CRE-2025-0136

Supabase Self-Hosted: Auth Service Fails Due to Port Binding ConflictMedium

Impact: 8/10

Mitigation: 3/10

CRE-2025-0136View on GitHub

SupabaseAuthenticationPort BindingConfigurationStartup FailureSelf-HostedGoTruePublic

Description

Detects when Supabase Auth service (GoTrue) fails to start because the configured port is already in use\nby another service. This prevents user authentication, registration, and all auth-related operations\nfrom functioning in the self-hosted Supabase deployment.\n

Mitigation

IMMEDIATE:\n - Stop conflicting service on port 9999: `sudo lsof -ti:9999 | xargs kill`\n - Change auth port in .env: `AUTH_PORT=9998`\n - Restart auth service: `docker-compose restart auth`\nVERIFICATION:\n - Check port availability: `netstat -tlnp | grep :9999`\n - Test auth endpoint: `curl http://localhost:9999/health`\n - Verify no port binding errors in logs\nPREVENTION:\n - Use non-standard ports for self-hosted deployments\n - Implement port availability checks in deployment scripts \n - Document port requirements and conflicts\n - Use Docker host networking mode if needed\n

References

• https://supabase.com/docs/guides/self-hosting/docker
• https://github.com/supabase/gotrue