VM Setup

Everything you need to know about preparing a virtual machine for use with Supabyoi.

VM detail page showing connected status and deployed instances

Supported Operating Systems

Ubuntu is the primary supported and recommended operating system. Supabyoi is tested and optimized for Ubuntu LTS releases (20.04, 22.04, 24.04).

The following distributions are auto-detected and may work, but are not officially supported:

Debian CentOS RHEL Fedora Rocky Alma Alpine Arch

Recommendation: Use Ubuntu 22.04 LTS or 24.04 LTS for the best experience and full feature support.

SSH Key Requirements

Supabyoi connects to your VM over SSH using a private key. The key must meet the following requirements:

  • Key type: RSA or Ed25519 private key in PEM format
  • Minimum length: 100 characters
  • Authentication: Must be the private key whose public key is already authorized on the server (present in ~/.ssh/authorized_keys on the VM)

If you need to generate a new key pair, use the following command: 

ssh-keygen -t ed25519 -f ~/.ssh/supabyoi_key

Then copy the public key to your VM: ssh-copy-id -i ~/.ssh/supabyoi_key.pub user@your-vm-ip

Hardware Requirements

Supabyoi runs full Supabase stacks inside Docker on your VM. Each instance is resource-intensive, so plan accordingly.

RAM

4 GB

minimum

Each Supabase instance uses ~4 GB. Maximum instances = total_ram / 4

Disk

20+ GB

recommended

Sufficient space for Docker images, database storage, and backups per instance.

CPU

2+ cores

recommended

More cores improve performance when running multiple concurrent Supabase instances.

Capacity planning: A VM with 16 GB RAM can host up to 4 Supabase instances. Each instance runs 8 Docker containers (postgres, kong, rest, auth, realtime, storage, meta, studio).

Port Requirements

Before adding a VM, ensure the following ports are available and not in use by other services:

Port Protocol Purpose Required
22 TCP Initial SSH access Required
80 TCP HTTP (checked during VM verification, used for HTTPS redirects) Required
443 TCP HTTPS (Supabase instance access, checked during VM verification) Required
Conflicts will fail verification: If Apache, Nginx, or any other web server is already running on ports 80 or 443, VM setup will fail. Stop and disable them before adding the VM:
sudo systemctl stop nginx apache2 && sudo systemctl disable nginx apache2

What Happens After Adding a VM

When you add a VM to Supabyoi, an automated setup process runs over SSH. Here is what happens at each step:

1

SSH connection test

Supabyoi runs echo 'supabyoi-test' on the remote server to confirm SSH connectivity, correct credentials, and that the key has proper access. If this fails, the setup stops immediately with a connection error.

2

Port availability check

Verifies that ports 80 and 443 are free and not bound by any running process. This ensures Nginx can start and serve Supabase traffic without conflicts.

3

RAM and OS detection

Auto-detects the VM's total available memory and operating system. This information is used to calculate how many Supabase instances the VM can host and to tailor configuration for the detected distro.

4

Security hardening

A dedicated supabyoi system user is created for running deployments. SSH is moved to a randomly selected high port (between 10,000 and 60,000) to reduce automated attack surface. UFW firewall is enabled with minimal open ports, fail2ban is installed to block brute-force attempts, and unattended-upgrades is configured for automatic security patches.

5

Original credentials preserved

Your initial SSH credentials (IP, port, username, and key) are securely saved in encrypted form. These are retained for VM deletion workflows and emergency recovery, even after the SSH port changes during hardening.

Cloud Provider Firewall Notes

Most cloud providers apply a network-level firewall in addition to the OS-level firewall on your VM. You must explicitly allow inbound traffic on the required ports in your cloud provider's control panel before Supabyoi can connect.

Ports to allow inbound

22 — Initial SSH access
80 — HTTP redirects
443 — HTTPS (Supabase access)
AWS EC2
  1. Go to EC2 in the AWS Console
  2. Select your instance
  3. Click Security tab
  4. Open the linked Security Group
  5. Edit Inbound rules to allow ports 22, 80, 443
DigitalOcean Droplet
  1. Open the DigitalOcean Control Panel
  2. Navigate to Networking
  3. Click Firewalls
  4. Create or edit a firewall
  5. Add inbound rules for ports 22, 80, 443 and apply to your Droplet
Hetzner Cloud
  1. Log into Hetzner Cloud Console
  2. Go to Firewalls in the left sidebar
  3. Create a firewall with inbound rules for ports 22, 80, 443
  4. Apply the firewall to your server
GCP Compute Engine
  1. Open Google Cloud Console
  2. Navigate to VPC Network
  3. Click Firewall rules
  4. Create rules allowing ingress on tcp:22, tcp:80, tcp:443
  5. Apply via target tags or service accounts to your VM

After security hardening, Supabyoi moves SSH to a high port (10,000-60,000). Make sure your cloud firewall also allows that port, or add a rule for all TCP ports above 10,000 to avoid being locked out. Supabyoi will show you the new port after setup completes.

Getting Started SSH Troubleshooting