Hi, following this tutorial “Docker-Compose example” I managed to successfully install n8n and I can browse the editor directly from an URL like https://n8n.example.com (no port specified so it defaults to 443)
But, how can I change the docker-compose.yml to serve the editor from another port? (ie: https://n8n.example.com:12345)
I searched this forum with “docker port” but I can’t find the way to achieve this in the other topics.
Hi @ianxxx, welcome to the community 
The ports exposed to the host machine are specified in these two lines of the docker-compose.yml file:
ports:
- "127.0.0.1:5678:5678"
The syntax for the exposed ports is the one described here in Docker’s documentation.
So if you want to use port 12345 on your local machine, you’d need to update "127.0.0.1:5678:5678" to "127.0.0.1:12345:5678".
Hi @MutedJam thanks for your help and your kind welcome! 
Sorry but I didn’t specify in my post that I already did exactly what you suggest.
In fact that is the only edit I made from the example in the tutorial:
ports:
- "127.0.0.1:12345:5678"
And I expected to have to put that port 12345 in the URL but strangely it only works with 443.
Is there something else that I could check?
Are you trying to access n8n via 127.0.0.1:12345 from the actual server running n8n or are you accessing n8n from an external client?
12345 would be the port only exposed to the host machine in this example, but Traefik would still be listening on port 80 and 443. If you’d like to change the ports Traefik is listening on, you would need to change the ports exposed by Traefik (e.g. from - "443:443" to - "12345:443" in the docker-compose file). I am not familiar with Traefik though, so I am not sure if this has any other implications for its configuration magic. It would definitely also mean webhooks sent to n8n would need to use the new port which not all services might support.
In general, the standard port for SSL/TLS encrypted web traffic is 443, so I would avoid changing this.
I’m trying to access n8n from an external client.
Ok, I will keep 443 and I protected the editor with user/password.
Maybe is better if I also setup fail2ban? How do you protect your n8n installation?
Thanks!
So my personal setup is running n8n as a docker container behind an nginx reverse proxy. I consider the basic authentication safe enough here, but this will obviously depend on your requirements.
At some point I also whitelisted only my own IP for access to everything behind /workflow, though I wouldn’t know how to configure this in Traefik. In an nginx server block it would look something like this (note I’m no longer doing this, so this is just pseudo-code that’s probably not 100% accurate):
location /workflow {
allow 1.2.3.4;
deny all;
...
}
