# MyEasyCMS v2 — Docker Compose for LOCAL DEVELOPMENT # # Usage: docker compose -f docker-compose.local.yml up -d # # Differences from production docker-compose.yml: # - App URL is http://localhost:3000 (no HTTPS requirement) # - All ports exposed on localhost for debugging # - NEXT_PUBLIC_CI=true bypasses HTTPS validation in build # - Supabase Studio accessible at http://localhost:54323 # - Inbucket (email) accessible at http://localhost:54324 # - Kong API Gateway at http://localhost:8000 services: # ===================================================== # Supabase Postgres # ===================================================== supabase-db: image: supabase/postgres:15.8.1.060 restart: unless-stopped ports: - '54322:5432' volumes: - supabase-db-data:/var/lib/postgresql/data - ./docker/db/zzz-role-passwords.sh:/docker-entrypoint-initdb.d/zzz-role-passwords.sh:ro - ./apps/web/supabase/migrations:/app-migrations:ro environment: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} POSTGRES_DB: postgres healthcheck: test: ['CMD-SHELL', 'pg_isready -U postgres -d postgres'] interval: 10s timeout: 5s retries: 10 # Run app migrations + seed supabase-db-migrate: image: supabase/postgres:15.8.1.060 depends_on: supabase-db: condition: service_healthy volumes: - ./apps/web/supabase/migrations:/app-migrations:ro - ./apps/web/supabase/seed.sql:/app-seed/seed.sql:ro - ./docker/db/dev-bootstrap.sh:/app-seed/dev-bootstrap.sh:ro environment: PGPASSWORD: ${POSTGRES_PASSWORD:-postgres} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} entrypoint: ['/bin/sh', '-c'] command: - | echo "🔑 Ensuring role passwords are set..." psql -h supabase-db -U supabase_admin -d postgres -v ON_ERROR_STOP=0 -c "ALTER ROLE authenticator WITH LOGIN PASSWORD '${POSTGRES_PASSWORD:-postgres}';" -c "ALTER ROLE supabase_storage_admin WITH LOGIN PASSWORD '${POSTGRES_PASSWORD:-postgres}';" -c "ALTER ROLE supabase_auth_admin WITH LOGIN PASSWORD '${POSTGRES_PASSWORD:-postgres}';" -c "ALTER ROLE dashboard_user WITH LOGIN PASSWORD '${POSTGRES_PASSWORD:-postgres}';" -c "ALTER ROLE postgres WITH PASSWORD '${POSTGRES_PASSWORD:-postgres}';" -c "CREATE SCHEMA IF NOT EXISTS _realtime;" -c "GRANT ALL ON SCHEMA _realtime TO supabase_admin;" -c "GRANT USAGE ON SCHEMA _realtime TO postgres, anon, authenticated, service_role;" 2>&1 || true echo "" echo "Running app migrations..." for sql in /app-migrations/*.sql; do echo " → $$sql" psql -h supabase-db -U supabase_admin -d postgres -v ON_ERROR_STOP=0 -f "$$sql" 2>&1 || true done echo "✅ App migrations complete." echo "" sh /app-seed/dev-bootstrap.sh restart: 'no' # ===================================================== # Supabase Auth (GoTrue) # ===================================================== supabase-auth: image: supabase/gotrue:v2.172.1 restart: unless-stopped depends_on: supabase-db: condition: service_healthy supabase-db-migrate: condition: service_completed_successfully environment: GOTRUE_API_HOST: 0.0.0.0 GOTRUE_API_PORT: 9999 API_EXTERNAL_URL: http://localhost:8000 GOTRUE_DB_DRIVER: postgres GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD:-postgres}@supabase-db:5432/postgres?search_path=auth GOTRUE_SITE_URL: http://localhost:3000 GOTRUE_URI_ALLOW_LIST: '' GOTRUE_DISABLE_SIGNUP: 'false' GOTRUE_JWT_ADMIN_ROLES: service_role GOTRUE_JWT_AUD: authenticated GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated GOTRUE_JWT_EXP: 3600 GOTRUE_JWT_SECRET: ${JWT_SECRET:-super-secret-jwt-token-with-at-least-32-characters-long} GOTRUE_EXTERNAL_EMAIL_ENABLED: true GOTRUE_MAILER_AUTOCONFIRM: 'true' GOTRUE_SMTP_HOST: supabase-inbucket GOTRUE_SMTP_PORT: 2500 GOTRUE_SMTP_USER: '' GOTRUE_SMTP_PASS: '' GOTRUE_SMTP_ADMIN_EMAIL: admin@localhost GOTRUE_MAILER_URLPATHS_INVITE: /auth/v1/verify GOTRUE_MAILER_URLPATHS_CONFIRMATION: /auth/v1/verify GOTRUE_MAILER_URLPATHS_RECOVERY: /auth/v1/verify GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: /auth/v1/verify healthcheck: test: [ 'CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://localhost:9999/health', ] interval: 10s timeout: 5s retries: 5 # ===================================================== # Supabase REST (PostgREST) # ===================================================== supabase-rest: image: postgrest/postgrest:v12.2.8 restart: unless-stopped depends_on: supabase-db: condition: service_healthy supabase-db-migrate: condition: service_completed_successfully environment: PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD:-postgres}@supabase-db:5432/postgres PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_JWT_SECRET: ${JWT_SECRET:-super-secret-jwt-token-with-at-least-32-characters-long} PGRST_DB_USE_LEGACY_GUCS: 'false' healthcheck: test: ['CMD-SHELL', 'head -c0 sh -c "sed 's|\$${SUPABASE_ANON_KEY}|'\"$$SUPABASE_ANON_KEY\"'|g; s|\$${SUPABASE_SERVICE_KEY}|'\"$$SUPABASE_SERVICE_KEY\"'|g' /var/lib/kong/kong.yml.tpl > /tmp/kong.yml && KONG_DECLARATIVE_CONFIG=/tmp/kong.yml /docker-entrypoint.sh kong docker-start" environment: KONG_DATABASE: 'off' KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml KONG_DNS_ORDER: LAST,A,CNAME KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0} SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU} volumes: - ./docker/kong.yml:/var/lib/kong/kong.yml.tpl:ro healthcheck: test: ['CMD', 'kong', 'health'] interval: 10s timeout: 5s retries: 5 # ===================================================== # Next.js App — localhost:3000 # ===================================================== app: build: context: . dockerfile: Dockerfile args: # NEXT_PUBLIC_CI=true bypasses the HTTPS check during build NEXT_PUBLIC_CI: 'true' NEXT_PUBLIC_SITE_URL: http://localhost:3000 NEXT_PUBLIC_SUPABASE_URL: http://localhost:8000 NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0} NEXT_PUBLIC_DEFAULT_LOCALE: de NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: 'pk_test_51SMbesKttnWb7SsFOR7cJ1jshdEaZiHmCflWndgLtL3gx1Cu8N4p5qxSJY8PHmpEJL8gf4VrqqX2Fr7pxJtQILUS00yYQ7Tx8V' restart: unless-stopped ports: - '3000:3000' depends_on: supabase-kong: condition: service_healthy supabase-db-migrate: condition: service_completed_successfully environment: NODE_ENV: production NEXT_PUBLIC_CI: 'true' NEXT_PUBLIC_SITE_URL: http://localhost:3000 NEXT_PUBLIC_SUPABASE_URL: http://localhost:8000 NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0} NEXT_PUBLIC_DEFAULT_LOCALE: de # Server-side: internal Docker URL SUPABASE_INTERNAL_URL: http://supabase-kong:8000 SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU} SUPABASE_DB_WEBHOOK_SECRET: webhooksecret EMAIL_SENDER: noreply@localhost NEXT_PUBLIC_PRODUCT_NAME: MyEasyCMS NEXT_PUBLIC_ENABLE_THEME_TOGGLE: 'true' NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS: 'true' NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_CREATION: 'true' NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_BILLING: 'false' NEXT_PUBLIC_ENABLE_PERSONAL_ACCOUNT_BILLING: 'false' NEXT_PUBLIC_ENABLE_NOTIFICATIONS: 'true' # Stripe NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: 'pk_test_51SMbesKttnWb7SsFOR7cJ1jshdEaZiHmCflWndgLtL3gx1Cu8N4p5qxSJY8PHmpEJL8gf4VrqqX2Fr7pxJtQILUS00yYQ7Tx8V' STRIPE_SECRET_KEY: 'sk_test_51SMbesKttnWb7SsFTjCsPZMlxVe3WjrsDnpLDAQehVdzSoDaWMFmc3hiZOTp2IAKB1cleMPIOW9GmEJHEkhazJsq00FEfTr6BI' volumes: supabase-db-data: supabase-storage-data: supabase-inbucket-data: