Can I use the dedicated IP address for outbound traffic?

I have pgbouncer set up as an app, and am connecting to supabase with it. I want to use supabase’s network restrictions to allow only connection from fly, so I purchased a dedicated IP address and assigned it to the app, then set up supabase to restrict to only that IP. Unfortunately this appears to only affect inbound connections, rather than outbound. Is there a way to make this work?

I have confirmed that setting supabase’s IP restriction to the assigned IP of the VM that pgbouncer is running on works; so, theoretically, if I could change the IP of the VM to the dedicated IP I bought for the app, this might work. Outbound is the only thing that matters.

Don’t think that’s possible on Fly, yet:

You could experiment with bind/connect explicitly on FLY_PUBLIC_IP (ipv6) to see if works:

Bummer. Supabase don’t support wireguard (yet). I can’t really get comfortable with DB endpoints that don’t have any network security. I wish Fly’s docs about public networking made this a little clearer, as this may have been a wasted chunk of hours.

I am surprised there isn’t a way to secure access to Supabase backend other than allowlisting IPs. Sounds archaic.

Kurt is an investor in Supabase, and so could help figure this out. Doubt Kurt is free enough these days though to help out individual customers like he has in the past.

True. You could consider sending a pull request: docs/ at main · superfly/docs · GitHub

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.