Can i expose my self hostet n8n to the internet if i want to use the webhook?

Hey guys,

is it safe to expose n8n to the internet if i want to use the webhook? Or how would i use it safely?

Or is anyone using it exposed and has somthing to share?

Hi @Se_Ke, welcome to the community!

The short answer is yes, you can. There are a couple of ways to do this and the best approach depends on your technical background and requirements.

The easiest way would be to use n8n’s tunnel service, though this isn’t suitable for production usage as there are no uptime guarantees. There are no prerequisites here other than adjusting your command to start n8n.

For a more advanced (but still relatively easy to manage) setup, you could consider Cloudflare tunnels as suggested by @RedPacketSec over here. This is assuming you are using Cloudflare in the first place and are willing to let them handle SSL termination of your traffic. You’d essentially install a small daemon, pick a (sub-)domain for n8n, and finally tell Cloudflare to send all traffic to your local n8n server’s IP/port (and tell n8n which domain you are using by updating the WEBHOOK_URL environment variable).

There are also additional options available such as setting up a reverse proxy on your web server, assuming your n8n server has a public IP.

In all cases you want to set a strong password for your n8n user.

1 Like

By using Cloudflare let’s me utilise MFA too for added security

1 Like

Is there a way to only expose the webhook but not the login screen, or 2 faktor for self hosted?

Hey @Se_Ke,

You can do with that request routing / uri routing but how to do it would depend on what you are using as a reverse proxy / for traffic routing already.

I would use a reverse proxy NGINX and route it to the open port. How would i do request routing Uri rounting so that only my hooks are exposed and not the full ui with login (i would like to use the ui only locally to keep it safe).

Hey @Se_Ke,

In the nginx configuration where you set the location to proxy to your backend rather than using just / you would instead need to use a pattern for the webhook and webhook-test that routes to your instance.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.