zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docker): add SUPABASE_INTERNAL_URL for server-side Supabase access
Some checks failed
Workflow / ʦ TypeScript (push) Failing after 6m31s
Details
Workflow / ⚫️ Test (push) Has been skipped
Details

Browse Source 
Server-side code (proxy.ts, SSR, API routes) now uses SUPABASE_INTERNAL_URL
(http://supabase-kong:8000) instead of the external domain. This avoids
hairpin NAT / DNS resolution issues where Docker containers can't reach
their own external domain through the reverse proxy.

Browser-side JS still uses the external URL (baked at build time).
This commit is contained in:
Zaid Marzguioui
2026-03-31 22:55:15 +02:00
parent d27fab7505
commit c9f8101698
3 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -4,7 +4,7 @@ WORKDIR /app
# --- Install + Build in one stage ---
FROM base AS builder
ARG CACHE_BUST=5
ARG CACHE_BUST=6
COPY . .
RUN pnpm install --no-frozen-lockfile
ENV NEXT_TELEMETRY_DISABLED=1

4
docker-compose.yml
View File

@@ -321,10 +321,12 @@ services:
environment:
NODE_ENV: production
NEXT_PUBLIC_SITE_URL: ${SITE_URL:-http://localhost:3000}
# Must match the build-time value — server code reads from process.env
# Browser-side: external domain (baked at build time, re-stated here for SSR)
NEXT_PUBLIC_SUPABASE_URL: ${API_EXTERNAL_URL:-http://localhost:8000}
NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY}
NEXT_PUBLIC_DEFAULT_LOCALE: de
# Server-side: Docker-internal URL (avoids hairpin NAT / DNS issues)
SUPABASE_INTERNAL_URL: http://supabase-kong:8000
SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
SUPABASE_DB_WEBHOOK_SECRET: ${DB_WEBHOOK_SECRET:-webhooksecret}
EMAIL_SENDER: ${EMAIL_SENDER:-noreply@myeasycms.de}

12
packages/supabase/src/get-supabase-client-keys.ts
View File

@@ -2,8 +2,18 @@ import * as z from 'zod';
/**
* Returns and validates the Supabase client keys from the environment.
*
* On the server, prefers SUPABASE_INTERNAL_URL (Docker-internal)
* over NEXT_PUBLIC_SUPABASE_URL (external domain) to avoid
* hairpin NAT / DNS issues in containerized deployments.
*/
export function getSupabaseClientKeys() {
const isServer = typeof window === 'undefined';
const url = isServer
? (process.env.SUPABASE_INTERNAL_URL || process.env.NEXT_PUBLIC_SUPABASE_URL)
: process.env.NEXT_PUBLIC_SUPABASE_URL;
return z
.object({
url: z.string({
@@ -14,7 +24,7 @@ export function getSupabaseClientKeys() {
}),
})
.parse({
url: process.env.NEXT_PUBLIC_SUPABASE_URL,
url,
publicKey: process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY,
});
}