Hello.
I just started using n8n through docker-compose, and i can’t turning on basic auth.
i try to check environment variables, and they exists in container.
Here they are, just as in server installation docs:
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER
- N8N_BASIC_AUTH_PASSWORD
Please help.
Hey @Asbine!
Welcome to the community 
Did you create a .env file or set the environment variables via the CLI?
thank you!
Of course, i made it 
i complete all points in docs just as in video: Installing N8N (nodemation) on my server. - YouTube.
When you print the environment of your service-container, do you find the environment parameters in question set as expected @Asbine?
i think yes, but i’m not sure about that.
Using command “docker exec n8n env” i receive that text:
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER={USER}
N8N_BASIC_AUTH_PASSWORD={PASSWORD}
All other stuff is not important, i think.
In .env file i set user and password variable
I’m sorry, but i don’t understand, what type of credentials you speaking about.
If it’s about password and user on screenshot - it’s just command output, without any edit.
Could you, for trouble-shooting, instead of “{USER}” as the username use “test” and instead of “{PASSWORD}” as the password use “test” as well and see if it makes a difference?
Also independent to the parameters could you please test with the username “changeUser” and password “changePassword”?
I have a couple of additional questions:
Just a note: I think its OK to keep the screenshot, just not only posting a screenshot without the important information as well in text-form.
I use docker-compose v 1.29.2, docker v 20.10.7, and n8n 0.126.1.
Server is NVME remote machine with ubuntu 18.04
I change username in .env file, but in container it won’t change.
here is my config from yml:
n8n:
image: n8nio/n8n
restart: always
ports:
- “127.0.0.1:5678:5678”
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(${SUBDOMAIN}.${DOMAIN_NAME})
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.entrypoints=websecure
- traefik.http.routers.n8n.tls.certresolver=mytlschallenge
- traefik.http.middlewares.n8n.headers.SSLRedirect=true
- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
- traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.n8n.headers.STSPreload=true
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER
- N8N_BASIC_AUTH_PASSWORD
- N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
- N8N_PORT=5678
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_TUNNEL_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
- GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
volumes:
- ${DATA_FOLDER}/.n8n:/home/node/.n8n
There is information from .env file:
DATA_FOLDER=/root/n8n/
DOMAIN_NAME=clad-shop.ru
SUBDOMAIN=n8n
N8N_BASIC_AUTH_USER=Testuser
N8N_BASIC_AUTH_PASSWORD=TestPass
GENERIC_TIMEZONE=Europe/Moscow
While i opening my workspase in n8n, with this setting, it must started with basic auth, but it just open n8n workspace.
Your previous excerpt from the container environment (and the now removed screenshot) showed that a change of the in .env file changed the N8N_BASIC_AUTH_USER and N8N_BASIC_AUTH_PASSWORD parameters in the container.
If you were now able to not change them in the container, the exact steps you did to create the new situation (in difference to the previous state) would be helpful for me to know about to better understand how you’re controlling the environment parameters on your end.
Are you sure? This configuration effectively only sets N8N_BASIC_AUTH_ACTIVE to true. The parameters N8N_BASIC_AUTH_USER and N8N_BASIC_AUTH_PASSWORD are not guaranteed to be set based on what I know about configuring the environment parameters with docker-compose, therefore the group of three required parameters (as outlined in the documentation) can remain incomplete and may render void.
What is your rationale that “it must be started with basic auth”, as you’ve just written that the username is not set? I personally would not expect basic auth to work unless all_required parameters of the group are set and have valid values.
What happens if you set the N8N_BASIC_AUTH_USER and N8N_BASIC_AUTH_PASSWORD parameters directly in the docker-compose.yml, like:
n8n:
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=test
- N8N_BASIC_AUTH_PASSWORD=test
?
This is similar to what I’ve asked earlier if you can run two tests: the first to change your .env configuration to the username “test” and password to “test”; the second to verify with the two other given values. Were you able to perform these tests and which results could you gather? If you didn’t perform these tests, it would be kind of you to let me know what prevented you to perform these tests.
And I’ve another follow up question regarding the software stack you have configured:
on the remote machine docker-compose v 1.29.2 and docker v 20.10.7.
i set parameters on the .yml file as you say:
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=test
- N8N_BASIC_AUTH_PASSWORD=test
And not touching the .env file
After restarting docker-compose i use command “docker exec n8n env”, and it show me this:
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER={USER}
N8N_BASIC_AUTH_PASSWORD={PASSWORD}
I’m not so good in docker and all other stuff, so i can be foolish.
/e
When i set this variables at “testUser” and “testPassword” there is same result.
It looks like that the values are getting filtered.
I guess you still have the same situation, that the auth dialog does not show? In any case, try with a different browser not that some auth credentials are already set. See as well the documentation of your browser how you can invalidate an authentication session.
Can you try to reproduce on your local machine? Just with that docker-compose?
I install same versions of docker and n8n on my local machine, and nothing changes with empty field, or with filled with test-credentials.
I try to use incognito-mode or different browser, and problem is still the same.