I have pgbouncer set up as an app, and am connecting to supabase with it. I want to use supabase’s network restrictions to allow only connection from fly, so I purchased a dedicated IP address and assigned it to the app, then set up supabase to restrict to only that IP. Unfortunately this appears to only affect inbound connections, rather than outbound. Is there a way to make this work?
I have confirmed that setting supabase’s IP restriction to the assigned IP of the VM that pgbouncer is running on works; so, theoretically, if I could change the IP of the VM to the dedicated IP I bought for the app, this might work. Outbound is the only thing that matters.
Bummer. Supabase don’t support wireguard (yet). I can’t really get comfortable with DB endpoints that don’t have any network security. I wish Fly’s docs about public networking made this a little clearer, as this may have been a wasted chunk of hours.
I am surprised there isn’t a way to secure access to Supabase backend other than allowlisting IPs. Sounds archaic.
Kurt is an investor in Supabase, and so could help figure this out. Doubt Kurt is free enough these days though to help out individual customers like he has in the past.