Archon icon indicating copy to clipboard operation
Archon copied to clipboard
verified publisher icon coleam00

Self hosted Supabase - support self signed certification connection

Open Hidden-History opened this issue 1 month ago • 2 comments

Pull Request

Summary

Self hosted Supabase - support self signed certification connection fix

Changes Made

##I have not tested if this messes with the cloud service, I am using coles local ai package with Archon.

Step 1: Connect Docker Networks

Archon and Supabase need to share a Docker network to communicate.

File: /archon/docker-compose.yml

Add the external network and connect all services:

services:
  archon-server:
    # ... existing config ...
    networks:
      - app-network
      - localai_default  # ADD THIS LINE

  archon-mcp:
    # ... existing config ...
    networks:
      - app-network
      - localai_default  # ADD THIS LINE

  archon-agents:
    # ... existing config ...
    networks:
      - app-network
      - localai_default  # ADD THIS LINE

  archon-frontend:
    # ... existing config ...
    networks:
      - app-network
      - localai_default  # ADD THIS LINE

# At the bottom of the file:
networks:
  app-network:
    driver: bridge
  localai_default:      # ADD THIS SECTION
    external: true

Step 2: Update Archon Supabase URL

Archon needs to connect to Supabase using the Docker service name, not host.docker.internal.

File: /archon/.env

Change:

SUPABASE_URL=http://host.docker.internal:8000

To:

SUPABASE_URL=http://kong:8000

Step 3: Allow HTTP for Kong Hostname

Archon's security config requires HTTPS for non-localhost URLs. We need to whitelist "kong".

File: /archon/python/src/server/config/config.py

Find line ~110 and modify:

# Check for exact localhost and Docker internal hosts (security: prevent subdomain bypass)
# Added 'kong' for local Supabase docker container
local_hosts = ["localhost", "127.0.0.1", "host.docker.internal", "kong"]  # ADD "kong" HERE
if hostname in local_hosts or hostname.endswith(".localhost"):
    return True

Step 4: Restart Services

Start Supabase first, then Archon:

# Start Supabase (from local-ai-packaged directory)
cd /path/to/local-ai-packaged
python start_services.py --profile cpu

# Wait for all services to be healthy (~30-60 seconds)
docker compose -p localai ps

# Start Archon (from archon directory)
cd /path/to/archon
docker compose up -d --build

Type of Change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [x ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [x ] Documentation update
  • [ ] Performance improvement
  • [ ] Code refactoring

Affected Services

  • [ ] Frontend (React UI)
  • [ ] Server (FastAPI backend)
  • [ ] MCP Server (Model Context Protocol)
  • [ ] Agents (PydanticAI service)
  • [ ] Database (migrations/schema)
  • [x] Docker/Infrastructure
  • [ ] Documentation site

Testing

  • [x] All existing tests pass
  • [ ] Added new tests for new functionality
  • [ ] Manually tested affected user flows
  • [x] Docker builds succeed for all services

Test Evidence

docker compose logs -f # All services no errors

Checklist

  • [x ] My code follows the service architecture patterns
  • [ ] If using an AI coding assistant, I used the CLAUDE.md rules
  • [ ] I have added tests that prove my fix/feature works
  • [ ] All new and existing tests pass locally
  • [x ] My changes generate no new warnings
  • [ ] I have updated relevant documentation
  • [ ] I have verified no regressions in existing features

Breaking Changes

Additional Notes

Step 4: Restart Services

Start Supabase first, then Archon:

# Start Supabase (from local-ai-packaged directory)
cd /path/to/local-ai-packaged
python start_services.py --profile cpu

# Wait for all services to be healthy (~30-60 seconds)
docker compose -p localai ps

# Start Archon (from archon directory)
cd /path/to/archon
docker compose up -d --build

Hidden-History avatar Nov 10 '25 04:11 Hidden-History

Walkthrough

This PR modifies the docker-compose configuration to introduce a dual-network architecture. An external network called localai_default is added alongside the existing app-network, with archon-server, archon-mcp, archon-frontend, and related services now connected to both. The Docker socket is mounted to archon-server to enable container management capabilities from within the server.

Changes

Cohort / File(s) Summary
Docker Compose Network & Socket Configuration
docker-compose.yml		 Introduces external localai_default network, attaches archon-server, archon-mcp, archon-frontend, and related services to dual networks (app-network and localai_default), mounts Docker socket at /var/run/docker.sock to archon-server

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Verify network connectivity constraints and ensure no unintended cross-service exposure through the localai_default external network
  • Confirm Docker socket mount permissions and security implications for archon-server container
  • Validate that dual-network attachment doesn't create routing conflicts or DNS resolution issues

Poem

🐰 Two networks now entwine, where once was one, The socket mounts, and container dance has begun! Through localai's gateway, the services convene, A web of connection—the finest we've seen! 🌐

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Title check ⚠️ Warning The title mentions Supabase and self-signed certificates, but the actual changes involve Docker networking and socket mounting with no mention of Supabase configuration. Update the title to accurately reflect the Docker infrastructure changes, such as 'Add Docker socket mounting and dual-network support for service integration'.
Description check ⚠️ Warning The PR description contains contradictory information, incomplete testing evidence, and unclear scope that needs clarification before merging. Clarify which files were actually modified (docker-compose.yml, .env, or config.py), provide complete test evidence with command output, explicitly verify cloud service compatibility, and resolve conflicting breaking change indicators.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • [ ] 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Nov 10 '25 04:11 coderabbitai[bot]

@Hidden-History could you please comment on what change you made and why, was something broken when using the local package?

Wirasm avatar Nov 24 '25 08:11 Wirasm

when running achon with the local ai package on localhost, I was getting the same issues as found in archon, Self hosted Supabase - support self signed certification connection #596, https://github.com/coleam00/Archon/issues/596, this fixes that issue with localhost, i do not have the cloud service to test to see if this has any effect on that type of intall, or on a VPS etc, this fixed this issue for me on localhost*

Hidden-History avatar Dec 04 '25 09:12 Hidden-History