Complete Guide ⚡️ Supabase Self-Hosted ➕ Custom S3 ➕ Authelia

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

whoo I did it so you don't have to I created a full-fledged Super Bass self-hosting guide and it was work yeah definitely it was a lot of work so yeah oh and by the way I'm going to write a Super Bass Book and that's going to be published somewhere beginning next year probably just so you know oh what this video is about real self-hosting of Super Bass I'll not only show you how to deploy this but actually how to get rid of the insecure setup that you get with the default Docker compose and also I'll show you how to connect a cell posted as free storage if you want that sounds good well let's go [Music] if you want to have your own as free server basically we will do that now like if you don't need that or if you don't want that you can just skip that part of setting up a custom S3 server um you can also just use Amazon or whatever but I'll show you how it's done with Min IO so I'll actually just use hexner to quickly spin up a Docker server I'll choose the smallest one if you have any hosting provider that even provides smaller ones I mean two gigs of RAM is quite a lot so yeah all right create the server now the server spins up and then we need the IP and we also need the password that is being sent to me via email it's that one here and it tells me that I can use this IP and log in with this password and now we make a login to that IP SSH root at IP now it will ask me for the password which is the one I got sent and now I quickly need to change the password because it wants me to do so and now I'm inside of the server now on that server what you want to do is first check if Docker is actually installed so we'll just do Docker version and it tells us the current version all right that's good so since we are using Docker 23 that also means that we have the new Docker compose so we don't need to install it all right and now what you want to do is you want to create your Docker compose file for creating yourself fasted as free so I'll go open up the editor Nano and go like dockercompose.yaml and now I'll copy paste something which I will explain you'll also find this to be copy pasted from the link in the description so what is the docker compose basically we are defining two Services here the Min IO service and the engine X service which will be our proxy to minio you don't really have to think too much about this like the only thing that's important is that the ports are being opened here you don't really have to think about the volumes that's just like the volumes are going to be created next to that Docker compose file the only thing that you really want to change very much so is this one like you need to adapt your root user to whatever you want it to be your root password as well and also you want to change this URL which is basically going to be your S3 API so in my case I want it to be S3 DOT active no.te okay now you can save that with Ctrl s and you can exit with Ctrl X and that's really it for the darker side so the only thing you have to do now is Docker compose up minus d and then you just wait until that's done that's fast forward when that's done you can check the status with Docker PS and you will see that two containers are running now what you want to do is you want to copy your server IP and then you want to visit that in the browser with Port 81 not 80. you will be facing that and nginx proxy manager login and that one doesn't have the credentials from Min IO which we just provided but it has standard credentials so it's admin at example.com and the password is change me and when you log in it will ask you to change that so I'll just use my email and I change the password and then you're good to go and now you're basically inside of the server proxy manager so what you want to do now is making your S3 which is already running accessible because right now you cannot access it because it's hidden away in the darker Network which is good like before we do anything else you want to get rid of how we currently access the proxy manager because that's unprotected so if you had a so-called man in the middle attack someone could steal your password and that's what we don't want so go to proxyhost add proxyhost then use whatever domain you have and map it to that IP I have the domain my proxy.active node.de pointing to this IP and now important you just give it one two 7.0.0.1 which is itself and itself in this case since we are accessing Port 81 is on Port 81. now you can activate block common exploits you go to SSL say request new certificate Force SSL HTTP 2 hsts and then just agree to Let's encrypt and save it and now that's done and you can move away from the insecure access to your secure access same thing different domain and https so let's log back in now you want to make sure that your storage is accessible so you add a proxy host remember what we had in the docker compose file it said s3.active node.d so we'll use that one as free Dot activenode.de activate websockets simply because it's helpful for the headers it sets now the host name is your Docker container name which is Min IO and the port is you can't know by the docker compose file but it's 9000. that is what Min IO internally exposes now also here you want to request new SSL certificate and now one more thing to do in the advanced tab is you want to put a few settings here just to make sure that things are not blocking our way again you'll find the settings in the description so you can just copy paste them from there then alright save it and now there's one thing that is very important which is when you open that one it says unable to connect which is fine really it is I don't want to go into detail into that but that's fine for our use case just fine no security issues there now you have your S3 API but you also want to have access to the S3 dashboard that means you need another proxy host so we'll go as freedash.active node you can block common exploits and add websocket support you again want to route to minio but this time not on Port 9000 but on Port 1990 you want a SSL certificate you save that and now you can go to that dashboard you enter your user and your password and you're in the first thing you want to do is create a test bucket then you go to object browser go to test go to upload upload file and then choose upload whatever you want now that should work properly so yeah cool right now this isn't our goal we don't want to upload things there manually but like it works and in the settings section you want to add a server location for completeness sakes so I just chose Europe stealth so EU self and then just save it and click restart and also since we will be configuring Superbass to use our Super Bass bucket we want to create a bucket named Superbass now very important the next thing you want to do is go to access keys and create a new access key because this is going to be used by Super Bass so copy the access key also copy the secret key click create and it will show them again and then you're good to go and that's actually already it like there's not much more to do however what you maybe want to do now is taking this dashboard offline because as long as you don't want to upload files manually or create access Keys you can and you should disable this and now it's still running but it's not accessible cool right so your storage is ready let's jump to Super Bass so your storage is running now and FYI I just renamed that server that doesn't have any technical impact if you skip World War II this part of the video then welcome again and let's jump into Super Bass setup so let's create a new server again I'm going for Docker pre-installed I choose the smallest instance oh one node I'm using a hexner simply because it's cheap because you're not going to pay that full amount here like you actually pay per hour then you can just delete it so you're not definitely going to pay that full amount and that is really cool so there's the link in my description if you want to try it out all right so I'll click create and buy to create our Super Bass server I'll also rename it right away before we jump into setting up Super Bass there's one thing I need to mention and it is like in either case you should somehow enable backups which enhancer I can easily do here which I won't do for uh demoing now but I mean your database is running there so and you want that backed up you can do that manually or automate that but I mean you can do that but time is money and backups aren't that expensive in this case it's like 20 of your actual cost so yeah I would do that if I were you now we have the server set up and now we need to do quite a few things here so I got the password sent via email for that server here we go now I'm doing the same procedure of logging in and changing a password so I'll just fast forward so I'm locked in into that super bass server instance now the very first thing to do is cloning that git repository of Super Bass this can actually take a moment and that is why it's also important to use that minus minus step one because otherwise it's taking even longer next thing is you move to Super Bass Docker and in a directory you'll find a Docker compose file which you wanna copy to a backup file just so you have something to compare with there's also a hidden file and you want to copy that one as well it is nth dot example so you go amp.example and copy to end because the end file will be read by docker now we're going to configure stuff step by step so first you want to open up the docker compose file and then you go and search for where it says Kong as a service so you have all of those Services here studio and database and so on and so forth and here it says where is it here it says Kong and there's three lines which you actually want to remove and instead of removing we'll basically just comment it which is the same thing and the reason why you want to remove those is Kong is making sure that things are being routed within Super Bass properly but if you use those three lines Kong will be publicly accessible and we don't want that we want to secure it on our own so that's why we make Kong only accessible to Docker itself and that is by removing those three lines all right you can save that with Ctrl s and exit with Ctrl X if you use Nano and the next thing you want to do is edit volumes slash API slash Kong Dot yaml then you scroll down to the very end and here you'll find the Super Bass dashboard route and we don't want that route you want to remove that dashboard and the simple reason is we wanna route to the dashboard on our own and protect it then we don't want Kong tour out there because that like I don't want to go into detail but if Kong routes there and we have an API URL like the dashboard is going to be accessible at API URL slash and that's what we don't want so I'll just command it save it and close it now we go back to the docker compose file in the services part we want to add two additional Services the first one you already know if you've followed the S3 storage part you can find the configs to copy paste in the description link and the second service we want to add is to protect the super based dashboard the Super Bass Studio with more than the basic authentication but please note you don't need that like if you're fine with https and basic authentication which is fine then you don't need to have that additional service I'm just saying because it also comes with additional configuration which we do later at the end so just to run super bass you can also follow up without this but I'm going to add it because this is a full-fledged tutorial and it's called Ophelia now just a very quick primer we will use the 3DS fees later let you enable label authentication in the super index dashboard alright so we added two additional services to the Super Bass Docker compose file let's save that now the first thing we want to configure is your S3 storage if you don't have that you don't have to do anything because it will just work out of the box but if you have S3 storage then you go back to the docker compose file and you search for storage and then within storage you go to the environment variables and the first thing you want to change is file to S3 you can remove the file storage backend path you can change region to wherever your S3 bucket is and since I'm using itself hosted I'll just use a random thing like EU self like it really doesn't matter for my case it also doesn't have an impact like it has an impact if you're using AWS for real and then you just provide the region where your AWS S3 is but like with with with the thing I've shown it like it doesn't have an impact okay Global S3 bucket I'll just want to use super bass that's the name of the bucket now very important global S3 endpoint because this is going to be as read.active node the S3 instance I've just set up now also say that the global S3 protocol is going to be https you can also set the AWS default region for completeness sakes then for Min IO I saw that setting this is important for spap style I didn't look it up I can't tell you why it's on a Super Bass repository and now very important remember your access Keys you've created yeah you need them access kid it's your access key basically and now your secret and I hope I didn't forget anything and we'll just save it and exit now the next thing you should do is configure your important credentials I won't change those now simply because it's for demo purposes but you should change all of those four like you want to set a proper postgres password you want to create a jot secret it's called jot there's a one-line note script in the link in my description how to generate a random one and there's also a link how you can create the anonymous key and the service role key with that chart secret so that's covered the other thing you most likely want to change on production is the log flare API key but again for demo purposes I'm just gonna leave all of those Secrets as they are however there's a few things that we have to change and one of it is the API external URL and I want to use super DOT active node and that's going to be the URL with which you communicate also what you want to change but you can change that later as well is the page URL with which you're going to use Super Bass so say for example your app is on whatever.com then this is going to be like probably https whatever.com we'll just leave it with localhost 3000 here like this is just your primary you can also add multiple more by like domain 2.d and so on and so forth but don't forget the protocol to add error as well now the other thing you want to change is the Super Bass public URL that is going to be the link to your studio I'm gonna use superstudio.active node now what you can do as well in here is search for SMTP and then you'll find the setup like for example if you use prevo.com or mailjet or resend or postmark or whatever like anything that provides you with SMTP credentials or even your own email with SMTP you can provide it here but you don't have to and what I mean with that is in most production environments you will probably send custom emails anyway I'm personally not using the Super Bass SMTP functions anyway so yeah I'm not going to cover that but I mean it's kind of self-explanatory one last thing to add before we jump into the most exciting part let's go back to the docker compose and scroll to the database part in the database part you'll see a port which has the localhost IP in front of it if you want to connect to postgres later directly you simply remove that one and then it's going to be accessible with the password you've chosen on that Port yeah personally I don't want that so I'll just leave it as is awesome I hope I didn't forget anything now you could run Docker compose up but when there's so many images I'll like to pull them first once all the images are pulled I run Docker compose up minus D the minus D is important otherwise if you leave the process like it's going to shut down the containers again so minus d means detached all right even though the containers start pretty fast just give it a few moments to be set up properly now when everything's up and running the first thing you want to do is go to that IP on Port 81 you see your Super Bass proxy manager now you log in with admin at example.com and password is change me you have to change email and password then you go to the proxy host now we want to protect itself because currently we're accessing on the IP unprotected so we'll go Supa proxy DOT active no.de so use any domain which points to the server IP forward hostname to itself internally at Port 81 yeah block common exploits request a new certificate and agree to Let's encrypt save it and now you can access your proxy manager in a secure way the next thing you want to do is making this Super Bass API accessible in our configuration I have said this is super.active node and now very important it routes to Kong on Port 8000. you can surely activate block common exploits you should activate websocket support and in the SSL tab you request a new certificate and then you click save now when we open this Kong should respond that it doesn't find a route perfect but this message is good because it means that we're properly routing now the next thing is to set up the Super Bass dashboard I configured the subdomain super Studio DOT active node to point to the server and now we forward to hostname studio and Port 3000 activate websockets you can block the common exploits now you go to custom locations and you add the location slash storage and this one goes to Kong on Port 8000. this is very important because otherwise you wouldn't be able to use the storage in your Super Bass dashboard now you go to SSL you request a new certificate and you click save now if all goes well you should be able to access studio now and yeah that works but the problem is that it's not protected at all so we are routing properly but we don't have protection we'll protect it in a minute but first we want to check if everything works so table editor just add a new table yep that works can I also add a new column yep can I add a new row yeah works fine now very important does the storage work now let's test the storage my test bucket safe let's create a new folder test folder and try to upload a file here nice that worked and if you have set up your own S3 it should show up there now so you go to object browser Super Bass and there's your test bucket there's your test folder and there's the file I uploaded nice so you have super bass studio and Super Bass and it's running properly but Super Bass studio is not protected so the most basic thing you can do now is go to your proxy manager go to access list say add access list protect Studio you can use whatever name you want satisfy any this is important angle like admin admin and then save now you go to ask to your super Studio edit and go like protect Studio save now if I reload it asks me for admin admin so now you have a basic protection of your Super Bass studio so things just passed and you probably didn't even notice but the things are working like you have it you could stop right there but we want to do one last thing or at least I want to do it and as I said before you can skip it like if you're fine with that you can skip that that's just fine but personally I don't like the basic authentication it's not per se insecure but it doesn't support really like multi-factor authentication or whatnot and this is supported in theory by Ophelia and that is why I want to activate Ophelia so it's massively hard in here as you can see I'm in the roof um yeah but let's just finish this up please so so I don't want to explain Ophelia all too much but just imagine it as another proxy on top which checks if you're locked in or not and only then lets you in into Super Bass Studio foreign so first I want to show you what we have so there's the Ophelia directory and if we go into it we'll see that there's config we'll go into that and then there's a configuration file now since the configuration file is quite big even for an initial setup I don't want to go too much into detail like you can find all of the configuration stuff on the affiliate documentation but we'll make a copy of that one then we delete the original and we'll create a new empty one now what I will do is I will copy the Ophelia configuration file that I provided to you in the link in the description however we're going to talk about the stuff that you will have to customize alright copy paste it so first things first again you already know that from Super Bass you want a chart secret but don't use the same one as for Super Bass Just generate a new job secret this is going to be the one that our failure uses for your authentication into your dashboard now the redirection URL might seem silly but actually that's quite okay that's just where you're redirected to when you basically don't provide valid stuff let's move on now I added the configuration for that time-based one-time password even though in this sample we don't use it but you have to adapt your root domain to be the issuer in my case that's active node all right now authentication backend is going to be a simple yaml file that's quite alright now when you come to the access control part this is very important here you want to do something like off.yourdomain.com in my case I'm choosing my off DOT active node so this is where Ophelia lives and since or feel yourself like the portal shouldn't be protected we use policy bypass now you want to protect your Super Bass Studio and since the domain that I'm using is super Studio DOT active node I want to have a one factor so username password authentication now you move on to the session also provide your root domain here and finally move on to where it says storage and you can change the encryption key for the storage here but I'll just leave it as is then I'll save it and exit base configuration done for the configuration to be active I want to say stop the off video container and now start it again all right now having that restarted it hopefully has created some more files yes now you also have the users database file let's open it so this one is a user definition which has username of philia and the password which is the argon2 hash password and the password is also just Ophelia so if you want to change that you have to edit that file or if you want to add new users and you can add them to groups but as I said we don't want to go into detail so you definitely want to change the password and probably the username but I won't do it I just wanted to show you where you can do it so I'll close it again now there's three more copy paste things you have to do and this is for engine X to work properly so you go to directories upwards back to Super Bass Docker check your directories and you have engine X Snippets there so let's go in there check what's there nothing and we want to add three things in here first of filia location.com also this one you can copy paste from the link and that one actually works out of the box so nothing to change here save it exit now the next file is opheliaoffrequest.com paste it and there's one thing you want to adapt and that's the domain here it should point to your off domain so your off portal domain in my case my minus off yeah that should be fine save it exit now there's the last one that's proxy.com I also added some more information about that one in the blog post and I definitely recommend you read it but for now we'll just copy paste and it should be running fine save it and exit Okay that was basically just copy paste work now you go to your Super Bass proxy manager we want to set up the off portal so in that case that's my off active node the host name is Ophelia and the port is 1991. you can surely go block common exploits and for the sake of proper forwarding we want to add websocket support go to SSL request new certificate and check all the boxes and before you click save you go to the advanced Tab and now you copy this location slash and include the proxy cons that we created and which is being mounted in a container you'll find this snippet as well in the link save it and if all goes well we can access the off portal perfect and now if you have it you can click it and it should show a test login window so you can try Ophelia and Ophelia in my case and yeah since it doesn't know where to go it just adds me to Google that's fine awesome so off portal seems to work now how do we get Super Bass Studio to be protected by Ophelia let's go edit remove the basic off because we want to have it protected by Ophelia instead of basic off so go publicly accessible then in the custom locations there is slash storage routing to Kong instead of Studio now this is going to be important in a minute but let's move to the advanced tab in that one you paste the following snippet which loads the Ophelia location conf and the proxycomp as well as the off request con but since we have to Route slash storage to a different place we can do so by simply adding another location but that one shouldn't go to Studio but instead to Kong 8000. that's it save that now it says command failed because like the location is doubled for sure because we still have it in here and now it's getting confused so remove it here save it go to super Studio and now it looks like there is no protection but I've already logged in remember so let's move to a private window now open up Super Bass studio now you get the login window and we'll provide Ophelia and Ophelia and just to make sure we want to check if we can upload a file yep works okay so we're nearly done and I think I've lost like three liters of Border within that process because it's so freaking hot in here now you basically have it on but there's one last thing which you probably want to know very much so yeah what if things change because as you can see here there's no settings page like in the Super Bass as a service version say for example you want to change your site URL like uh or want to add additional redirection URLs then really the only thing you would do is you would go to the end file or if you want to adapt stuff in your Docker compose file wherever the configuration is that you want to change let's just choose the end file and then like go to the site URL then you would adapt that save that exit and you would simply run Docker compose up and it should recreate the services that are bound to be changed but if that doesn't work then you can just do Docker compose down and Docker compose up again you can also just do what we did before like Docker compose stop Ophelia and then like Docker compose up and then of video which should work the same way you know what I thought this is going to be an easy thing okay there's just a darker combos file I have to adapt it a little bit and I'm there but in fact I spent like I think in total like 30 to 45 hours only preparing that video like and writing that down and all of that stuff and trying it out and figuring out why the S3 wouldn't work and stuff like that so I hope you can appreciate it um it's actually helpful for whenever I want to sell post again so I can come back to it and yeah put your questions in the comments if you have any um I hope you like it and I'll see you next time cheers

Info

Channel: activenode

Views: 21,545

Rating: undefined out of 5

Keywords:

Id: wyUr_U6Cma4

Channel Id: undefined

Length: 35min 55sec (2155 seconds)

Published: Fri Aug 25 2023