Back to appsSubmit
SupabaseKong

SupabaseKong

Official

Docker app from Raccommode's Repository

Overview

Kong is the API gateway used by the official self-hosted Supabase Docker stack. It routes Studio, Auth, REST, GraphQL, Realtime, Storage, and Edge Functions through a single public endpoint.

Requirements

This template runs only the Kong gateway container from the official Supabase Docker Compose stack. It requires the Supabase kong.yml and kong-entrypoint.sh files from supabase/docker/volumes/api mounted below. It does not install Studio, Auth, PostgREST, Realtime, Storage, Edge Runtime, Postgres Meta, or Postgres. Put all Supabase containers on the same custom Docker network and make sure the service hostnames used inside kong.yml, such as studio, auth, rest, realtime, storage, functions, and meta, resolve to the matching containers. Generate new Supabase keys before first use; never keep the example keys.

Runtime arguments

Web UI
http://[IP]:[PORT:8000]
Network
bridge
Shell
bash
Privileged
false
Extra Params
--entrypoint=/bin/bash

Template configuration

HTTP Gateway PortPorttcp

Supabase HTTP API gateway port. Container port: 8000.

Target
8000
Default
8000
Value
8000
HTTPS Gateway PortPorttcp

Supabase HTTPS API gateway port. Container port: 8443. Mount TLS files and set Kong SSL variables if you enable direct TLS here.

Target
8443
Default
8443
Value
8443
Kong ConfigPathro

Official Supabase Kong declarative config copied from supabase/docker/volumes/api/kong.yml.

Target
/home/kong/temp.yml
Default
/mnt/user/appdata/supabase-kong/kong.yml
Value
/mnt/user/appdata/supabase-kong/kong.yml
Kong EntrypointPathro

Official Supabase Kong entrypoint copied from supabase/docker/volumes/api/kong-entrypoint.sh.

Target
/home/kong/kong-entrypoint.sh
Default
/mnt/user/appdata/supabase-kong/kong-entrypoint.sh
Value
/mnt/user/appdata/supabase-kong/kong-entrypoint.sh
TLS CertificatePathro

Optional TLS certificate for direct HTTPS on Kong. Usually a reverse proxy terminates TLS instead.

Target
/home/kong/server.crt
TLS Private KeyPathro

Optional TLS private key for direct HTTPS on Kong. Usually a reverse proxy terminates TLS instead.

Target
/home/kong/server.key
Database ModeVariable

Kong database mode. Supabase uses declarative DB-less config.

Target
KONG_DATABASE
Default
off
Value
off
Declarative Config PathVariable

Generated Kong config path inside the container.

Target
KONG_DECLARATIVE_CONFIG
Default
/usr/local/kong/kong.yml
Value
/usr/local/kong/kong.yml
DNS OrderVariable

Kong DNS resolution order used by the Supabase stack.

Target
KONG_DNS_ORDER
Default
LAST,A,CNAME
Value
LAST,A,CNAME
DNS Not Found TTLVariable

Kong DNS negative cache TTL in seconds.

Target
KONG_DNS_NOT_FOUND_TTL
Default
1
Value
1
PluginsVariable

Kong plugins required by the Supabase gateway config.

Target
KONG_PLUGINS
Default
request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction,post-function
Value
request-transformer,cors,key-auth,acl,basic-auth,request-termination,ip-restriction,post-function
Proxy Buffer SizeVariable

Kong Nginx proxy buffer size used by the Supabase stack.

Target
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE
Default
160k
Value
160k
Proxy BuffersVariable

Kong Nginx proxy buffers used by the Supabase stack.

Target
KONG_NGINX_PROXY_PROXY_BUFFERS
Default
64 160k
Value
64 160k
Proxy Access LogVariable

Kong proxy access log target.

Target
KONG_PROXY_ACCESS_LOG
Default
/dev/stdout combined
Value
/dev/stdout combined
SSL Certificate PathVariable

Optional TLS certificate path inside the container, for example /home/kong/server.crt.

Target
KONG_SSL_CERT
SSL Key PathVariable

Optional TLS private key path inside the container, for example /home/kong/server.key.

Target
KONG_SSL_CERT_KEY
Anon KeyVariable

Legacy anon API key generated for the Supabase stack.

Target
SUPABASE_ANON_KEY
Service Role KeyVariable

Legacy service role API key. Never expose this key to client-side code.

Target
SUPABASE_SERVICE_KEY
Publishable KeyVariable

Optional opaque publishable API key for newer self-hosted Supabase setups.

Target
SUPABASE_PUBLISHABLE_KEY
Secret KeyVariable

Optional opaque secret API key for newer self-hosted Supabase setups. Never expose this key to client-side code.

Target
SUPABASE_SECRET_KEY
Anon Asymmetric KeyVariable

Optional pre-signed asymmetric JWT API key for the anon role.

Target
ANON_KEY_ASYMMETRIC
Service Role Asymmetric KeyVariable

Optional pre-signed asymmetric JWT API key for the service_role role.

Target
SERVICE_ROLE_KEY_ASYMMETRIC
Dashboard UsernameVariable

Basic auth username for Supabase Studio through Kong.

Target
DASHBOARD_USERNAME
Default
supabase
Value
supabase
Dashboard PasswordVariable

Basic auth password for Supabase Studio through Kong. Set a secure password before first start.

Target
DASHBOARD_PASSWORD

Categories

Network > Proxy > ManagementTools > Utilities

Links

TemplateSupportDocker HubProject

Details

Repository
kong/kong:3.9.1
Registry
https://hub.docker.com/r/kong/kong
Last Updated2026-06-02
First Seen2026-05-24

Run SupabaseKong on Unraid.

SupabaseKong is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS