Attach config file

Questions
1

Hey,

I am using n8n via docker and would like to move env vars to file (if possible). I found some topics but most of useful docs links expired/has been moved.

  1. I made file /home/simon/.n8n/conf.json with following content:
{
  "WORKFLOWS_DEFAULT_NAME": "sadasdasd"
}

Just to see if it’s working

  1. stopped and removed container
docker stop n8n && docker rm n8n
  1. Run docker via this command (password I removed here)
docker run --restart always --name n8n -p 127.0.0.1:5678:443 -e N8N_BASIC_AUTH_ACTIVE=true -e N8N_BASIC_AUTH_USER=simon -e N8N_BASIC_AUTH_PASSWORD="" -e N8N_HOST="n8n.hryszko.dev" -e N8N_PORT=443 -e N8N_PROTOCOL="https" -e WEBHOOK_TUNNEL_URL="https://n8n.hryszko.dev/" -e VUE_APP_URL_BASE_API="https://n8n.hryszko.dev" -e NODE_FUNCTION_ALLOW_EXTERNAL="moment,lodash" -e N8N_CONFIG_FILES=/home/simon/.n8n/conf.json -v /home/simon/n8n-local-files:/files -v ~/.n8n:/home/node/.n8n n8nio/n8n

I’m getting this error:

image
image1919×369 72.5 KB

What’s wrong with the file?
Thanks in advance!

2

It says that the file does not exist and looking at what you wrote, does it make sense as you seem to create a file named /home/simon/.n8n/conf/json and then tell it to use one with a different name/path /home/simon/.n8n/conf.json. To be clear conf/json vs. conf.json

Additionally does that file not set environment variables, it directly sets the keys. So it would not use the environment variables, it would use its actual name. In your example:

{
  "workflows": {
    "defaultName": "sadasdasd"
  }
}

You can find all the available names here.

3

Aaaah I made misspell I made file conf.json not conf/json
I updated conf.json as you wrote so it’s:

{
  "workflows": {
    "defaultName": "sadasdasd"
  }
}

And unfortunately it says same error, this file we mean on server not inside container, don’t we?

image
image1917×492 98.9 KB

4

@Shirobachi so the path you are setting would need to be relative to the container not the host.

If you map that file to the container then use the container path you should be good to go.

2 Likes
5

Three additional question about config

  1. I had those three variable set via docker command
-e N8N_HOST="n8n.hryszko.dev" \
-e N8N_PORT=443 \
-e N8N_PROTOCOL="https" \

So I modified conf.json file like that:

{
  "host": "n8n.hryszko.dev",
  "port": 433,
  "protocol": "https",
	"security": {
		"basicAuth": {
			"active": true,
			"user": "simon",
			"password": "4F5868D8DE1375ABB0D3621285713CCF",
                        "hash": true
		}
	}
}

I did it wrong because it stopped working, but I am not sure why.
I found a variable in link what Jan shared, and add this to file

image
image1364×790 176 KB

  1. Also, not all of them are in Jan’s a link e.g. VUE_APP_URL_BASE_API aren’t there, I found this one here: Environment Variables | Docs but I am not sure how to
    match this to JSON file (conf.json)

  2. How is password hashed I mean what algorithm, I tried MD5 and SHA1, but didn’t work
    n8n/index.ts at master · n8n-io/n8n · GitHub

Thanks in advance!

6

Hey @Shirobachi,

I have not played with the config too much but with the first part do you see an error?

It doesn’t look like the Vue app url is available as a config file option at the moment.

Password hashes are done using bcrypt so if you wanted a pass of CorrectHorseBatteryStaple the hashed result would be $2a$10$/7atEI9BUkYmRAANURJksu2C.f85IO/ITeTKcliTmUjqrKwHeOHNm

7

About host:
So docker print this output:

docker stop n8n; docker rm n8n; docker run --restart always --name n8n -p 127.0.0.1:5678:443 -e WEBHOOK_TUNNEL_URL="https://n8n.hryszko.dev/" -e VUE_APP_URL_BASE_API="https://n8n.hryszko.dev" -e NODE_FUNCTION_ALLOW_EXTERNAL="moment,lodash" -e N8N_CONFIG_FILES=/home/node/.n8n/conf.json -v /home/simon/n8n-local-files:/files -v ~/.n8n:/home/node/.n8n n8nio/n8n
n8n
n8n

Loading configuration overwrites from:
 - /home/node/.n8n/conf.json

Initializing n8n process
n8n ready on 0.0.0.0, port 433
Version: 0.156.0
 ================================
   Start Active Workflows:
 ================================
   - YouTube feed
     => Started
   - Event copier calendar -> calendar
     => Started
   - Events copier calendar -> notion
     => Started
   - Student mail checker
     => Started
   - Coronavirus reporter
     => Started
   - New notion automation
     => Started
   - Lectures
     => Started

Editor is now accessible via:
https://n8n.hryszko.dev:433/

This URL is invalid (never load success) but it could be because of my nginx config what is

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name n8n.hryszko.dev;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

  server_tokens off;

  gzip on;
  gzip_buffers 4 32k;
  gzip_types text/plain text/css application/x-javascript;
  gzip_vary on;

  location / {
    proxy_pass http://127.0.0.1:5678;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;

    add_header Access-Control-Allow-Origin *;
  }

    ssl_certificate /etc/letsencrypt/live/n8n.hryszko.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/n8n.hryszko.dev/privkey.pem; # managed by Certbot
}

I am just surprised that nothing should be changed, mean same variable are set just in different place (correct me if I am wrong) and before docker output was

...
Editor is now accessible via:
https://n8n.hryszko.dev/

About password:
I cannot reproduce this: CyberChef
I checked via bcrypt parser that you use 10 rounds. It says, also sth about salt, so maybe I should to add this to somehow? Sorry if it’s basic question, it’s new for me

8

Yes, VUE_APP_URL_BASE_API can not be set via that file.

You can use an environment file for that:

9

Btw. can you not simply use the docker-compose setup from the Server Setup Guide? Because that makes it very simple and everything will then work correctly.

2 Likes
10

So it looks like you are using different ports 433 and 443 but still proxying back to 5678.

Have you made sure it is listening locally?

11

Yes, actually yes

I change it to docker_compose, and it works just fine :slight_smile:
Could you please advise about hashing? I should put bcrypt hash in env var instead of password, right?
I used CyberChef to generate hash (10 rounds) but it did, not working ;/

12

Got damn it me! I made misspell, anyway I switched to docker-composer and this part became to working again, thanks

13

If it helps I took the password hash info from a post Jan made before which you can find here: Securing Basic Auth Password - #4 by jan

2 Likes
14

So I used "hash" instead of 'hash' (may someone in the future have the same problem).

Thank you for help <3

2 Likes