Allow custom domains for API & Storage
Problem
Feature request Hi! I'd love to be able to set a custom domain alias for my supabase project url, so that instead: the users would see "Chose an account to continue to myproject.mydomain.org". Is your feature request related to a problem? Please describe. The google sign in will show: "Choose an account to continue to dalihgspogdhpodshhofdgogdssg.supabase.co which looks completely like phishing to anyone who received an 101 phishing-defense training. So this is not purely aesthetic problem, but a business one - imagine you prototype a product using Supabase (which it is great at) but you loose conversion because users are afraid to sign in (being worried that some strange jfdsljfdsfuds.supabase.co people will get access to their precious Google account)! :fearful: Describe the solution you'd like Implement a basic custom domain support using LetsEncrypt free/automatic cert generation to secure it. Not hard to implement! This would require: - [ ] setting custom domains in project settings - [ ] supabase proxy generating LetsEncrypt SSL cert to be able to serve the domain securely (alternatively, let user upload a commercial SSL cert) Describe alternatives you've considered I did search GH issues to learn if you have considered custom domains and decided against them for reasons; but I could not find any such discussions. Additional context None, thank you for great work and FLOSS generosity of your enterprise!
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Implement Custom Domain Support with SSL for Supabase Projects
Currently, Supabase projects are only accessible via the default subdomain, which can create trust issues for users during authentication processes. This is particularly problematic when third-party authentication providers display the default Supabase URL, potentially causing users to perceive it as phishing.
Awaiting Verification
Be the first to verify this fix
- 1
Add Custom Domain Configuration in Project Settings
Modify the Supabase project settings to include an option for users to specify a custom domain. This will involve updating the database schema to store the custom domain and modifying the frontend to allow users to input their desired domain.
sqlALTER TABLE projects ADD COLUMN custom_domain VARCHAR(255); - 2
Implement LetsEncrypt SSL Certificate Generation
Integrate a service to automatically generate and manage SSL certificates using LetsEncrypt for the custom domains specified by users. This will ensure secure connections to the custom domains.
bashcertbot certonly --standalone -d myproject.mydomain.org - 3
Configure Supabase Proxy to Serve Custom Domains
Update the Supabase proxy server configuration to route traffic from the custom domains to the appropriate Supabase project. This will involve modifying the Nginx or similar server configuration to recognize and handle requests for the custom domains.
nginxserver { listen 80; server_name myproject.mydomain.org; location / { proxy_pass http://localhost:54321; } } - 4
Allow Users to Upload Commercial SSL Certificates (Optional)
Provide an option for users to upload their own SSL certificates if they prefer to use a commercial certificate instead of LetsEncrypt. This will require a secure upload mechanism and validation of the certificate.
javascriptconst fs = require('fs'); const https = require('https'); const options = { key: fs.readFileSync('path/to/private.key'), cert: fs.readFileSync('path/to/certificate.crt') }; - 5
Test Custom Domain Functionality
Conduct thorough testing to ensure that the custom domain functionality works as intended. This includes verifying SSL certificate issuance, domain routing, and user authentication flows.
bashcurl -I https://myproject.mydomain.org
Validation
Confirm that users can successfully set a custom domain in project settings, access the Supabase project via the custom domain, and that the SSL certificate is valid. Additionally, verify that third-party authentication displays the custom domain instead of the default Supabase URL.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep