Can i expose my self hostet n8n to the internet if i want to use the webhook?

Se_Ke · March 22, 2023, 5:24pm

Hey guys,

is it safe to expose n8n to the internet if i want to use the webhook? Or how would i use it safely?

Or is anyone using it exposed and has somthing to share?

MutedJam · March 23, 2023, 2:47pm

Hi @Se_Ke, welcome to the community!

The short answer is yes, you can. There are a couple of ways to do this and the best approach depends on your technical background and requirements.

The easiest way would be to use n8n’s tunnel service, though this isn’t suitable for production usage as there are no uptime guarantees. There are no prerequisites here other than adjusting your command to start n8n.

For a more advanced (but still relatively easy to manage) setup, you could consider Cloudflare tunnels as suggested by @RedPacketSec over here. This is assuming you are using Cloudflare in the first place and are willing to let them handle SSL termination of your traffic. You’d essentially install a small daemon, pick a (sub-)domain for n8n, and finally tell Cloudflare to send all traffic to your local n8n server’s IP/port (and tell n8n which domain you are using by updating the WEBHOOK_URL environment variable).

There are also additional options available such as setting up a reverse proxy on your web server, assuming your n8n server has a public IP.

In all cases you want to set a strong password for your n8n user.

RedPacketSec · March 23, 2023, 3:14pm

By using Cloudflare let’s me utilise MFA too for added security

Se_Ke · March 27, 2023, 7:28pm

Is there a way to only expose the webhook but not the login screen, or 2 faktor for self hosted?

Jon · March 27, 2023, 7:46pm

Hey @Se_Ke,

You can do with that request routing / uri routing but how to do it would depend on what you are using as a reverse proxy / for traffic routing already.

Se_Ke · March 27, 2023, 9:05pm

I would use a reverse proxy NGINX and route it to the open port. How would i do request routing Uri rounting so that only my hooks are exposed and not the full ui with login (i would like to use the ui only locally to keep it safe).

Jon · March 28, 2023, 4:04am

Hey @Se_Ke,

In the nginx configuration where you set the location to proxy to your backend rather than using just / you would instead need to use a pattern for the webhook and webhook-test that routes to your instance.

https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

system · April 4, 2023, 4:04am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.