How to configure n8n to be used over local network

Describe the issue/error/question

Hello everyone,
I’m trying to deploy n8n on my synology NAS (using docker-compose and not the GUI) to be accessible over my local network.
However, I don’t know how to configure n8n properly so it works. I have tried several configurations but either I can’t access the service at all, or I have a 404 error.
Here are the main points to take into consideration:

  • The local ip address of my nas is
  • The ports 80, 8080 and 443 are already used by another service

My problem are mainly about the ports; what ports to choose and how to properly configure them? And what to put on the domain and subdomain configuration so it is accessible on the local network?

Here are my configuration files:


version: "3"

    image: "traefik"
    restart: always
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:8081"
      - ""
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:8443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "${SSL_EMAIL}"
      - ""
      - "8081:80"
      - "8443:443"
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

    image: n8nio/n8n
    restart: always
      - ""
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - DB_MYSQLDB_HOST=localhost
      - DB_MYSQLDB_PORT=3306
      - DB_MYSQLDB_USER=n8n
      - DB_MYSQLDB_PASSWORD=*******
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n


# Folder where data should be saved

# The top level domain to serve from

# The subdomain to serve from

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in: https://

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used

# The email address to use for the SSL certificate creation

Thanks in advance for your help! :slight_smile:

Hi @barbuse, welcome to the community!

If you’re only using n8n locally I’d suggest you avoid using traefik in the first place. Instead, I’d go with a minimal docker-compose.yml setup. Possibly as short as this (without any additional .env file):

version: '2'

    image: n8nio/n8n:latest
    restart: unless-stopped
      - 5678:5678
      - GENERIC_TIMEZONE=Europe/Berlin
      - ./n8n_data:/home/node/.n8n

If you want n8n to listen on a port other than 5678 you could change the ports section to something like this:

      - 8000:5678

In this example n8n inside your docker container would use port 5678, but docker would map and expose port 8000 on your local network. So you could access n8n via Of course any valid port other than 8000 would also work, this is just an example.

If you plan to expose n8n to the internet a reverse proxy server would be a good idea (handling SSL termination and domain names), but I am not sure how your setup looks like. Seeing port 80 and 443 are already in use by another service, are you perhaps running any kind of webserver already (think nginx, caddy, etc.)?

Hi, thanks @MutedJam !
Thanks, I managed to access the service and make it work local with your docker-compose.yml
However, the first scenario that I tried was using hubspot as a first node but it doesn’t work, obviously, as the OAuth redirect url is: http://localhost:5678/rest/oauth2-credential/callback
And I assume it will be the case with many services.
Is there a way to make n8n work running on a local network while accessing internet services like hubspot?

I didn’t want to directly expose n8n over the internet. As I have a VPN setup, I planned on accessing n8n through the VPN as if I was on the local network.

Thanks in advance for your help.

Hey @barbuse,

I didn’t want to directly expose n8n over the internet. As I have a VPN setup, I planned on accessing n8n through the VPN as if I was on the local network.

I’m having similar setup, but instead of VPN I’m using wireguard-based mesh-network (in my case it’s Tailscale). Each node in mesh Tailscale network is getting IP in reserved range (100.65..), traffic between the nodes is encrypted.
I then configured DNS of my n8n domain to point to this “internal” 100.65.X.X IP Address and configured my n8n deployment to be exposed only to tailscale0 network interface (so it only accepts requests that are sent to 100.65.X.X IP).
In this way, you can access n8n webhooks from your computer (assuming it is part of Tailscale mesh network) using DNS-name. I have not tried it in OAuth redirect use-cases, but I assume this should work.


Hey @barbuse,

n8n would still be able to access the internet outbound but if you want to use webhook nodes you would need to support incoming connections.

For the oauth url you can set the webhook_url option to be anything you want that you can resolve while on the vpn as the browser will do the redirect but it is important to note that some services will require https for the value unless it is localhost.

Thanks everyone for your replies!
Considering the necessity for some nodes to have a reachable webhook and the fact that localhost is not supported by many of them, I abandonned the idea of leaving n8n only on my local network and I will make it accessible directly on the internet.
Now, I’m having troubles configuring it correctly.

Right now I can acces n8n over my local network over port 5678 with the minimal configuration proposed by @MutedJam . I have a DDNS that traced back to my NAS and it works. Ports 80 and 8443 are already used to I would have to use something else. The idea would be to use a subdomain of my DDNS to redirect the connection to the n8n docker ports.
So should I use traefik or not? If yes, what would my configuration? As for my synology NAS, should I setup a reverse proxy or a virtual host?
Sorry if some of my questions are dumb, I don’t have much knowledge in this field :sweat_smile:

Thanks in advance for your help!

Hey @barbuse,

You will probably want to use a reverse proxy but it would be worth reading up on the different options available so you can select the one that works best for you, as a start there is Traefik, Caddy and Nginx.

1 Like

hey @barbuse you should look into Easypanel, it super simple, they have a template for n8n and many other apps and Traefik is directly implemented… no headaches, enjoy :slight_smile:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.