matt
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
monacousa-portal/supabase/docker/kong.yml

197 lines
4.2 KiB
YAML
Raw Normal View History

Initial production deployment setup - Production docker-compose with nginx support - Nginx configuration for portal.monacousa.org - Deployment script with backup/restore - Gitea CI/CD workflow - Fix CountryFlag reactivity for dropdown flags Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 02:19:49 +01:00
_format_version: "2.1"
_transform: true
###
### Consumers / Users
###
consumers:
- username: ANON
keyauth_credentials:
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.b_lMH2mc5km7S9Lw_sRGGqE9IeiahYu-caevDcacKiY
- username: SERVICE_ROLE
keyauth_credentials:
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.kcyKZAiwnnBG9t6IVGO17bcVw574pVynTHYVdF4q-p0
###
### Access Control Lists
###
acls:
- consumer: ANON
group: anon
- consumer: SERVICE_ROLE
group: admin
###
### API Routes
###
services:
## Redirect /auth/verify to SvelteKit app for email links
- name: auth-verify-redirect
url: http://portal:3000/auth/verify
routes:
- name: auth-verify-redirect
strip_path: false
paths:
- /auth/verify
preserve_host: false
plugins:
- name: cors
## Auth Service (GoTrue)
- name: auth-v1-open
url: http://auth:9999/verify
routes:
- name: auth-v1-open
strip_path: true
paths:
- /auth/v1/verify
plugins:
- name: cors
- name: auth-v1-open-callback
url: http://auth:9999/callback
routes:
- name: auth-v1-open-callback
strip_path: true
paths:
- /auth/v1/callback
plugins:
- name: cors
- name: auth-v1-open-authorize
url: http://auth:9999/authorize
routes:
- name: auth-v1-open-authorize
strip_path: true
paths:
- /auth/v1/authorize
plugins:
- name: cors
- name: auth-v1
url: http://auth:9999/
routes:
- name: auth-v1
strip_path: true
paths:
- /auth/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
## REST Service (PostgREST)
- name: rest-v1
url: http://rest:3000/
routes:
- name: rest-v1
strip_path: true
paths:
- /rest/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
## Realtime Service
- name: realtime-v1-ws
url: http://realtime:4000/socket
routes:
- name: realtime-v1-ws
strip_path: true
paths:
- /realtime/v1/websocket
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: realtime-v1
url: http://realtime:4000/
routes:
- name: realtime-v1
strip_path: true
paths:
- /realtime/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
## Storage Service - Public objects (no auth required)
- name: storage-v1-public
url: http://storage:5000/object/public
routes:
- name: storage-v1-public
strip_path: true
paths:
- /storage/v1/object/public
plugins:
- name: cors
## Storage Service - All other operations (auth required)
- name: storage-v1
url: http://storage:5000/
routes:
- name: storage-v1
strip_path: true
paths:
- /storage/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
## PostgreSQL Meta (for Studio)
- name: meta
url: http://meta:8080/
routes:
- name: meta
strip_path: true
paths:
- /pg/
plugins:
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin