Access problems to n8n behind nginx

droppe · January 13, 2023, 11:49am

Describe the issue/error/question

I was deployed n8n by docker on ubuntu vm.
On my vm have Nginx for proxy all request to n8n docker and Certbot for ssl.
But all time when I try to connect to my worked n8n instance I take 404 error for all static files and its start to not authorize me, all credential what I write on .env is not accept by n8n authorize.

Also, I will be need some database for correct work n8n in docker ?

What is the error message (if any)?

404 for static files and 401 non auth after not accept my creds

Information on your n8n setup

n8n version:
Database you’re using (default: SQLite):
Running n8n with the execution process [own(default), main]:
Running n8n via [Docker, npm, n8n.cloud, desktop app]:

docker-compose.yml

version: "3"

services:
  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n
      - /local-files:/files

Nginx setup

server {

        root /var/www/n8n.myDomain.dev/html;
        index index.html index.htm index.nginx-debian.html;

        server_name myDomain.dev n8n.myDomain.dev www.myDomain.dev  www.myDomain.dev;

        location / {
                try_files $uri $uri/ =404;
                proxy_pass http://127.0.0.1:5678/;
                proxy_set_header Connection '';
                proxy_http_version 1.1;
                chunked_transfer_encoding off;
                proxy_buffering off;
                proxy_cache off;
        }

        location /assets {
                proxy_pass http://127.0.0.1:5678/;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/myDomain.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myDomain.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = myDomain.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80;
        listen [::]:80;

        server_name myDomain.dev www.myDomain.dev;
    return 404; # managed by Certbot
}

.env

# Folder where data should be saved
DATA_FOLDER=/root/n8n/

# The top level domain to serve from
DOMAIN_NAME=example.com

# The subdomain to serve from
SUBDOMAIN=n8n

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in: https://n8n.example.com

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_USER=user

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_PASSWORD=password

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used
GENERIC_TIMEZONE=Europe/Berlin

# The email address to use for the SSL certificate creation
[email protected]

droppe · January 13, 2023, 11:56am

Ok, auth problem was because I was added for nginx that block when try to fix 404 static files error

  location /assets {
                proxy_pass http://127.0.0.1:5678/;
        }

After delete that block auth, auth start work correct, but still left problem with static files, I still receive 404.

Jon · January 13, 2023, 11:56am

Hey @droppe,

Welcome to the community

When you say the credentials are not working is that in the basic auth prompt or on the webpage itself as the env options are used to set the basic auth credentials which don’t play well with the user management feature so I would start by removing those from the config.

I would probably remove the /assets location from the nginx config as it serves no value, You also don’t need the root directive. In theory all you should need in your nginx config is…

server {
        server_name myDomain.dev n8n.myDomain.dev www.myDomain.dev  www.myDomain.dev;

        location / {
                proxy_pass http://127.0.0.1:5678/;
                proxy_set_header Connection '';
                proxy_http_version 1.1;
                chunked_transfer_encoding off;
                proxy_buffering off;
                proxy_cache off;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/myDomain.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myDomain.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = myDomain.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80;
        listen [::]:80;

        server_name myDomain.dev www.myDomain.dev;
    return 404; # managed by Certbot
}

droppe · January 13, 2023, 12:01pm

Yes, after remove block with location /assets, auth problem is resolved, but still left problem with static files

Jon · January 13, 2023, 12:42pm

Did you make all the changes and reload the nginx config? When you view the failed items what URL is it trying to access?

droppe · January 13, 2023, 1:48pm

Yes, it was after restart Nginx with new config.
Address is https://myDomain.dev/assets/codemirror-lang-n8n-expression.c00645c7.js and etc for css/img

Jon · January 13, 2023, 2:12pm

Is that the same address you use to access to n8n or are you using a port as well?

droppe · January 13, 2023, 3:18pm

Yes, its same address that I use in Nginx config, .env in DOMAIN_NAME and SUBDOMAIN fields

Jon · January 13, 2023, 4:37pm

I feel like there is more to this that we can’t see. Can you share your current nginx config file? I use n8n behind nginx myself and I am not currently having this issue so I assume it is likely to be something in the config we are missing.

You could also try setting N8N_EDITOR_BASE_URL to the URL as well and see if that helps.

droppe · January 13, 2023, 4:55pm

I was added N8N_EDITOR_BASE_URL to env, but its still same

docker-compose.yml

version: "3"

services:
  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - N8N_EDITOR_BASE_URL=${SUBDOMAIN}.${DOMAIN_NAME}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n
      - /local-files:/files

Nginx local

server {
        server_name myDomain.dev n8n.myDomain.dev www.myDomain.dev  www.n8n.myDomain.dev;

        location / {
                try_files $uri $uri/ =404;
                proxy_pass http://127.0.0.1:5678/;
                proxy_set_header Connection '';
                proxy_http_version 1.1;
                chunked_transfer_encoding off;
                proxy_buffering off;
                proxy_cache off;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/myDomain.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myDomain.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = myDomain.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name myDomain.dev www.n8n.myDomain.dev;
        return 404; # managed by Certbot
}

Global default Nginx config

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Jon · January 13, 2023, 6:23pm

I can’t see anything obviously wrong there, Do the nginx logs show anything?

droppe · January 13, 2023, 6:46pm

Only on access logs like what return after get assets
"GET /assets/vendor.28fd6a82.js HTTP/1.1" 404 186 "https://n8n.myDomain.dev/"

curl http://127.0.0.1:5678/assets/jsplumb.af8c2835.js
on vm its return that js file, so on n8n server side is ok with assets files.

And that also what I found in header request files

1. Host:

n8n.fast-info-exchange.dev

2. Origin:

https://n8n.fast-info-exchange.dev

3. Referer:

https://n8n.fast-info-exchange.dev/

Maybe add some proxy to static folder if it have it?
Idk what also may to do, because it must proxy all request to local server n8n

droppe · January 13, 2023, 11:22pm

Ok, i fixed that problem on half, I was added two block for proxy

     location /assets {
                proxy_pass http://127.0.0.1:5678/assets;
                proxy_set_header Connection '';
                proxy_http_version 1.1;
                chunked_transfer_encoding off;
                proxy_buffering off;
                proxy_cache off;
        }

        location /rest {
                proxy_pass http://127.0.0.1:5678/rest;
                proxy_set_header Connection '';
                proxy_http_version 1.1;
                chunked_transfer_encoding off;
                proxy_buffering off;
                proxy_cache off;
        }

But its seems that not enough, because half of application sometimes can’t may to find some svg on root, or then cant find some json.
Also if refresh page on some page, it will be not found, because we can’t find our html

droppe · January 17, 2023, 6:52pm

I don’t see at your config selecting html page for vue front, at your n8n with docker and behind Nginx also working refresh page and route pages ?

Jon · January 17, 2023, 7:19pm

You shouldn’t need to set individual paths the / should cover it. I think something has gone wrong in the nginx config somewhere but I don’t know enough about nginx to fix it.

I would be tempted to revert to the original config then make the change I had above and that should work, I have just don’t it on a clean VPS to make sure it works.

droppe · January 17, 2023, 10:18pm

Did you use nginx in docker or on VPS?

Jon · January 18, 2023, 6:42am

On the VPS for the test yesterday and on Docker for my home setup.

droppe · January 19, 2023, 4:08pm

So problem was in that line try_files $uri $uri/ =404;
After removing that, all start work ok!

system · January 26, 2023, 4:08pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.