https://github.com/simplesuite/simplesuite-selfhost
Deploy your own simpleSuite backend and frontends with Docker Compose. Open-source, self-hostable, and privacy-first.
https://github.com/simplesuite/simplesuite-selfhost
backend database deployment devops docker docker-compose homelab infrastructure open-source postgres privacy self-hosted supabase
Last synced: about 5 hours ago
JSON representation
Deploy your own simpleSuite backend and frontends with Docker Compose. Open-source, self-hostable, and privacy-first.
- Host: GitHub
- URL: https://github.com/simplesuite/simplesuite-selfhost
- Owner: simplesuite
- License: agpl-3.0
- Created: 2026-05-20T12:08:39.000Z (about 1 month ago)
- Default Branch: master
- Last Pushed: 2026-07-01T19:55:01.000Z (1 day ago)
- Last Synced: 2026-07-01T21:27:21.807Z (about 22 hours ago)
- Topics: backend, database, deployment, devops, docker, docker-compose, homelab, infrastructure, open-source, postgres, privacy, self-hosted, supabase
- Language: TypeScript
- Homepage:
- Size: 112 KB
- Stars: 6
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
simpleSuite — Self-Hosting
Deploy your own simpleSuite backend and frontends with Docker Compose. Open-source, self-hostable, and privacy-first.
---
## What is this?
This repo contains everything needed to self-host the simpleSuite ecosystem — a free, open-source alternative to hosted productivity and budgeting apps. Run your own Supabase-compatible backend (and optionally the frontends) on your own hardware with a single `docker compose up`.
> **Two deployment modes:**
> - **Backend-only** — Self-host the database and API. Use the hosted frontends at [budget.simplesuite.dev](https://budget.simplesuite.dev) or [tracker.simplesuite.dev](https://tracker.simplesuite.dev).
> - **Full stack** — Self-host everything, including the frontend served via Caddy.
---
## An Open-Source Alternative To
- Supabase Cloud (managed)
- Firebase
- Appwrite
- PocketBase
- Hosted YNAB / Todoist / Notion backends
## Supported Apps
| App | Frontend Repo | Hosted URL |
|-----|---------------|------------|
| simpleBudget | [simplesuite/simplebudget](https://github.com/simplesuite/simplebudget) | [budget.simplesuite.dev](https://budget.simplesuite.dev) |
| simpleTracker | [simplesuite/simpletracker](https://github.com/simplesuite/simpletracker) | [tracker.simplesuite.dev](https://tracker.simplesuite.dev) |
Both apps share the same Supabase backend. A single self-hosted instance supports both.
---
## Quick Start
```bash
# 1. Clone this repo
git clone https://github.com/simplesuite/simplesuite-selfhost.git
cd simplesuite-selfhost
# 2. Create and populate your environment file
cp deploy/.env.example deploy/.env
cd deploy && bash scripts/generate-secrets.sh && cd ..
# 3. Start the backend
docker compose -f deploy/compose.yml up -d
# 4. (Optional) Start with a frontend included
# Set FRONTEND_APP in deploy/.env to: simplebudget or simpletracker
docker compose -f deploy/compose.yml -f deploy/compose.frontend.yml up -d
```
The API gateway will be available at **http://localhost:8000**.
The frontend (if enabled) will be at **http://localhost:8080**.
---
## Prerequisites
| Requirement | Notes |
|-------------|-------|
| [Docker](https://docs.docker.com/get-docker/) + Compose v2 | `docker compose version` should return 2.x+ |
| Bash shell | Git Bash on Windows; native on macOS/Linux |
| `openssl`, `base64` | Required by the secret generator script |
> **Windows users:** Run all `bash` commands from Git Bash, not PowerShell or CMD.
---
## Backend-Only Setup
Run your own Supabase-compatible backend while using the hosted frontends.
```bash
cp deploy/.env.example deploy/.env
cd deploy && bash scripts/generate-secrets.sh && cd ..
docker compose -f deploy/compose.yml up -d
```
Verify everything is healthy:
```bash
docker compose -f deploy/compose.yml ps
```
Then open the hosted frontend and use the **Config Backend** page to enter:
- **URL:** `http://localhost:8000` (or your server's address)
- **Anon Key:** The `ANON_KEY` value from `deploy/.env`
This works for both simpleBudget and simpleTracker — they share the same backend.
---
## Full Self-Hosting
Run the entire stack — backend and frontend — on your own machine.
```bash
cp deploy/.env.example deploy/.env
cd deploy && bash scripts/generate-secrets.sh && cd ..
# Edit deploy/.env to set which app to deploy:
# FRONTEND_APP=simplebudget (default)
# FRONTEND_APP=simpletracker
docker compose -f deploy/compose.yml -f deploy/compose.frontend.yml up -d
```
Open **http://localhost:8080** in your browser.
The frontend container clones the latest source from the selected app's repo, builds it, and serves it via Caddy. The `config.js` is auto-generated from your `.env` values at container startup — no manual configuration needed.
### Hosting Both Frontends
To self-host both apps simultaneously, use the all-frontends compose file:
```bash
docker compose -f deploy/compose.yml -f deploy/compose.allfrontends.yml up -d
```
This starts:
- simpleBudget at **http://localhost:8080** (configurable via `SIMPLEBUDGET_PORT`)
- simpleTracker at **http://localhost:8081** (configurable via `SIMPLETRACKER_PORT`)
---
## Environment Variables
All config lives in `deploy/.env`. Run `generate-secrets.sh` to auto-fill secrets.
| Variable | Default | Scope | Description |
|----------|---------|-------|-------------|
| `SUPABASE_PUBLIC_URL` | `http://localhost:8000` | Public | Kong API gateway URL (browser-accessible) |
| `ANON_KEY` | *(generated)* | Public | Browser-safe JWT for unauthenticated API access |
| `SERVICE_ROLE_KEY` | *(generated)* | **Private** | Elevated JWT — bypasses RLS |
| `JWT_SECRET` | *(generated)* | **Private** | Signs all JWTs |
| `POSTGRES_PASSWORD` | *(generated)* | **Private** | Database password |
| `DASHBOARD_USERNAME` | `admin` | Optional | Studio dashboard username |
| `DASHBOARD_PASSWORD` | *(generated)* | Optional | Studio dashboard password |
| `FRONTEND_APP` | `simplebudget` | Frontend | Which app to build: `simplebudget` or `simpletracker` |
| `FRONTEND_PORT` | `8080` | Frontend | Port for single-app mode (`compose.frontend.yml`) |
| `SIMPLEBUDGET_PORT` | `8080` | Frontend | simpleBudget port for both-apps mode (`compose.allfrontends.yml`) |
| `SIMPLETRACKER_PORT` | `8081` | Frontend | simpleTracker port for both-apps mode (`compose.allfrontends.yml`) |
---
## Security
| Safe for browsers | Never expose |
|-------------------|--------------|
| `SUPABASE_PUBLIC_URL` | `SERVICE_ROLE_KEY` |
| `ANON_KEY` | `JWT_SECRET` |
| | `POSTGRES_PASSWORD` |
- `deploy/.env` is in `.gitignore` — never commit it.
- The frontend container only receives `SUPABASE_PUBLIC_URL` and `ANON_KEY`.
---
## Database Access
Connect with pgAdmin or any Postgres client:
| Setting | Value |
|---------|-------|
| Host | `localhost` |
| Port | `5432` |
| Database | `postgres` |
| Username | `supabase_admin` |
| Password | Your `POSTGRES_PASSWORD` |
---
## Updating
```bash
git pull origin main
# Backend-only
docker compose -f deploy/compose.yml down
docker compose -f deploy/compose.yml up -d
# Full stack (rebuilds frontend with latest source)
docker compose -f deploy/compose.yml -f deploy/compose.frontend.yml down
docker compose -f deploy/compose.yml -f deploy/compose.frontend.yml up -d --build
```
Migrations run automatically on every startup.
---
## Remote Access with Tailscale
The simplest way to access your instance from other devices — no port forwarding, no reverse proxy, automatic HTTPS.
```bash
tailscale serve 8000 # Expose API gateway
tailscale serve --https 8080 # Expose frontend
```
Update `SUPABASE_PUBLIC_URL` in `deploy/.env` to your Tailscale URL and restart.
---
## Troubleshooting
Postgres won't start
```bash
docker compose -f deploy/compose.yml logs postgres
```
Ensure `POSTGRES_PASSWORD` is set. To reset completely:
```bash
docker compose -f deploy/compose.yml down -v
docker compose -f deploy/compose.yml up -d
```
Migration errors
```bash
docker compose -f deploy/compose.yml logs migrations
```
To re-run from scratch (destroys data):
```bash
docker compose -f deploy/compose.yml down -v
docker compose -f deploy/compose.yml up -d
```
GoTrue (auth) fails
```bash
docker compose -f deploy/compose.yml logs gotrue
```
Usually caused by role passwords not being set. Fix with a full reset:
```bash
docker compose -f deploy/compose.yml down -v
docker compose -f deploy/compose.yml up -d
```
CORS errors in browser
Handled by the Kong CORS plugin in `deploy/kong.yml`. If a header is blocked, add it to the `headers` list and restart:
```bash
docker compose -f deploy/compose.yml restart kong
```
Complete reset
```bash
docker compose -f deploy/compose.yml down -v
rm deploy/.env
cp deploy/.env.example deploy/.env
cd deploy && bash scripts/generate-secrets.sh && cd ..
docker compose -f deploy/compose.yml up -d
```
---
## Architecture
```
┌─────────────────────────────────────┐
│ Docker Compose │
│ │
Browser ──────────►│ Kong :8000 (API Gateway) │
│ ├── /rest/v1/* → PostgREST :3000 │
│ └── /auth/v1/* → GoTrue :9999 │
│ │
│ Postgres :5432 │
│ Migrations (runs once at startup) │
│ Frontend :8080 (optional, Caddy) │
└─────────────────────────────────────┘
```
---
## Contributing
Contributions are welcome! Please open an issue or submit a pull request.
## License
This project is licensed under the [GNU AGPL v3](LICENSE).