feat(service): update Supabase to current latest versions#8316
feat(service): update Supabase to current latest versions#8316andrasbacsai merged 7 commits intocoollabsio:nextfrom
Conversation
|
Why this was removed?: |
ShadowArcanist
added
the
💤 Waiting for feedback
|
is it necessary to have them? thought its not used and not will be anyway first two are hardcoded keys, POSTGREST_URL, PGRST_JWT_SECRET, DATABASE_URL - just duplicates of what is set up above, FILE_SIZE_LIMIT - old name, renamed to a UPLOAD_FILE_SIZE_LIMIT, STORAGE_S3_, AWS_ - also duplicates, TENANT_ID, REGION - not needed anymore since issue they are referring to is closed + they are commented anyway, ENABLE_IMAGE_TRANSFORMATION, IMGPROXY_URL - duplicates as well |
I asked it because sometimes people comment out configurations so if someone needs it then they just have to uncomment them. I don't use supabase so don't know if those commented out configs are valid or not |
ShadowArcanist
removed
the
💤 Waiting for feedback
there is some commented out things that are necessary (like oauth configuration) indeed, but for this section it is not the case, looks like leftovers from old updates |
|
Compare the current template to yours because it looks like you just copied and pasted the Supabase components, because yes, some of the removed ones are necessary. |
clarify what from the removed ones are necessary. I've removed either deprecated or duplicated things that were commented out |
|
Might be good to
|
|
I'm getting errors when trying to view tables in studio Do you have that as well? |
I dont. is it a fresh project or migration? |
|
Fresh install, can't get it to work 🥴 |
replying on this 3rd time - though clarified reasons for all changes after first question - if you want to point on some unnecessary removal - reason it by saying what exact line it is and why it should stay. Otherwise these comments doesnt bring any value because they just state "it was here before, I dont know why, but they probably should stay there" explaining here line by line removals: hardcoded jwt tokens duplicate
duplicates
these are actually used in official template, will uncomment them and return via env duplicates regarding second part of the comment - yep, I will pull the latest images and will also add ANON_KEY, SERVICE_KEY, POSTGREST_URL, PGRST_JWT_SECRET since they exist in the official compose |
will check |
added some changes and updated images, spinned up fresh next instance and it is working. feel free to test updated version |
|
also adjusted vector changes with the official supabase adapted for Coolify's with starts_with() |
|
Ok this bangs, set it up with no errors after flushing the services json in the coolify docker 👍 |
|
hey @andrasbacsai can you please review and merge this pr if all good? 🙏🏻 |
|
Yeah would love this latest update. Can you install services on Coolify via PR? |
|
Using this as a base for some testing (excellent work, Vadko <3), it appears potentially possible to update to even newer versions. Newer versions are highlighted in bold. Supabase Kong (kong:2.8.5) Kong v3 which is now used by Supabase doesn't work without some config changes - I might give that a go soon. |
You have tested these yourself? |
Cinzya
added
the
⚙️ Service
|
Hi @Vadko! 👋 It appears to us that you are either adding a new service or making changes to an existing one. Coolify Docs Repository: https://github.com/coollabsio/coolify-docs |
@Vadko are you going to pick this up? |
It depends on when this will be merged, because I already updated dependencies several times, I dont want to end up making several more updates again. If a maintainer will reply regarding possibility to merge this I will do final versions review. |
Updated all Supabase service images to latest versions: - studio: 2026.01.07 -> 2026.01.27-sha-6aa59ff - postgres: 15.8.1.048 -> 15.8.1.085 - logflare: 1.4.0 -> 1.30.3 - postgrest: v12.2.12 -> v14.3 - gotrue: v2.174.0 -> v2.185.0 - realtime: v2.34.47 -> v2.72.0 - storage-api: v1.14.6 -> v1.37.1 - imgproxy: v3.8.0 -> v3.30.1 - postgres-meta: v0.89.3 -> v0.95.2 - edge-runtime: v1.67.4 -> v1.70.0 - supavisor: 2.5.1 -> 2.7.4 Config changes: - analytics: LOGFLARE_API_KEY replaced with LOGFLARE_PUBLIC/PRIVATE_ACCESS_TOKEN, removed LOGFLARE_SINGLE_TENANT_MODE and LOGFLARE_MIN_CLUSTER_SIZE - studio: added POSTGRES_PORT/DB, LOGFLARE_*_ACCESS_TOKEN, SNIPPETS/EDGE_FUNCTIONS management, volumes; removed CURRENT_CLI_VERSION, SUPABASE_PUBLIC_API - imgproxy: added IMGPROXY_BIND, IMGPROXY_MAX_SRC_RESOLUTION - meta: added CRYPTO_KEY - realtime: removed FLY_ALLOC_ID, FLY_APP_NAME, ENABLE_TAILSCALE; added DISABLE_HEALTHCHECK_LOGGING - storage: removed obsolete commented-out env vars
So, I have these deployed right now. It seems working, but I did have issues with Supabase Vector. For some reason it kept using the old /etc/vector/vector.yml, which included the deprecated Edit: Edit 2: |
|
Another thing I've come across is supabase cli not working properly. This should be the fix for that: |
…osting setup - Update Kong to 3.9.1 with new awk-based entrypoint script (replaces fragile eval/echo) - Add request-transformer plugin to all secure Kong routes for API key translation - Fix hide_credentials: false on REST and GraphQL routes - Add post-function plugin on storage route for S3 presigned URL compatibility - Add opaque API key support (SUPABASE_PUBLISHABLE_KEY, SUPABASE_SECRET_KEY) - Update Vector router to use contains() matching for Coolify container names - Add auto-generated self-signed TLS cert for Supavisor (fixes Supabase CLI connectivity) - Fix logs not queryable in Studio by separating public/private Logflare access tokens - Update image versions: Kong 3.9.1, Studio 2026.03.16, PostgREST v14.6, Storage v1.44.2, Edge Runtime v1.71.2 - Fix IMGPROXY_ENABLE_WEBP_DETECTION -> IMGPROXY_AUTO_WEBP - Add deno-cache volume for faster Edge Function cold starts - Make POOLER_TENANT_ID configurable - Add start_period to Realtime and Supavisor healthchecks - Add KONG_PROXY_ACCESS_LOG configuration - Update SQL init scripts to use $POSTGRES_USER instead of hardcoded supabase_admin
|
updated the templates to the latest versions according to Supabase GitHub, fixed the problem with the logs that @Revadike wrote about, also added a certificate to supabase-supavisor. Encourage everyone who were testing changes previously to do it again, on my side (dev and prod coolify builds) it works. cc @ShadowArcanist |
|
One thing I noticed is that Supabase now make Kong wait for studio to be healthy and not analytics. Don't believe it makes a realistic difference either way. |
…compatibility Using 'stub' as default would break existing installations that stored files under the default tenantId 'storage-single-tenant' (pre-TENANT_ID era). After upgrading, storage-api would look for files under 'stub/...' prefix instead of 'storage-single-tenant/...', making all existing files inaccessible.
|
Trying the new deploy yml. The vector issue came back: 2026-Apr-02 20:34:53 2026-04-02T20:34:53.311617Z INFO vector::app: Log level is enabled. level="info" |
|
Aaah, I see. I believe it's because Persistent Storages don't update. Here I see the old version. |
this is likely not related to the changes, since updated vector.yml includes updated |
|
idk what to do my whole deployment is fucked and im getting such a headache |
just update files manually via ssh to the newer versions |
|
How can I do that? sorry for being off-topic, but the issue right now that I'm struggling with is actually supabase edge functions 2026-Apr-02 21:14:29 worker boot error: failed to bootstrap runtime: No such file or directory (os error 2) /data/coolify/services/j13b0ql982u91w50tdgx8b51/volumes/functions# ls -l main 
|
its because this file was mounted as a directory. You need to delete directory and make sure only file is left |
|
So far it works from what I've tested. I tested using a totally fresh instance and then imported a db backup from file. Guess there will be some issues with the JWT keys and the new key format in future as they are changing from the current setup although it says it will remain backwards compatible. |
|
many hours laters... the edge functions issue was.... |
|
BTW, for future testers: Make sure to deploy resource via custom docker file. Don't choose supabase! |
How did you make a backup? I tried to do this with a coolify postgres backup (.dmp file), but I keep getting errors related to roles. Maybe roles/grants aren't dumped or restored properly? |
ShadowArcanist
changed the title
|
The template works fine for me, and I have notified core devs so Andras or Peak will merge this one when they have some time |
I just used the Coolify backup option shown as Superbase DB in the instance settings. I initially setup an s3 service but realised I didnt need that to keep backups (oh well, I now have a Seaweed instance to use for s3 stuff lol). I just downloaded the .dmp from the Coolify ui and then reuploaded to the new instance via the import backup option. The database was just the bare bones structure, some default data, RLS settings and functions. There was no auth users in the table at the time. |
ah that explains it, these issues were related to auth and storage schema tables not having the proper roles/grants. |
|
This might need updating to add the fix in #9079 - I only discovered that after fixing it myself when Supabase was sending out emails with the internal Kong urls. |
|
Thank you for the PR! 💜 |
10 participants
Changes
Updated all Supabase service images to latest versions:
Config changes:
Category
AI Usage
Steps to Test
docker ps— all 13 services should showhealthyorrunning)SERVICE_USER_ADMIN/SERVICE_PASSWORD_ADMIN)LOGFLARE_PUBLIC_ACCESS_TOKENworks)SELECT version();— should return PostgreSQL 15.8.1<KONG_URL>/functions/v1/hellowithAuthorization: Bearer <ANON_KEY>header - should return"Hello from Edge Functions!"Contributor Agreement
Important