SupabaseS
Supabase12mo ago
Jordan (UNCVRD)

Run Supabase Start from DOCKER_HOST that supports TLS?

Hi there - I use Docker Compose to run some other non-supabase services and was hoping to do the following

  1. Run a Docker-in-Docker container (this is where my supabase containers would run)
  2. Run a separate Docker:CLI container that would run supabase start and trigger the supabase containers to be run in the above DinD instance. I do not want to run these on my host machine, I want them to run in DinD.
The issue is that Docker-in-Docker runs with TLS by default, and heavily states that disabling TLS will be deprecated in the future, therefore i must connect via tcp://docker:2376 and use the TLS certs generated by Docker-in-Docker

If I run my Docker CLI container and mount the certs in the /certs directory

I can do the following in my Docker CLI container shell

DOCKER_HOST=tcp://docker:2376 DOCKER_TLS_CERTDIR=/certs DOCKER_TLS_VERIFY=1 DOCKER_TLS_CERTDIR=/certs docker ps

and I can connect to my docker daemon in my Docker-in-Docker container! Nice...so I thought if I did the same with supabase start it would connect properly, since it uses the Docker Go client, however if I do

DOCKER_HOST=tcp://docker:2376 DOCKER_TLS_CERTDIR=/certs DOCKER_TLS_VERIFY=1 DOCKER_TLS_CERTDIR=/certs supabase start

I receive the following

failed to inspect service: Error response from daemon: Client sent an HTTP request to an HTTPS server.

Which means it's picking up my DOCKER_HOST but not using my TLS certs :/

If I disable TLS from Docker-in-Docker and use the tcp://docker:2375 port as DOCKER_HOST i can run supabase start from my other container successfully so I know i can communicate, but I really just want to use TLS since Docker is so clear about deprecating this ability.

Anyone have ideas how I can get the Supabase CLI to pick up these environment variables?

Thanks a lot!
Was this page helpful?