Easy question about n8n behind traefik reverse proxy

Happily running my n8n 1.31.2 behind traefik and many more containers. All working.

Except for one curious issue:

When starting up n8n, it tells me my instance is reachable via my external domain + internal n8n port. Is there an option to let n8n know its behind a proxy and skip showing me the internal port?

docker compose logs show:

n8n             |      => Started
n8n             |
n8n             | Editor is now accessible via:
n8n             | https://auto.domain.tld:5678/

These are the relevant env parameters:

    environment:
      - N8N_HOST=auto.domain.tld
      - N8N_PROTOCOL=https
      - N8N_PORT=5678

Mind you, all is working, I’m just bugged by this message :sweat_smile:

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

This info should be irrelevant to my question, but still here it is:

n8n: 1.31.2
db: postgresql
EXECUTIONS_PROCESS - no idea what that is
n8n running via Docker
Debian Bookworm

hello @ovizii

Why it should? :slight_smile:
You have set the variables, so it builds the URL based on them. It doesn’t bother itself with something in the front and what ports that front uses (because it doesn’t affect the n8n’s work at all). Moreover, it may not even know if there is something like ALB or reverse proxy.

Well, I get what you are saying but usually, there are internal and external settings (judging by the containers I have seen so far).

I wasn’t even sure if I need to set these to the external values: https,443 or the internal ones http,5678

      - N8N_PROTOCOL=https
      - N8N_PORT=5678

It was unclear, if these are “internal” values meaning if I change them the container changes its behaviour or if they are “external” meaning the way I actually reach external domain.

It may works with default settings, but there might be an issue with a non-secure channel and authentication errors arise.

When you set the protocol/port to https/443 it means that n8n listens on that port via the secure channel. So the traffic from reverse proxy to n8n will be encrypted (as well as the internal traffic). When you leave the default settings (http/5678) it means that traffic from the reverse proxy will go via the unencrypted channel. But it has nothing in common with traffic from the end-user to the reverse proxy. So technically an end-user does not interact with the n8n directly :slight_smile:

I think that is one of the reasons why there are no “external” settings. To not confuse people :slight_smile:

Ok, thanks for explaining what those two settings are meant for.
On the other subjects about internal settings and external ones and such, we have to agree to disagree.