Accessing n8n in a private IP address

Hello everyone!

I’ve managed to get n8n working flawlessly on a public IP address, but for security policy reasons, we would be better off keeping the n8n instance inside a private network, only accessible through a VPN. I’ve changed the DNS record, pointing to the instance’s private IP address, but it looks like Traefik isn’t redirecting the traffic to port 80. The only way I can access n8n`s start page is by pointing to port 80.

https://n8n.giacomocolonetti.com hangs on loading
https://n8n.giacomocolonetti.com:80 works fine

Could it be a Traefik-related problem? Or something on Docker’s side?
It is worth mentioning that I have a custom docker daemon configuration to avoid networking conflicts. Here’s my /etc/docker/daemon.json file:

{
    "live-restore": true,
    "bip": "10.10.0.1/16",
    "default-address-pools": [{
        "base": "10.0.0.0/8",
        "size": 16
    }]
}

Logs from Traefik’s container seem to point to an error due to Let’s Encrypt servers not being able to reach and verify the IP address in the DNS register, which is expected once it is a private IP:

time="2023-12-01T09:56:38Z" level=info msg="Configuration loaded from flags."
time="2023-12-01T09:56:47Z" level=error msg="Unable to obtain ACME certificate for domains \"n8n.giacomocolonetti.com\": unable to generate a certificate for the domains [n8n.giacomocolonetti.com]: error: one or more domains had a problem:\n[n8n.giacomocolonetti.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for n8n.giacomocolonetti.com - the domain's nameservers may be malfunctioning; no valid AAAA records found for n8n.giacomocolonetti.com\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(`n8n.giacomocolonetti.com`)" routerName=n8n@docker providerName=mytlschallenge.acme

Information on your n8n setup

  • n8n version: latest
  • Database (default: SQLite): default
  • Running n8n via (Docker, npm, n8n cloud, desktop app): docker
  • Operating system: Amazon Linux 2023

Hey @giacomo,

I would remove the Lets encrypt options from Traefik, If it is not able to renew the certificates or check them then it will never load properly for https.

Looking at the protocols in your post are you sure you are using https with port 80?

1 Like

Hi @Jon!

Thanks for the tip on removing Let’s Encrypt options from Traefik. No more errors in Traefik’s container logs.

The problem was that the security group only allowed incoming HTTP connections. Adding an allow rule to port 443 did the trick. Thank you!

2 Likes

This topic was automatically closed 7 hours after the last reply. New replies are no longer allowed.