Supabase

Supabase is an open source Firebase alternative. We're building the features of Firebase using enterprise-grade open source tools.

For full documentation, visit supabase.com/docs.

Usage

You should bind the domain to the service kong if Zeabur does not instruct you to bind one.

You can find the username and password in the service kong.

Services

This Supabase instance includes Kong (API Gateway), Studio (Supabase Studio), Database (PostgreSQL), Meta (Postgres Meta), Rest (PostgREST), Auth (GoTrue), Supavisor (Database Pooler), MinIO (Object Storage), Storage (Storage API), ImgProxy (Image Processing), and Realtime.

If you need additional Supabase services, feel free to implement them according to the upstream docker-compose.yaml file and submit your changes to our Discord server. This applies to our Contribution Reward Program.

Configuration

Security Configuration

See Securing your services to update the secrets in your services. Note that you should restart all services in Project Settings in order to apply the configurations.

• JWT secrets: update it in the service, postgresql
• Anon and Service role keys: update it in the service, kong
• Dashboard username and password: update SUPABASE_USERNAME and PASSWORD in the service, kong

Add Google OAuth support

Add the following environment variables to the auth service:

• GOTRUE_EXTERNAL_GOOGLE_ENABLED=true
• GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID=xxxxxxxx
• GOTRUE_EXTERNAL_GOOGLE_SECRET=yyyyyyyy
• GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=https://supabase.zeabur.app/auth/v1/callback

Update supabase.zeabur.app to your public domain, for example: supabase.example.com.

You can find the client ID and secret in the Google Cloud Console.

Then, restart your auth service.

Add Apple OAuth support

Add the following environment variables to the auth service:

• GOTRUE_EXTERNAL_APPLE_ENABLED=true
• GOTRUE_EXTERNAL_APPLE_CLIENT_ID=xxxxxxxx
• GOTRUE_EXTERNAL_APPLE_SECRET=yyyyyyyy
• GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=https://supabase.zeabur.app/auth/v1/callback

Update supabase.zeabur.app to your public domain, for example: supabase.example.com.

You can find the client ID and secret in the Apple Developer Console.

Then, restart your auth service.

Configure SMTP Email Service (Resend Integration)

To enable email functionality in Supabase (user verification, password reset, etc.), configure SMTP settings using Resend as the email service provider.

Step 1: Resend Setup (Email Service Provider)

Domain Verification:

1. Verify your domain (e.g., mail.yourdomain.com) in Resend
2. Configure DNS records (TXT, CNAME, SPF, MX) as provided by Resend
3. Ensure verification status shows "Verified"

Sender Email Setup:

1. Configure sender email address: noreply@mail.yourdomain.com
2. Obtain your Resend API key from the dashboard

Step 2: Supabase Auth SMTP Configuration

Add the following environment variables to the auth service:

• GOTRUE_SMTP_HOST=smtp.resend.com - SMTP server host
• GOTRUE_SMTP_PORT=587 - Use STARTTLS port
• GOTRUE_SMTP_USER=resend (or leave blank) - Resend doesn't validate username, only API key
• GOTRUE_SMTP_PASS=re_xxx - Your Resend API Key
• GOTRUE_SMTP_ADMIN_EMAIL=noreply@mail.yourdomain.com - Admin sender email
• GOTRUE_SMTP_SENDER_NAME=Your App Name - Display name for emails
• GOTRUE_SITE_URL=https://yourdomain.zeabur.app - Determines the domain for verification links in emails

Step 3: Zeabur Environment Configuration

1. Navigate to your Zeabur project
2. Go to Service > Auth > Variables
3. Add all the SMTP variables listed above
4. Restart the auth service to apply changes

Step 4: Testing Email Functionality

Manual Testing:

curl -X POST "https://yourdomain.zeabur.app/auth/v1/signup" \
  -H "Content-Type: application/json" \
  -H "apikey: YOUR_ANON_KEY" \
  -d '{
    "email": "test@example.com",
    "password": "yourpassword"
  }'

Expected Results:

• Verification email sent successfully
• Email delivered to recipient (check spam folder initially)
• Supabase Auth handles registration verification and password reset emails automatically

Troubleshooting Notes

• SPF/DKIM Issues: Ensure all DNS settings match Resend's requirements to prevent email rejection
• Redirect URI Mismatch: Make sure GOTRUE_SITE_URL matches your actual deployed domain
• Email Delivery: Initial emails may go to spam; proper DNS configuration improves deliverability
• API Key Security: Store Resend API key securely in environment variables, never in code

Additional Features (Optional)

For advanced email customization, you can configure:

• Custom email templates
• Delivery report webhooks
• BIMI (Brand Indicators for Message Identification) settings
• Rate limiting and frequency controls

Advanced Auth Configuration (Optional)

Add these environment variables to the auth service for advanced features:

Custom Access Token Hook:

• GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED=true
• GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI=pg-functions://postgres/public/custom_access_token_hook
• GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS=<your-base64-secret>

MFA Verification Hook:

• GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED=true
• GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI=pg-functions://postgres/public/mfa_verification_attempt

Password Verification Hook:

• GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED=true
• GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI=pg-functions://postgres/public/password_verification_attempt

Custom SMS Hook:

• GOTRUE_HOOK_SEND_SMS_ENABLED=true
• GOTRUE_HOOK_SEND_SMS_URI=pg-functions://postgres/public/custom_sms_hook
• GOTRUE_HOOK_SEND_SMS_SECRETS=v1,whsec_<your-secret>

Custom Email Hook:

• GOTRUE_HOOK_SEND_EMAIL_ENABLED=true
• GOTRUE_HOOK_SEND_EMAIL_URI=http://host.docker.internal:54321/functions/v1/email_sender
• GOTRUE_HOOK_SEND_EMAIL_SECRETS=v1,whsec_<your-secret>

Other Options:

• GOTRUE_EXTERNAL_SKIP_NONCE_CHECK=true (for mobile Google Sign In)
• GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED=true
• GOTRUE_SMTP_MAX_FREQUENCY=1s

Studio SQL Assistant: Add to studio service:

• OPENAI_API_KEY=your-openai-api-key