Fix Supabase in Next.js for Indian Users
Step-by-step guide to bypass ISP DNS blocks in your Next.js app. One environment variable change - no code rewrites.
The Problem
Indian ISPs - including Jio, Airtel, ACT Fibernet, and BSNL - are DNS-blocking *.supabase.co following a government ministry order under Section 69A of the IT Act. When a user on one of these networks tries to reach your Supabase backend, the ISP's DNS resolver returns a sinkhole IP instead of the real Supabase server address. The connection hangs and eventually times out with ERR_CONNECTION_TIMED_OUT or DNS_PROBE_FINISHED_NXDOMAIN.
Client-side apps like Next.js apps are directly affected because API calls happen from the user's browser or device, which uses the ISP's DNS. Your app cannot reach *.supabase.co, so every Supabase operation fails - database queries, authentication, file storage, and real-time subscriptions.
Changing DNS on your own machine (to 1.1.1.1 or 8.8.8.8) can help during development, but it does not fix the problem for your end users. They are stuck on their ISP's default DNS and cannot change it. The fix needs to be transparent - your users should not need to install a VPN or configure anything.
Your Current Setup
This is the standard Supabase setup for Next.js. The URL points to *.supabase.co, which is blocked on Jio, Airtel, ACT, and BSNL networks across India.
// lib/supabase.ts
import { createClient } from '@supabase/supabase-js'
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
export const supabase = createClient(supabaseUrl, supabaseKey)When an Indian user on a blocked ISP opens your Next.js app, the Supabase client tries to connect to the .supabase.co domain. The ISP intercepts the DNS query and returns a dead-end IP. The request never reaches Supabase, and your app fails silently or shows a network error.
Step 1: Set Up JioBase
JioBase is a managed reverse proxy that routes your Supabase traffic through Cloudflare's edge network. Since the proxy domain is not blocked, DNS resolves normally for all ISPs. Your Supabase requests go through the proxy instead of directly to *.supabase.co.
Create a free account
Go to jiobase.com/register and sign up with your email. No credit card required. The free tier includes 50,000 requests per month.
Create a new proxy app
In the dashboard, click "New App" and fill in the details. Give your app a name, and enter your Supabase project URL (e.g., https://xyz.supabase.co).
Enter your Supabase project URL
Paste your full Supabase project URL. This is the URL you currently use in your Next.js app, like https://abcdefgh.supabase.co. JioBase will proxy all traffic to this endpoint.
Choose a slug
Pick a slug for your proxy URL. For example, choosing myapp gives you myapp.jiobase.com. This is the URL your Next.js app will connect to instead of supabase.co.
Step 2: Update Your Next.js Code
Replace your Supabase URL with the JioBase proxy URL. Your anon key stays the same. All Supabase features - REST API, Auth, Storage, Realtime - work through the proxy without any code changes beyond the URL swap.
// .env.local
# Before (blocked):
# NEXT_PUBLIC_SUPABASE_URL=https://xyz.supabase.co
# After (proxied through JioBase):
NEXT_PUBLIC_SUPABASE_URL=https://myapp.jiobase.com
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-keyNext.js env prefix: Next.js uses the NEXT_PUBLIC_ prefix for client-exposed environment variables. Make sure your Supabase URL variable uses this prefix so it is available in the browser/client runtime.
That is the entire code change. The Supabase client library does not validate or restrict the URL format. It sends standard HTTP requests and WebSocket connections to whatever URL you provide. JioBase transparently forwards every request to your actual Supabase project over HTTPS. Your Row Level Security policies, auth configuration, and database schema are completely unaffected.
Step 3: Rebuild and Deploy
After updating the environment variable (or the URL in your code), you need to rebuild your Next.js app and redeploy it. Most frameworks read environment variables at build time, so a restart or rebuild is required for the change to take effect.
npm run buildOnce the build completes, deploy to your hosting provider as you normally would. The updated app will route all Supabase traffic through JioBase's Cloudflare proxy. Users on Jio, Airtel, ACT, BSNL, and any other affected ISP will be able to access your app immediately.
Additional Notes for Next.js
Here are some Next.js-specific tips to keep in mind when setting up the proxy:
If you use Supabase in Server Components or API routes, ensure the server-side also uses the proxied URL. Next.js server-side code runs on your hosting provider (Vercel, etc.) which may not be affected by the ISP block, but using the proxy URL everywhere keeps your setup consistent.
For SSR with createServerClient from @supabase/ssr, use the same NEXT_PUBLIC_SUPABASE_URL environment variable. The proxy handles both client-side and server-side requests identically.
If you use next/image with Supabase Storage URLs, update your next.config.js remotePatterns to include your JioBase domain.
Verify It Works
After deploying your updated Next.js app, verify the proxy is working correctly with these steps:
Deploy your updated app
Push your changes and let your hosting provider build and deploy the new version. Make sure the environment variable with the JioBase proxy URL is set in your hosting provider's settings as well.
Test on a Jio or Airtel network
Open your app on a device connected to Jio 4G/5G, JioFiber, or Airtel. If you do not have access to these networks, ask a friend or team member in India to test. You can also use tools like BrowserStack for remote device testing on Indian networks.
Check the Network tab in DevTools
Open your browser's Developer Tools and go to the Network tab. All Supabase-related requests should now go to your JioBase domain (e.g., myapp.jiobase.com) instead of *.supabase.co. Verify that requests return 200 status codes.
Confirm all Supabase features work
Test database queries, authentication (sign up, sign in, OAuth), file uploads/downloads, and real-time subscriptions if your app uses them. The proxy handles all Supabase features transparently. Everything should work exactly as before - the only difference is the domain in the URL.
How The Proxy Works
Understanding the proxy architecture helps explain why this fix is reliable and why it adds negligible latency.
Next.js App
Browser
JioBase Proxy
Cloudflare Edge
Supabase
*.supabase.co
1. DNS resolves normally. Your Next.js app connects to myapp.jiobase.com. Since this domain is not on the ISP's block list, DNS returns the correct Cloudflare edge IP.
2. Request hits Cloudflare's edge. The request arrives at the nearest Cloudflare data center (there are 300+ worldwide, including multiple in India). The JioBase Cloudflare Worker receives the request.
3. Proxy forwards to Supabase. The Worker forwards the request - including all headers, body, and query parameters - to your actual Supabase project at *.supabase.co. Server-to-server traffic is not affected by ISP blocks.
4. Response flows back. Supabase responds to the Worker, which relays the response back to your Next.js app. The entire round-trip adds only 1-5ms of latency compared to a direct connection.
What JioBase proxies
- REST API (PostgREST) - database queries, inserts, updates, deletes
- Auth - sign up, sign in, OAuth, password reset, session refresh
- Storage - file uploads, downloads, signed URLs, image transformations
- Realtime - WebSocket subscriptions, presence, broadcast channels
- Edge Functions - custom serverless functions on Supabase
Why Changing DNS Is Not Enough
The first instinct when encountering a DNS block is to switch to a public DNS resolver like Cloudflare's 1.1.1.1 or Google's 8.8.8.8. While this can work for your own development machine, it does not solve the problem for your users.
- Your users cannot change their DNS. You cannot ask 500 million Jio users to reconfigure their DNS settings. Most do not know how, and on mobile data it often requires root access.
- Some ISPs use Deep Packet Inspection (DPI). Even with correct DNS, the ISP can inspect the TLS handshake's SNI field, see you are connecting to
*.supabase.co, and block the connection. - ISPs may intercept public DNS. Some ISPs block or redirect DNS requests to 1.1.1.1 and 8.8.8.8, forcing traffic back through their own poisoned resolvers.
- VPNs add friction and latency. Requiring a VPN means extra cost, 50-200ms added latency, and user friction. Most users will leave your app rather than install a VPN.
A reverse proxy is the only production-grade solution. It is transparent to your users, adds minimal latency (1-5ms via Cloudflare's edge), and works on every ISP without any client-side configuration.
Frequently Asked Questions
Do I need to change my Next.js API routes?
Only if they reference the Supabase URL directly. If your API routes use the same environment variable (NEXT_PUBLIC_SUPABASE_URL), just changing the env value is enough. No code changes needed.
Will Supabase SSR (@supabase/ssr) work with the proxy?
Yes. The @supabase/ssr package uses the same createClient pattern. Point it at your JioBase URL and everything works - cookie-based auth, server-side data fetching, and middleware auth checks.
Does this work on Vercel, Netlify, and Cloudflare?
Yes. The proxy URL works from any hosting provider. Your server-side code may not even need the proxy (servers are not affected by ISP blocks), but using the proxy URL consistently avoids confusion and works everywhere.
Does JioBase store or log my data?
No. JioBase is a pass-through proxy. It forwards your requests to Supabase and relays the responses back without storing, logging, or inspecting the request or response bodies. Only basic request metadata (timestamp, path, status code) is logged for analytics.
What happens if the ISP block is lifted?
You can switch back to the direct Supabase URL at any time. Just update your environment variable back to the original *.supabase.co URL and redeploy. However, keeping the proxy provides insurance against future blocks - ISP blocking orders in India have historically been unpredictable.
Can I use my own custom domain instead of *.jiobase.com?
Yes. JioBase supports custom domains. You can point a subdomain like api.yourdomain.com to the proxy, giving your users a branded experience. Custom domains are available on paid plans.
Is there a self-hosted alternative?
Yes! Run npx create-jiobase to deploy a full-featured proxy on your own Cloudflare Workers account for free. The CLI generates a production-quality worker with WebSocket/Realtime support, CORS configuration, and service filtering — then auto-deploys it. See the self-host page for details.
Fix your Supabase app in under 60 seconds
JioBase routes your Supabase traffic through Cloudflare's edge network. No VPN, no DNS hacks, no code rewrites. One command or one line change.
npx create-jiobase — deploy your own proxy on Cloudflare Workers