SupabaseKong

SupabaseKong

Official

Docker app from Raccommode's Repository

Overview

Kong is the API gateway used by the official self-hosted Supabase Docker stack. It routes Studio, Auth, REST, GraphQL, Realtime, Storage, and Edge Functions through a single public endpoint.

Stars GitHub commit activity Build Status Version License Twitter Follow

Kong or Kong Gateway is a cloud-native, platform-agnostic, scalable API 𖧹 LLM 𖧹 MCP Gateway distinguished for its high performance and extensibility via plugins. It also provides advanced AI traffic capabilities with multi-LLM support, semantic security, MCP traffic security and analytics, and more.

By providing functionality for proxying, routing, load balancing, health checking, authentication (and more), Kong serves as the central layer for orchestrating microservices or conventional API traffic - and agentic LLM and MCP as well - with ease.

Kong runs natively on Kubernetes thanks to its official Kubernetes Ingress Controller.



Installation | Documentation | Discussions | Forum | Blog | Builds | AI Gateway | Cloud Hosted Kong


Getting Started

If you prefer to use a cloud-hosted Kong, you can sign up for a free trial of Kong Konnect and get started in minutes. If not, you can follow the instructions below to get started with Kong on your own infrastructure.

Let’s test drive Kong by adding authentication to an API in under 5 minutes.

We suggest using the docker-compose distribution via the instructions below, but there is also a docker installation procedure if you’d prefer to run the Kong Gateway in DB-less mode.

Whether you’re running in the cloud, on bare metal, or using containers, you can find every supported distribution on our official installation page.

  1. To start, clone the Docker repository and navigate to the compose folder.
  $ git clone https://github.com/Kong/docker-kong
  $ cd docker-kong/compose/
  1. Start the Gateway stack using:
  $ KONG_DATABASE=postgres docker-compose --profile database up

The Gateway is now available on the following ports on localhost:

  • :8000 - send traffic to your service via Kong
  • :8001 - configure Kong using Admin API or via decK
  • :8002 - access Kong's management Web UI (Kong Manager) on localhost:8002

Next, follow the quick start guide to tour the Gateway features.

Getting started with AI Gateway for LLM and MCP

If you would like to get started with Kong AI Gateway capabilities including LLM and MCP features, please refer to the official AI documentation.

Features

By centralizing common API, AI and MCP functionality across all your organization's services, Kong Gateway creates more freedom for engineering teams to focus on the challenges that matter most.

The top Kong features include:

  • Advanced routing, load balancing, health checking - all configurable via a RESTful admin API or declarative configuration.
  • Authentication and authorization for APIs using methods like JWT, basic auth, OAuth, ACLs and more.
  • Universal LLM API to route across multiple providers like OpenAI, Anthropic, GCP Gemini, AWS Bedrock, Azure AI, Databricks, Mistral, Huggingface and more.
  • MCP traffic governance, MCP security and MCP observability in addition to MCP autogeneration from any RESTful API.
  • 60+ AI features like AI observability, semantic security and caching, semantic routing and more.
  • Proxy, SSL/TLS termination, and connectivity support for L4 or L7 traffic.
  • Plugins for enforcing traffic controls, rate limiting, req/res transformations, logging, monitoring and including a plugin developer hub.
  • Sophisticated deployment models like Declarative Databaseless Deployment and Hybrid Deployment (control plane/data plane separation) without any vendor lock-in.
  • Native ingress controller support for serving Kubernetes.

Plugin Hub

Plugins provide advanced functionality that extends the use of the Gateway. Many of the Kong Inc. and community-developed plugins like AWS Lambda, Correlation ID, and Response Transformer are showcased at the Plugin Hub.

Contribute to the Plugin Hub and ensure your next innovative idea is published and available to the broader community!

Contributing

We ❤️ pull requests, and we’re continually working hard to make it as easy as possible for developers to contribute. Before beginning development with the Kong Gateway, please familiarize yourself with the following developer resources:

Use the Plugin Development Guide for building new and creative plugins, or browse the online version of Kong's source code documentation in the Plugin Development Kit (PDK) Reference. Developers can build plugins in Lua, Go or JavaScript.

Releases

Please see the Changelog for more details about a given release. The SemVer Specification is followed when versioning Gateway releases.

Join the Community

Konnect Cloud

Kong Inc. offers commercial subscriptions that enhance the Kong Gateway in a variety of ways. Customers of Kong's Konnect Cloud subscription take advantage of additional gateway functionality, commercial support, and access to Kong's managed (SaaS) control plane platform. The Konnect Cloud platform features include real-time analytics, a service catalog, developer portals, and so much more! Get started with Konnect Cloud.

License

Copyright 2016-2026 Kong Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Install SupabaseKong on Unraid in a few clicks.

Find SupabaseKong in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for SupabaseKong Review the template variables and paths Click Install

Requirements

This template runs only the Kong gateway container from the official Supabase Docker Compose stack. It requires the Supabase kong.yml and kong-entrypoint.sh files from supabase/docker/volumes/api mounted below. It does not install Studio, Auth, PostgREST, Realtime, Storage, Edge Runtime, Postgres Meta, or Postgres. Put all Supabase containers on the same custom Docker network and make sure the service hostnames used inside kong.yml, such as studio, auth, rest, realtime, storage, functions, and meta, resolve to the matching containers. Generate new Supabase keys before first use; never keep the example keys.

Download Statistics

7,430,179
Total Downloads

Related apps

Explore more like this

Explore all

Details

Repository
kong/kong:latest
Last Updated2026-06-17
First Seen2026-06-05

Runtime arguments

Web UI
http://[IP]:[PORT:8000]
Network
bridge
Shell
bash
Privileged
false
Extra Params
--entrypoint=/bin/bash

Template configuration

HTTP Gateway PortPorttcp

Supabase HTTP API gateway port. Container port: 8000.

Target
8000
Default
8000
Value
8000
HTTPS Gateway PortPorttcp

Supabase HTTPS API gateway port. Container port: 8443. Mount TLS files and set Kong SSL variables if you enable direct TLS here.

Target
8443
Default
8443
Value
8443
Kong ConfigPathro

Official Supabase Kong declarative config copied from supabase/docker/volumes/api/kong.yml.

Target
/home/kong/temp.yml
Default
/mnt/user/appdata/supabase-kong/kong.yml
Value
/mnt/user/appdata/supabase-kong/kong.yml
Kong EntrypointPathro

Official Supabase Kong entrypoint copied from supabase/docker/volumes/api/kong-entrypoint.sh.

Target
/home/kong/kong-entrypoint.sh
Default
/mnt/user/appdata/supabase-kong/kong-entrypoint.sh
Value
/mnt/user/appdata/supabase-kong/kong-entrypoint.sh
TLS CertificatePathro

Optional TLS certificate for direct HTTPS on Kong. Usually a reverse proxy terminates TLS instead.

Target
/home/kong/server.crt
TLS Private KeyPathro

Optional TLS private key for direct HTTPS on Kong. Usually a reverse proxy terminates TLS instead.

Target
/home/kong/server.key
Database ModeVariable

Kong database mode. Supabase uses declarative DB-less config.

Target
KONG_DATABASE
Default
off
Value
off
Declarative Config PathVariable

Generated Kong config path inside the container.

Target
KONG_DECLARATIVE_CONFIG
Default
/usr/local/kong/kong.yml
Value
/usr/local/kong/kong.yml
DNS OrderVariable

Kong DNS resolution order used by the Supabase stack.

Target
KONG_DNS_ORDER
Default
LAST,A,CNAME
Value
LAST,A,CNAME
DNS Not Found TTLVariable

Kong DNS negative cache TTL in seconds.

Target
KONG_DNS_NOT_FOUND_TTL
Default
1
Value
1
PluginsVariable

Kong plugins required by the Supabase gateway config.

Target
KONG_PLUGINS
Default
request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction,post-function
Value
request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction,post-function
Proxy Buffer SizeVariable

Kong Nginx proxy buffer size used by the Supabase stack.

Target
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE
Default
160k
Value
160k
Proxy BuffersVariable

Kong Nginx proxy buffers used by the Supabase stack.

Target
KONG_NGINX_PROXY_PROXY_BUFFERS
Default
64 160k
Value
64 160k
Proxy Access LogVariable

Kong proxy access log target.

Target
KONG_PROXY_ACCESS_LOG
Default
/dev/stdout combined
Value
/dev/stdout combined
SSL Certificate PathVariable

Optional TLS certificate path inside the container, for example /home/kong/server.crt.

Target
KONG_SSL_CERT
SSL Key PathVariable

Optional TLS private key path inside the container, for example /home/kong/server.key.

Target
KONG_SSL_CERT_KEY
Anon KeyVariable

Legacy anon API key generated for the Supabase stack.

Target
SUPABASE_ANON_KEY
Service Role KeyVariable

Legacy service role API key. Never expose this key to client-side code.

Target
SUPABASE_SERVICE_KEY
Publishable KeyVariable

Optional opaque publishable API key for newer self-hosted Supabase setups.

Target
SUPABASE_PUBLISHABLE_KEY
Secret KeyVariable

Optional opaque secret API key for newer self-hosted Supabase setups. Never expose this key to client-side code.

Target
SUPABASE_SECRET_KEY
Anon Asymmetric KeyVariable

Optional pre-signed asymmetric JWT API key for the anon role.

Target
ANON_KEY_ASYMMETRIC
Service Role Asymmetric KeyVariable

Optional pre-signed asymmetric JWT API key for the service_role role.

Target
SERVICE_ROLE_KEY_ASYMMETRIC
Dashboard UsernameVariable

Basic auth username for Supabase Studio through Kong.

Target
DASHBOARD_USERNAME
Default
supabase
Value
supabase
Dashboard PasswordVariable

Basic auth password for Supabase Studio through Kong. Set a secure password before first start.

Target
DASHBOARD_PASSWORD