variables: main_domain: ${randomDomain} postgres_password: ${password:32} jwt_secret: ${base64:32} dashboard_password: ${password:32} logflare_api_key: ${password:32} anon_key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICJyb2xlIjogImFub24iLAogICJpc3MiOiAic3VwYWJhc2UiLAogICJpYXQiOiAxNzQxNTAwMDAwLAogICJleHAiOiAxODk5MjY2NDAwCn0.muKe0Nrvkf5bMyLoFqAuFypRu3jHAcTYU08SYKrgRQo service_role_key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICJyb2xlIjogInNlcnZpY2Vfcm9sZSIsCiAgImlzcyI6ICJzdXBhYmFzZSIsCiAgImlhdCI6IDE3NDE1MDAwMDAsCiAgImV4cCI6IDE4OTkyNjY0MDAKfQ.1KoSiJVueKJNkF59uc84BLqk7h8VdAoVp6Gozqr_vGc config: domains: - serviceName: kong port: 8000 host: ${main_domain} env: SUPABASE_HOST: ${main_domain} POSTGRES_PASSWORD: ${postgres_password} JWT_SECRET: ${jwt_secret} ANON_KEY: ${anon_key} SERVICE_ROLE_KEY: ${service_role_key} DASHBOARD_USERNAME: "supabase" DASHBOARD_PASSWORD: ${dashboard_password} POSTGRES_HOSTNAME: "db" POSTGRES_DB: "postgres" POSTGRES_PORT: "5432" KONG_HTTP_PORT: "8000" KONG_HTTPS_PORT: "8443" PGRST_DB_SCHEMAS: "public,storage,graphql_public" ADDITIONAL_REDIRECT_URLS: "" JWT_EXPIRY: "3600" DISABLE_SIGNUP: "false" MAILER_URLPATHS_CONFIRMATION: "\"/auth/v1/verify\"" MAILER_URLPATHS_INVITE: "\"/auth/v1/verify\"" MAILER_URLPATHS_RECOVERY: "\"/auth/v1/verify\"" MAILER_URLPATHS_EMAIL_CHANGE: "\"/auth/v1/verify\"" ENABLE_EMAIL_SIGNUP: "true" ENABLE_EMAIL_AUTOCONFIRM: "false" SMTP_ADMIN_EMAIL: "admin@example.com" SMTP_HOSTNAME: "supabase-mail" SMTP_PORT: "2500" SMTP_USER: "fake_mail_user" SMTP_PASS: "fake_mail_password" SMTP_SENDER_NAME: "fake_sender" ENABLE_ANONYMOUS_USERS: "false" ENABLE_PHONE_SIGNUP: "true" ENABLE_PHONE_AUTOCONFIRM: "true" STUDIO_DEFAULT_ORGANIZATION: "Default Organization" STUDIO_DEFAULT_PROJECT: "Default Project" STUDIO_PORT: "3000" IMGPROXY_ENABLE_WEBP_DETECTION: "true" FUNCTIONS_VERIFY_JWT: "false" LOGFLARE_LOGGER_BACKEND_API_KEY: ${logflare_api_key} LOGFLARE_API_KEY: ${logflare_api_key} DOCKER_SOCKET_LOCATION: "/var/run/docker.sock" GOOGLE_PROJECT_ID: "GOOGLE_PROJECT_ID" GOOGLE_PROJECT_NUMBER: "GOOGLE_PROJECT_NUMBER" mounts: - filePath: /volumes/api/kong.yml content: | _format_version: '2.1' _transform: true ### ### Consumers / Users ### consumers: - username: DASHBOARD - username: anon keyauth_credentials: - key: $SUPABASE_ANON_KEY - username: service_role keyauth_credentials: - key: $SUPABASE_SERVICE_KEY ### ### Access Control List ### acls: - consumer: anon group: anon - consumer: service_role group: admin ### ### Dashboard credentials ### basicauth_credentials: - consumer: DASHBOARD username: $DASHBOARD_USERNAME password: $DASHBOARD_PASSWORD ### ### API Routes ### services: ## Open Auth routes - name: auth-v1-open url: http://auth:9999/verify routes: - name: auth-v1-open strip_path: true paths: - /auth/v1/verify plugins: - name: cors - name: auth-v1-open-callback url: http://auth:9999/callback routes: - name: auth-v1-open-callback strip_path: true paths: - /auth/v1/callback plugins: - name: cors - name: auth-v1-open-authorize url: http://auth:9999/authorize routes: - name: auth-v1-open-authorize strip_path: true paths: - /auth/v1/authorize plugins: - name: cors ## Secure Auth routes - name: auth-v1 _comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*' url: http://auth:9999/ routes: - name: auth-v1-all strip_path: true paths: - /auth/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - anon ## Secure REST routes - name: rest-v1 _comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*' url: http://rest:3000/ routes: - name: rest-v1-all strip_path: true paths: - /rest/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: true - name: acl config: hide_groups_header: true allow: - admin - anon ## Secure GraphQL routes - name: graphql-v1 _comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql' url: http://rest:3000/rpc/graphql routes: - name: graphql-v1-all strip_path: true paths: - /graphql/v1 plugins: - name: cors - name: key-auth config: hide_credentials: true - name: request-transformer