diff --git a/apps/docs/content/guides/self-hosting.mdx b/apps/docs/content/guides/self-hosting.mdx
index 2fa8b7300f84d..60d129837edeb 100644
--- a/apps/docs/content/guides/self-hosting.mdx
+++ b/apps/docs/content/guides/self-hosting.mdx
@@ -1,34 +1,26 @@
---
title: 'Self-Hosting'
description: 'Host Supabase on your own infrastructure.'
-subtitle: 'Install and run your own Supabase.'
+subtitle: 'Install and run your own Supabase on your computer, server, or cloud infrastructure.'
hideToc: true
---
-Self-hosted Supabase lets you run the entire Supabase stack on your own computer, server, or cloud infrastructure.
+## Get started
-This is different from:
-
-- **Supabase CLI / Local Development**: A lightweight [local environment](/docs/guides/local-development) for development and testing only.
-- **Managed Supabase** platform: If you want to try managed Supabase for free, visit [supabase.com/dashboard](/dashboard).
-
-Self-hosting is a good fit if you need full control over your data, have compliance requirements that prevent using managed services, or want to run Supabase in an isolated environment.
-
-## No telemetry
-
-Self-hosted Supabase does not phone home or collect any telemetry.
-
-## Enterprise
-
-If you're an enterprise using self-hosted Supabase, we'd love to hear from you. Reach out to our [Growth Team](https://forms.supabase.com/enterprise) to discuss your use case, share feedback, or explore design partnership opportunities.
-
-## Officially supported
+The fastest and recommended way to self-host Supabase is using Docker.
-
+
-
-
+
+ Docker
+ Official
+
+ }
+ showIconBg={true}
+ >
Deploy Supabase within your own infrastructure using Docker Compose.
@@ -36,10 +28,10 @@ If you're an enterprise using self-hosted Supabase, we'd love to hear from you.
-## Community supported
+## Other deployment options
{/* supa-mdx-lint-disable-next-line Rule004ExcludeWords */}
-There are several community-driven projects to help you deploy Supabase. These projects may be outdated and are seeking active maintainers. If you're interested in maintaining one of these projects, [contact the community team](/open-source/contributing/supasquad).
+There are several other ways to deploy Supabase with the help of community-driven projects. These projects may be outdated and are seeking active maintainers. If you're interested in maintaining one of these projects, [contact the Community team](/open-source/contributing/supasquad).
{community.map((x) => (
@@ -49,9 +41,7 @@ There are several community-driven projects to help you deploy Supabase. These p
title={
{x.name}
-
- Maintainer needed
-
+ Maintainer needed
}
>
@@ -59,7 +49,9 @@ There are several community-driven projects to help you deploy Supabase. These p
- ))}
+
+))}
+
export const community = [
@@ -75,7 +67,22 @@ export const community = [
},
]
-## Responsibility model
+## About self-hosting
+
+Self-hosting is a good fit if you need full control over your data, have compliance requirements that prevent using managed services, or want to run Supabase in an isolated environment.
+
+### How self-hosted Supabase differs
+
+Self-hosted Supabase is different from:
+
+- **Supabase CLI** (local development), which is intended for development and testing only.
+- **Managed Supabase** platform, which is fully hosted and operated by Supabase.
+
+### Telemetry
+
+Self-hosted Supabase does not phone home or collect any telemetry.
+
+### Your responsibilities when self-hosting
When you self-host, **you are responsible for**:
@@ -85,14 +92,16 @@ When you self-host, **you are responsible for**:
- Backups and disaster recovery
- Monitoring and uptime
-## Support and troubleshooting
+## Support and community
+
+Self-hosted Supabase is community-supported.
-For resolving common issues, see:
+For resolving common issues:
- [GitHub Discussions](https://github.com/orgs/supabase/discussions?discussions_q=is%3Aopen+label%3Aself-hosted) - Questions, feature requests, and workarounds
- [GitHub Issues](https://github.com/supabase/supabase/issues?q=is%3Aissue%20state%3Aopen%20label%3Aself-hosted) - Known issues
-Self-hosted Supabase is community-supported. Get help and connect with other users:
+Get help and connect with other users:
- [Discord](https://discord.supabase.com) - Real-time chat and community support
{/* supa-mdx-lint-disable-next-line Rule003Spelling */}
@@ -101,3 +110,7 @@ Self-hosted Supabase is community-supported. Get help and connect with other use
Share your self-hosting experience:
- [GitHub Discussions](https://github.com/orgs/supabase/discussions/39820) - "Self-hosting: What's working (and what's not)?"
+
+### Enterprise self-hosting
+
+If you're an enterprise using self-hosted Supabase, we'd love to hear from you. Reach out to our [Growth Team](https://forms.supabase.com/enterprise) to discuss your use case, share feedback, or explore design partnership opportunities.
diff --git a/apps/docs/content/guides/self-hosting/docker.mdx b/apps/docs/content/guides/self-hosting/docker.mdx
index 569c576ad1af9..b23c80d637451 100644
--- a/apps/docs/content/guides/self-hosting/docker.mdx
+++ b/apps/docs/content/guides/self-hosting/docker.mdx
@@ -133,13 +133,25 @@ While we provided example placeholder passwords and keys in the `.env.example` f
- Follow all of the steps in this section to ensure you have a secure setup, and only then start all services.
+ Review the configuration options below and ensure you set all secrets before starting the services.
+### Quick setup (experimental)
+
+To generate and apply all secrets at once you can run:
+
+```sh
+sh ./utils/generate-keys.sh
+```
+
+The script is experimental, so review the output before proceeding and also check `.env` after it's updated by the script.
+
+Alternatively, configure all secrets manually as follows.
+
### Configure database password
-Change the placeholder password in the `.env` file **before** starting your Supabase for the first time.
+Change the placeholder password in the `.env` file **before** starting Supabase for the first time.
- `POSTGRES_PASSWORD`: the password for the `postgres` and `supabase_admin` database roles
@@ -264,7 +276,9 @@ psql 'postgres://postgres.[POOLER_TENANT_ID]:[POSTGRES_PASSWORD]@[your-domain]:6
When using `psql` with command-line parameters instead of a connection string to connect to Supavisor, the `-U` parameter should also be `postgres.[POOLER_TENANT_ID]`, and not just `postgres`.
-If for some reason you need to configure Postgres to be directly accessible from the Internet, read [Exposing your Postgres database](#exposing-your-postgres-database) below.
+If you need to configure Postgres to be directly accessible from the Internet, read [Exposing your Postgres database](#exposing-your-postgres-database).
+
+To change the database password, read [Changing database password](#changing-database-password).
### Accessing Edge Functions
@@ -479,6 +493,16 @@ After restarting, you can connect to the database directly using a standard Post
postgres://postgres:[POSTGRES_PASSWORD]@[your-server-ip]:5432/[POSTGRES_DB]
```
+### Changing database password
+
+To change the database password after initial setup, run:
+
+```sh
+sh ./utils/db-passwd.sh
+```
+
+The script generates a new password, updates all database roles, and modifies your `.env` file. After running it, restart the services with `docker compose up -d --force-recreate`.
+
#### File storage backend on macOS
By default, Storage backend is set to `file`, which is to use local files as the storage backend. For macOS compatibility, you need to choose `VirtioFS` as the Docker container file sharing implementation (in Docker Desktop -> Preferences -> General).
diff --git a/apps/docs/content/guides/telemetry/metrics/grafana-cloud.mdx b/apps/docs/content/guides/telemetry/metrics/grafana-cloud.mdx
index 275fedf70a60f..7441f959c61ee 100644
--- a/apps/docs/content/guides/telemetry/metrics/grafana-cloud.mdx
+++ b/apps/docs/content/guides/telemetry/metrics/grafana-cloud.mdx
@@ -59,5 +59,3 @@ The [`docs/example-alerts.md`](https://github.com/supabase/supabase-grafana/blob
- Metrics missing? Ensure the Grafana Cloud agent can reach `https://.supabase.co` and that the selected service role key is still valid.
- 401 errors? Rotate the service role key from the [API settings page](/dashboard/project/_/settings/api-keys) and update the Grafana Cloud credentials.
- Long scrape durations? Reduce label cardinality in your Grafana queries or lower the time range to focus on recent data.
-
-[← Back to the Metrics API landing](/guides/telemetry/metrics)
diff --git a/apps/docs/content/guides/telemetry/metrics/grafana-self-hosted.mdx b/apps/docs/content/guides/telemetry/metrics/grafana-self-hosted.mdx
index ba6c02670ef34..fea8055e4e9bd 100644
--- a/apps/docs/content/guides/telemetry/metrics/grafana-self-hosted.mdx
+++ b/apps/docs/content/guides/telemetry/metrics/grafana-self-hosted.mdx
@@ -80,5 +80,3 @@ You now have over 200 production-ready panels covering CPU, IO, WAL, replication
- **Multiple projects:** add one scrape job per project ref so you can separate metrics and labels cleanly.
- **Right-sizing guidance:** pair the dashboards with Supabase’s [Query Performance report](/dashboard/project/_/observability/query-performance) and [Advisors](/dashboard/project/_/observability/database) to decide when to optimize vs upgrade.
- **Security:** rotate the service role key on a regular cadence and update the Prometheus config accordingly.
-
-[← Back to the Metrics API landing](/guides/telemetry/metrics)
diff --git a/apps/docs/content/guides/telemetry/metrics/vendor-agnostic.mdx b/apps/docs/content/guides/telemetry/metrics/vendor-agnostic.mdx
index 0b766eb3ea303..611009bab8a7d 100644
--- a/apps/docs/content/guides/telemetry/metrics/vendor-agnostic.mdx
+++ b/apps/docs/content/guides/telemetry/metrics/vendor-agnostic.mdx
@@ -68,5 +68,3 @@ No matter which collector you use, you need to hit the Metrics API once per minu
- Create one scrape job per project ref so you can control sampling individually.
- If you run many projects, consider templating the scrape jobs via Helm, Terraform, or the Grafana Agent Operator.
- Use label joins (`project`, `instance_class`, `org`) to aggregate across tenants or environments.
-
-[← Back to the Metrics API landing](/guides/telemetry/metrics)
diff --git a/apps/docs/features/docs/MdxBase.shared.tsx b/apps/docs/features/docs/MdxBase.shared.tsx
index 41a168c4a22dc..06af05a873ead 100644
--- a/apps/docs/features/docs/MdxBase.shared.tsx
+++ b/apps/docs/features/docs/MdxBase.shared.tsx
@@ -1,6 +1,6 @@
import { ArrowDown, Check, X } from 'lucide-react'
import Link from 'next/link'
-import { Button, Image } from 'ui'
+import { Badge, Button, Image } from 'ui'
import { Admonition, type AdmonitionProps } from 'ui-patterns/admonition'
import { GlassPanel } from 'ui-patterns/GlassPanel'
import { IconPanel } from 'ui-patterns/IconPanel'
@@ -45,6 +45,7 @@ const components = {
AuthSmsProviderConfig,
AppleSecretGenerator,
AuthProviders,
+ Badge,
Button,
ButtonCard,
CodeSampleDummy,
diff --git a/apps/docs/public/img/icons/docker-light.svg b/apps/docs/public/img/icons/docker-light.svg
new file mode 100644
index 0000000000000..6c0e9855ecafe
--- /dev/null
+++ b/apps/docs/public/img/icons/docker-light.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/apps/docs/public/img/icons/docker.svg b/apps/docs/public/img/icons/docker.svg
new file mode 100644
index 0000000000000..6db89f6e4950c
--- /dev/null
+++ b/apps/docs/public/img/icons/docker.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/apps/docs/spec/supabase_js_v2.yml b/apps/docs/spec/supabase_js_v2.yml
index a9d555fd73d36..0f6c779e78750 100644
--- a/apps/docs/spec/supabase_js_v2.yml
+++ b/apps/docs/spec/supabase_js_v2.yml
@@ -1235,7 +1235,7 @@ functions:
3. `invite` – Used when verifying an OTP sent as part of an invitation to join a project or organization.
4. `email_change` – Used when verifying an OTP sent to a new email address during an email update process.
- The verification type used should be determined based on the corresponding auth method called before `verifyOtp` to sign up / sign-in a user.
- - The `TokenHash` is contained in the [email templates](/docs/guides/auth/auth-email-templates) and can be used to sign in. You may wish to use the hash with Magic Links for the PKCE flow for Server Side Auth. See [this guide](/docs/guides/auth/server-side/email-based-auth-with-pkce-flow-for-ssr) for more details.
+ - The `TokenHash` is contained in the [email templates](/docs/guides/auth/auth-email-templates) and can be used to sign in. You may wish to use the hash for the PKCE flow for Server Side Auth. Read [the Password-based Auth guide](/docs/guides/auth/passwords) for more details.
examples:
- id: verify-signup-one-time-password(otp)
name: Verify Signup One-Time Password (OTP)
diff --git a/apps/docs/spec/supabase_py_v2.yml b/apps/docs/spec/supabase_py_v2.yml
index 8574841e20a48..40fcb7374fcab 100644
--- a/apps/docs/spec/supabase_py_v2.yml
+++ b/apps/docs/spec/supabase_py_v2.yml
@@ -1059,7 +1059,7 @@ functions:
notes: |
- The `verify_otp` method takes in different verification types. If a phone number is used, the type can either be `sms` or `phone_change`. If an email address is used, the type can be one of the following: `email`, `recovery`, `invite` or `email_change` (`signup` and `magiclink` types are deprecated).
- The verification type used should be determined based on the corresponding auth method called before `verify_otp` to sign up / sign-in a user.
- - The `TokenHash` is contained in the [email templates](/docs/guides/auth/auth-email-templates) and can be used to sign in. You may wish to use the hash with Magic Links for the PKCE flow for Server Side Auth. See [this guide](/docs/guides/auth/server-side/email-based-auth-with-pkce-flow-for-ssr) for more details.
+ - The `TokenHash` is contained in the [email templates](/docs/guides/auth/auth-email-templates) and can be used to sign in. You may wish to use the hash for the PKCE flow for Server Side Auth. Read [the Password-based Auth guide](/docs/guides/auth/passwords) for more details.
examples:
- id: verify-signup-one-time-password(otp)
name: Verify Signup One-Time Password (OTP)
diff --git a/apps/www/lib/redirects.js b/apps/www/lib/redirects.js
index 1446e3a148022..9b46543e1c64e 100644
--- a/apps/www/lib/redirects.js
+++ b/apps/www/lib/redirects.js
@@ -2649,12 +2649,12 @@ module.exports = [
{
permanent: true,
source: '/docs/guides/auth/server-side/email-based-auth-with-pkce-flow-for-ssr',
- destination: '/docs/guides/auth/server-side',
+ destination: '/docs/guides/auth/passwords',
},
{
permanent: true,
source: '/docs/guides/auth/server-side/oauth-with-pkce-flow-for-ssr',
- destination: '/docs/guides/auth/server-side',
+ destination: '/docs/guides/auth/passwords',
},
{
permanent: true,