fix(docker): add SUPABASE_INTERNAL_URL for server-side Supabase access
Some checks failed
Workflow / ʦ TypeScript (push) Failing after 6m31s
Workflow / ⚫️ Test (push) Has been skipped

Server-side code (proxy.ts, SSR, API routes) now uses SUPABASE_INTERNAL_URL
(http://supabase-kong:8000) instead of the external domain. This avoids
hairpin NAT / DNS resolution issues where Docker containers can't reach
their own external domain through the reverse proxy.

Browser-side JS still uses the external URL (baked at build time).
This commit is contained in:
Zaid Marzguioui
2026-03-31 22:55:15 +02:00
parent d27fab7505
commit c9f8101698
3 changed files with 15 additions and 3 deletions

View File

@@ -4,7 +4,7 @@ WORKDIR /app
# --- Install + Build in one stage --- # --- Install + Build in one stage ---
FROM base AS builder FROM base AS builder
ARG CACHE_BUST=5 ARG CACHE_BUST=6
COPY . . COPY . .
RUN pnpm install --no-frozen-lockfile RUN pnpm install --no-frozen-lockfile
ENV NEXT_TELEMETRY_DISABLED=1 ENV NEXT_TELEMETRY_DISABLED=1

View File

@@ -321,10 +321,12 @@ services:
environment: environment:
NODE_ENV: production NODE_ENV: production
NEXT_PUBLIC_SITE_URL: ${SITE_URL:-http://localhost:3000} NEXT_PUBLIC_SITE_URL: ${SITE_URL:-http://localhost:3000}
# Must match the build-time value — server code reads from process.env # Browser-side: external domain (baked at build time, re-stated here for SSR)
NEXT_PUBLIC_SUPABASE_URL: ${API_EXTERNAL_URL:-http://localhost:8000} NEXT_PUBLIC_SUPABASE_URL: ${API_EXTERNAL_URL:-http://localhost:8000}
NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY} NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY}
NEXT_PUBLIC_DEFAULT_LOCALE: de NEXT_PUBLIC_DEFAULT_LOCALE: de
# Server-side: Docker-internal URL (avoids hairpin NAT / DNS issues)
SUPABASE_INTERNAL_URL: http://supabase-kong:8000
SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY} SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
SUPABASE_DB_WEBHOOK_SECRET: ${DB_WEBHOOK_SECRET:-webhooksecret} SUPABASE_DB_WEBHOOK_SECRET: ${DB_WEBHOOK_SECRET:-webhooksecret}
EMAIL_SENDER: ${EMAIL_SENDER:-noreply@myeasycms.de} EMAIL_SENDER: ${EMAIL_SENDER:-noreply@myeasycms.de}

View File

@@ -2,8 +2,18 @@ import * as z from 'zod';
/** /**
* Returns and validates the Supabase client keys from the environment. * Returns and validates the Supabase client keys from the environment.
*
* On the server, prefers SUPABASE_INTERNAL_URL (Docker-internal)
* over NEXT_PUBLIC_SUPABASE_URL (external domain) to avoid
* hairpin NAT / DNS issues in containerized deployments.
*/ */
export function getSupabaseClientKeys() { export function getSupabaseClientKeys() {
const isServer = typeof window === 'undefined';
const url = isServer
? (process.env.SUPABASE_INTERNAL_URL || process.env.NEXT_PUBLIC_SUPABASE_URL)
: process.env.NEXT_PUBLIC_SUPABASE_URL;
return z return z
.object({ .object({
url: z.string({ url: z.string({
@@ -14,7 +24,7 @@ export function getSupabaseClientKeys() {
}), }),
}) })
.parse({ .parse({
url: process.env.NEXT_PUBLIC_SUPABASE_URL, url,
publicKey: process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY, publicKey: process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY,
}); });
} }