How to Deploy Supabase to Hetzner, UpCloud & More

Supabase is the most popular open-source Backend-as-a-Service (BaaS) platform, which offers developers the freedom and control of self-hosting.

By combining the power of Supabase with the simplicity of RunCloud’s server management panel, you can deploy a scalable and private backend for your applications without vendor lock-in.

In this tutorial, we will guide you through every step of deploying a containerised Supabase instance on a server managed by RunCloud.

We will demonstrate how RunCloud’s flexibility enables you to run complex Docker applications with ease, providing you with full control over your infrastructure.

Let’s get started!

How To Self-Host Supabase on RunCloud 

Before we begin, ensure you have the following three prerequisites in place. This guide assumes you have already completed these initial steps.

1. A RunCloud Account: You can sign up for a free or paid plan on the RunCloud website.
2. A Cloud Server Provider: You’ll need an account with a cloud provider like Hetzner, DigitalOcean, Vultr, or AWS.
3. Basic SSH Knowledge: You will need to connect to your server via SSH. We highly recommend setting up an SSH key for secure access. RunCloud’s documentation provides a clear guide on how to manage SSH keys.

Step 1: Choosing and Provisioning the Right Server

Supabase offers a comprehensive suite of tools, including a PostgreSQL database, authentication services, storage, and more. These services are resource-intensive. To ensure a smooth experience, you’ll need to provision a server with adequate resources.

For this tutorial, we recommend a server with at least 8GB of RAM and four vCPUs. This provides sufficient headroom for all backend services to run smoothly. Depending on your specific use case and expected traffic, you may need to scale this up or down.

If you want to learn more about this process, read our dedicated guides, which cover the process of connecting a new server in great detail:

• How to Manually Connect a VPS from Any Cloud Provider or an On-Premise Server 
• Connecting To Cloud Providers Via API

Regardless of what server size you pick, your RunCloud subscription provides you with the ability to create an unlimited number of web applications.

This flexibility allows you to deploy as many applications on your server as its hardware resources can physically handle, making it an extremely cost-effective solution for developers and agencies managing multiple projects.

Step 2: Creating a Web Application in RunCloud

Next, we need to create a “container” or placeholder within RunCloud for our Supabase installation. This web application will define the directory structure and the domain that will point to our Supabase instance.

1. From your RunCloud dashboard, navigate to your server and click on Web Applications.
2. Click Add Web Application.
3. Choose the Empty Web App option. This is important because we will be deploying a custom Docker setup, not a standard PHP application.
4. Fill in the Web App Details:
   • Web Application Name: Give it a descriptive name, such as ‘app-supabase’.
   • Web Application Owner: You can use the default system user.
   • Domain Name: It’s highly recommended to use a real domain or subdomain (e.g., supabase.yourdomain.com). This will make accessing your instance much easier. For guidance on pointing your domain, please consult your domain provider’s documentation and the RunCloud DNS settings guide.

5. Select the Web Application Stack: Select Native NGINX + Custom config. This stack gives us the raw power to configure NGINX as a reverse proxy later, which is essential for routing traffic to our Docker containers.
6. Deploy the Application: After configuring the basic settings, you can deploy the application on your server by clicking “Deploy”. 
7. Note down the Project Root: After the application is created, take note of the Web Root Path, which is displayed on the dashboard. This will be something like /home/runcloud/webapps/app-supabase. You will need this exact path in a later step.

Step 3: Connecting to Your Server via SSH

After creating your web application, we will begin the process of installing Supabase on the server. For this, we need to run several commands directly on the server. You’ll need to SSH into your server using the SSH credentials provided by your cloud provider.

For enhanced security and convenience, we recommend adding your public SSH key to RunCloud Vault. This allows you to log in without typing a password, and is more secure.

Once your key is added to the RunCloud vault, open your terminal and run the following command to connect to the server via SSH: 

ssh-i ~/.ssh/your_private_key runcloud@<YOUR_SERVER_IP>

After successful login, you’ll see a welcome message from RunCloud:

Step 4: Cloning and Preparing the Supabase Docker Files

Now that you’re inside the server, it’s time to download the official Supabase Docker configuration and move it into the web application directory we created. Run the following commands one by one:

Navigate to a temporary directory. This is a safe place to clone the repository before moving the files.

cd /tmp

Clone the official Supabase repository. The –depth 1 flag performs a shallow clone, downloading only the latest version to save time and space.

git clone --depth 1 https://github.com/supabase/supabase

Copy the Docker files to the root of your project. Replace <runcloud project root> with the actual path you noted in Step 2.

cp -rf supabase/docker/* <runcloud project root> 

Copy the example environment file. This file contains all the configuration variables Supabase needs. We will edit this in the next step.

cp supabase/docker/.env.example <runcloud project root>/.env

Step 5: Configuring Your Supabase Environment

After copying the files, you need to configure your environment. The .env file you just created contains default, insecure passwords and secret keys. You must change these before launching your Supabase installation.

Navigate to your project root directory: 

cd <runcloud project root>

Open the file for editing using nano: If you are not comfortable with nano, you can use any other text editor that you like, or read our blog post on How to Edit Files on Remote Servers with SSH and Nano 

nano .env

Update Passwords and Secret Keys: After opening the file, carefully review its contents. At a minimum, you must change the following values to strong, randomly generated strings. You can use an online password generator for this.

1. POSTGRES_PASSWORD: This is the password for the superuser account in your PostgreSQL database. Change this to a very long, complex, and unique password.
2. JWT_SECRET: This secret is used to sign JSON Web Tokens (JWTs) for user authentication and authorisation. Update this with a long, randomly generated token, ideally 32 characters or more.
3. ANON_KEY and SERVICE_ROLE_KEY: These JWTs are used for the anon (public) and service_role (admin/backend) users, respectively. While they are full tokens, the underlying signing secret (JWT_SECRET) is the primary vulnerability if unchanged. While changing the JWT_SECRET effectively invalidates the default keys, it is best practice to generate new, unique keys for both the ANON_KEY and SERVICE_ROLE_KEY after updating the JWT_SECRET.
4. DASHBOARD_USERNAME and DASHBOARD_PASSWORD: These credentials control access to the Supabase management dashboard. Change both the default username and the default password to strong, unique values.
5. SECRET_KEY_BASE: This is a cryptographic key used for various internal security features within the application framework (often related to cookie signing or encryption). Replace the current value with a long, random, and unique cryptographic key.
6. VAULT_ENC_KEY and PG_META_CRYPTO_KEY: These are encryption keys used for encrypting secrets and other sensitive data stored within the database vault and the metadata store. Update both keys with unique, randomly generated encryption keys that are at least 32 characters long.

The file also contains optional settings for sending emails, analytics, and logging. You can leave these blank for now unless you plan to use those services. After you have made the necessary changes, press Ctrl+X, then Y, and then Enter to save your changes in nano.

Step 6: Launching the Supabase Services with Docker

Once you have updated your .env file, you are now ready to launch your Supabase instance. This process is very simple, and it requires you to run just two commands:

Pull the latest Docker images

This command downloads all the necessary container images for each Supabase service (database, auth, storage, etc.). This may take several minutes, depending on your server’s network speed.

docker compose pull 

Start Supabase Services in detached mode

The ‘up’ command starts the containers, and the ‘-d’ flag runs them in the background, so they continue to run after you log out of your SSH session.

docker compose up -d

You will see output indicating that all the services have started successfully.

Your Supabase instance is now running inside Docker on your server! However, it’s not yet accessible from the internet. For that, we need to set up a reverse proxy.

Step 7: Configuring an NGINX Reverse Proxy

The Supabase stack listens for traffic internally on port 8000. We need to tell NGINX to take all incoming web traffic (on ports 80 and 443) for your domain and forward it to this internal port. This is a classic reverse proxy setup, and RunCloud makes it very simple.

1. Go back to your RunCloud dashboard and navigate to your app-supabase web application.
2. Go to the NGINX Config section and click Create NGINX Config.
3. From the “Predefined Config” dropdown, select “Proxy – Effortlessly turn NGINX…”

4. Delete all the default content in the text editor and paste the following configuration into the editor:

proxy_pass http://host:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; 

5. Click “Save Config” to apply the new configuration.

Step 8: Access Your Supabase Dashboard

Your self-hosted Supabase instance is fully deployed and accessible on the internet. You can now open your web browser and navigate to the domain you configured in Step 2 (e.g., https://supabase.yourdomain.com). When you visit this site, you should see the Supabase Studio login screen.

Enter the credentials you configured in the .env file from the previous step, and you will be logged in to your own Supabase dashboard, ready to create tables, manage users, and build your next great application.

Final Thoughts & Your Next Steps

Congratulations on taking control of your backend by deploying a fully self-hosted Supabase instance! This tutorial shows more than just how to deploy Supabase; it showcases the true power and flexibility of RunCloud as a central hub for all your server management needs. 

But your journey with RunCloud doesn’t have to end here. The same platform that now runs your complex Dockerized Supabase application is perfectly equipped to manage all your other projects.

Whether you’re running a high-traffic WordPress site, a modern Laravel application, a content-rich Ghost CMS, an n8n instance for your automation workloads, or even a private cloud with Nextcloud, RunCloud provides the tools to manage it all effortlessly.

If you are a developer who needs a professional workflow, RunCloud provides features such as Git integration for atomic deployments, creating a smooth CI/CD pipeline directly from your repository.

Perhaps one of the most compelling advantages of using RunCloud is its predictable, resource-independent pricing model. RunCloud does not charge you based on your server’s specifications or resource consumption. Whether you choose a small 2GB RAM server or a powerful 64GB machine to run your Supabase instance, your RunCloud subscription cost remains the same, offering predictable expenses as you grow.

Sign up for RunCloud today.

Frequently Asked Questions About Self-Hosting Supabase with RunCloud