Blog/Tutorial

How to Self-Host Supabase on Your Own VPS with Docker

·9 min read
How to Self-Host Supabase on Your Own VPS with Docker

Supabase has established itself as the preferred open-source alternative to Firebase. Its offer is tempting: a real PostgreSQL database, user authentication, automatically generated APIs (REST and GraphQL), file storage, and real-time functions.

Although Supabase Cloud offers an excellent free tier, it has its limits: your projects pause after a week of inactivity, database storage is limited to 500 MB, and costs scale quickly if you need more resources.

The solution is to self-host Supabase on your own VPS. For the price of a €5 server on Hetzner or DigitalOcean, you can have a fully functional Supabase instance with no artificial data limits. In this guide, we explain how to do it step-by-step using Docker Compose and how SecuryBlack helps you manage it.


Prerequisites

To follow this guide, you will need:

  1. A clean VPS server (Ubuntu 24.04 recommended) with at least 2 GB of RAM (Supabase runs multiple services in containers, and 1 GB might not be enough).
  2. Docker and Docker Compose installed on the server.
  3. A domain or subdomain pointing to your server's public IP (e.g., supabase.yourdomain.com).

Step 1: Clone the Official Supabase Docker Repository

Supabase provides an officially maintained and optimized Docker configuration. Connect to your server via SSH and clone the repository:

# Clone the official repository
git clone --depth 1 https://github.com/supabase/supabase.git

# Move into the docker directory
cd supabase/docker

Step 2: Configure Environment Variables

Copy the .env.example template file to .env to start configuring passwords and cryptographic keys:

cp .env.example .env

Now you must generate secure passwords and unique JWT keys. Supabase includes a script, or you can use standard commands to create them. It is critical that you change the following values in the .env file:

  1. POSTGRES_PASSWORD: The master password for your PostgreSQL database.
  2. JWT_SECRET: A long random string to sign your users' authentication tokens.
  3. ANON_KEY and SERVICE_ROLE_KEY: API keys that you can generate using online JWT tools (using the JWT_SECRET configured above).

Open the file with your favorite editor to make the changes:

nano .env

Step 3: Start Supabase

Once the variables in the .env file are configured, you can spin up the entire stack of services using Docker Compose:

docker compose up -d

This command will download and start multiple containers:

  • Kong: The API Gateway that routes requests from your clients.
  • GoTrue: The microservice for user authentication.
  • PostgREST: The server that converts your database schema into an instant REST API.
  • Realtime: For real-time subscriptions via websockets.
  • Storage: To manage media files.
  • Studio: The visual administration panel (dashboard) for your database (available by default on port 8000).

To verify that everything is running correctly:

docker compose ps

Step 4: Secure the Installation with SecuryBlack

Self-hosting Supabase on an internet-exposed server requires important security and reliability precautions that you would normally have to configure manually. By connecting your VPS to SecuryBlack, this is solved automatically:

  1. Smart Firewall (FerroSentry): SecuryBlack blocks external access to internal database ports (port 5432) and the Studio dashboard (port 8000), opening only the API Gateway (Kong) port so that your application is secure against malicious scans.
  2. Server Monitoring (OxiPulse): Supabase consumes significant RAM and CPU resources when processing heavy transactions. The OxiPulse agent will notify you immediately if the VPS runs out of memory or storage.
  3. Verified Postgres Backups: Set up a periodic task in SecuryBlack to take a dump (pg_dump) of your Supabase database, upload it to your favorite cloud storage (Cloudflare R2 or S3), and automatically verify that the backup is not corrupt.

Conclusion

Self-hosting Supabase gives you absolute control over your data, removes the limitations of the free tier, and lets you save significant costs. With Docker Compose, the basic installation takes less than 10 minutes, and by complementing it with SecuryBlack, you get the security, observability, and peace of mind that you would normally only find on their paid cloud plans.