:
- name: postgres
baseline: supabase.sql
owner: supabase_admin
comment: supabase postgres database
schemas: [ extensions ,auth ,realtime ,storage ,graphql_public ,supabase_functions ,_analytics ,_realtime ]
extensions:
- { name: pgcrypto ,schema: extensions }
- { name: pg_net ,schema: extensions }
- { name: pgjwt ,schema: extensions }
- { name: uuid-ossp ,schema: extensions }
- { name: pgsodium ,schema: extensions }
- { name: supabase_vault ,schema: extensions }
- { name: pg_graphql ,schema: extensions }
- { name: pg_jsonschema ,schema: extensions }
- { name: wrappers ,schema: extensions }
- { name: http ,schema: extensions }
- { name: pg_cron ,schema: extensions }
- { name: timescaledb ,schema: extensions }
- { name: pg_tle ,schema: extensions }
- { name: vector ,schema: extensions }
- { name: pgmq ,schema: extensions }
- { name: supabase ,owner: supabase_admin ,comment: supabase analytics database }
pg_libs: 'timescaledb, pgsodium, plpgsql, plpgsql_check, pg_cron, pg_net, pg_stat_statements, auto_explain, pg_wait_sampling, pg_tle, plan_filter'
pg_extensions: [ pg18-main ,pg18-time ,pg18-gis ,pg18-rag ,pg18-fts ,pg18-olap ,pg18-feat ,pg18-lang ,pg18-type ,pg18-util ,pg18-func ,pg18-admin ,pg18-stat ,pg18-sec ,pg18-fdw ,pg18-sim ,pg18-etl]
pg_parameters: { cron.database_name: postgres }
pg_hba_rules:
- { user: all ,db: postgres ,addr: intra ,auth: pwd ,title: 'allow supabase access from intranet' }
- { user: all ,db: postgres ,addr: 172.17.0.0/16 ,auth: pwd ,title: 'allow access from local docker network' }
node_crontab:
- '00 01 * * * postgres /pg/bin/pg-backup full'
- '* * * * * postgres /pg/bin/supa-kick' # 处理 _analytics 延迟问题
#----------------------------------------------#
# Supabase 无状态容器 (默认用户密码: supabase/pigsty)
#----------------------------------------------#
supabase:
hosts: { 10.10.10.10: {} }
vars:
docker_enabled: true
app: supabase
apps:
supabase:
conf:
# 重要:修改 JWT_SECRET 并重新生成凭据!
JWT_SECRET: your-super-secret-jwt-token-with-at-least-32-characters-long
ANON_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SERVICE_ROLE_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
PG_META_CRYPTO_KEY: your-encryption-key-32-chars-min
DASHBOARD_USERNAME: supabase
DASHBOARD_PASSWORD: pigsty
LOGFLARE_PUBLIC_ACCESS_TOKEN: 1234567890abcdef...
LOGFLARE_PRIVATE_ACCESS_TOKEN: fedcba0987654321...
# PostgreSQL 连接配置
POSTGRES_HOST: 10.10.10.10
POSTGRES_PORT: 5436
POSTGRES_DB: postgres
POSTGRES_PASSWORD: DBUser.Supa
# Supabase 外部访问地址
SITE_URL: https://supa.pigsty
API_EXTERNAL_URL: https://supa.pigsty
SUPABASE_PUBLIC_URL: https://supa.pigsty
# S3/MinIO 文件存储配置
S3_BUCKET: data
S3_ENDPOINT: https://sss.pigsty:9000
S3_ACCESS_KEY: s3user_data
S3_SECRET_KEY: S3User.Data
MINIO_DOMAIN_IP: 10.10.10.10
vars:
version: v4.0.0
admin_ip: 10.10.10.10
region: default
infra_portal:
home : { domain: i.pigsty }
minio : { domain: m.pigsty ,endpoint: "${admin_ip}:9001" ,scheme: https ,websocket: true }
supa : { domain: supa.pigsty ,endpoint: "10.10.10.10:8000" ,websocket: true ,certbot: supa.pigsty }
node_etc_hosts: [ "10.10.10.10 i.pigsty sss.pigsty supa.pigsty" ]
# 使用 MinIO 作为 PostgreSQL 备份存储
minio_endpoint: https://sss.pigsty:9000
pgbackrest_method: minio
pgbackrest_repo:
minio:
type: s3
s3_endpoint: sss.pigsty
s3_bucket: pgsql
s3_key: pgbackrest
s3_key_secret: S3User.Backup
# ... 更多配置
pg_version: 18
#----------------------------------------------#
# PASSWORD
#----------------------------------------------#
grafana_admin_password: pigsty
grafana_view_password: DBUser.Viewer
pg_admin_password: DBUser.DBA
pg_monitor_password: DBUser.Monitor
pg_replication_password: DBUser.Replicator
patroni_password: Patroni.API
haproxy_admin_password: pigsty
minio_secret_key: S3User.MinIO
etcd_root_password: Etcd.Root
配置解读
supabase 模板提供了完整的 Supabase 自建方案,让您可以在自己的基础设施上运行这个开源 Firebase 替代品。
架构组成:
- PostgreSQL:Pigsty 托管的生产级 PostgreSQL(支持高可用)
- Docker 容器:Supabase 无状态服务(Auth、Storage、Realtime、Edge Functions 等)
- MinIO:S3 兼容的对象存储,用于文件存储和 PostgreSQL 备份
- Nginx:反向代理和 HTTPS 终止
关键特性:
- 使用 Pigsty 管理的 PostgreSQL 替代 Supabase 自带的数据库容器
- 支持 PostgreSQL 高可用(可扩展为三节点集群)
- 安装全部 Supabase 所需扩展(pg_net、pgjwt、pg_graphql、vector 等)
- 集成 MinIO 对象存储用于文件上传和备份
- 支持 HTTPS 和 Let’s Encrypt 自动证书
部署步骤:
curl https://repo.pigsty.io/get | bash # 下载 Pigsty
./configure -c supabase # 使用 supabase 配置模板
./install.yml # 安装 Pigsty、PostgreSQL、MinIO
./docker.yml # 安装 Docker
./app.yml # 启动 Supabase 容器
访问方式:
# Supabase Studio
https://supa.pigsty (用户名: supabase, 密码: pigsty)
# 直接连接 PostgreSQL
psql postgres://supabase_admin:DBUser.Supa@10.10.10.10:5432/postgres
适用场景:
- 需要自建 BaaS (Backend as a Service) 平台
- 希望完全掌控数据和基础设施
- 需要企业级 PostgreSQL 高可用和备份
- 对 Supabase 云服务有合规或成本考虑
注意事项:
- 必须修改 JWT_SECRET:使用至少 32 字符的随机字符串,并重新生成 ANON_KEY 和 SERVICE_ROLE_KEY
- 需要配置正确的域名(
SITE_URL、API_EXTERNAL_URL) - 生产环境建议启用 HTTPS(可使用 certbot 自动签发证书)
- Docker 网络需要能访问 PostgreSQL(已配置 172.17.0.0/16 HBA 规则)