Can't get editor UI working on my server

Describe the issue/error/question

I can’t get my editor UI to show up in my browser. I have a digital ocean docker droplet running with n8n deployed. But when I visit the :5678 nothing gets served and it times out.

This is my docker-compose.yml file:

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n

This is my .env file:

# Folder where data should be saved
DATA_FOLDER=/root/n8n/

# The top level domain to serve from
#DOMAIN_NAME=

# The subdomain to serve from
#SUBDOMAIN=

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in: https://n8n.example.com

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_USER=user

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_PASSWORD=password

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used
GENERIC_TIMEZONE=Europe/Berlin

# The email address to use for the SSL certificate creation
[email protected]

It is missing the domain and subdomain. I tried multiple things as I don’t have a domain name connected yet. I tried only the ip-address and also like this with it commented out.

I can see the the server is listening to the right ports:

COMMAND     PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r   610 systemd-resolve   12u  IPv4  21740      0t0  UDP 127.0.0.53:53 
systemd-r   610 systemd-resolve   13u  IPv4  21741      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd        759            root    3u  IPv4  24803      0t0  TCP *:22 (LISTEN)
sshd        759            root    4u  IPv6  24814      0t0  TCP *:22 (LISTEN)
node       1520            root   18u  IPv4  30296      0t0  TCP 127.0.0.1:35133 (LISTEN)
node       1520            root   19u  IPv4 145973      0t0  TCP 127.0.0.1:35133->127.0.0.1:38708 (ESTABLISHED)
sshd       8555            root    4u  IPv4 145489      0t0  TCP <public IP of server>:22->94.212.48.149:50765 (ESTABLISHED)
sshd       8555            root    9u  IPv4 145978      0t0  TCP 127.0.0.1:38710->127.0.0.1:35133 (ESTABLISHED)
sshd       8555            root   12u  IPv4 145972      0t0  TCP 127.0.0.1:38708->127.0.0.1:35133 (ESTABLISHED)
node       8692            root   19u  IPv4 145979      0t0  TCP 127.0.0.1:35133->127.0.0.1:38710 (ESTABLISHED)
docker-pr 12326            root    4u  IPv4 207374      0t0  TCP *:443 (LISTEN)
docker-pr 12331            root    4u  IPv6 207382      0t0  TCP *:443 (LISTEN)
docker-pr 12343            root    4u  IPv4 207432      0t0  TCP *:80 (LISTEN)
docker-pr 12348            root    4u  IPv6 207438      0t0  TCP *:80 (LISTEN)
docker-pr 12407            root    4u  IPv4 207756      0t0  TCP 127.0.0.1:5678 (LISTEN)

This is the log file of the traefik docker container:

time="2022-03-27T09:40:29Z" level=error msg="accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
time="2022-03-27T09:40:29Z" level=error msg="Error while starting server: accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
time="2022-03-27T09:40:29Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2022-03-27T09:40:29Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2022-03-27T09:40:29Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
time="2022-03-27T09:40:29Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=websecure
time="2022-03-27T09:40:43Z" level=info msg="Configuration loaded from flags."
time="2022-03-27T09:40:55Z" level=error msg="Unable to obtain ACME certificate for domains \".\": cannot get ACME client acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden" providerName=mytlschallenge.acme rule="Host(`.`)" [email protected] ACME CA="https://acme-v02.api.letsencrypt.org/directory"

What am I doing wrong? Can I even run the instance without a domain and subdomain?

I hope someone can help me out!

Cheers!

Hey @mark_de_jonge,

Welcome to the community :raised_hands:

Looking at the compose file you have n8n locally on 127.0.0.1 so you won’t be able to use the 5678 port, you would need to use 80 or 443 (with https) to go through the Traefik proxy.

If you remove 127.0.0.1 from the n8n ports option it would work but you would need to restart / rebuild the container for the change to kick in and remember to put it back when you do use a domain so that the proxy can’t be bypassed.

Hi Jon,

Thanks for the welcome and reply!

Just to be sure I should change it into?:

 ports:
      -"5678:5678"

edit: This change didn’t work yet.

What should I put under domain name and subdomain if I’m running it on my digital ocean server:

# The top level domain to serve from
DOMAIN_NAME=

# The subdomain to serve from
SUBDOMAIN=

Edit: So I got it working now, but only when I use the domain name I use. Is it possible to run in just based on the ip address without a domain and sub domain? And it only works on http not on https. Any idea how I can fix that?

Thanks so much :slight_smile:

Cheers

1 Like

That port looks right, you would need to change the protocol to http and set the host and webhook url to the IP.

Hi Jon,

Works like a charm, thanks!

Cheers!

1 Like