How to run n8n with caddy rootless?

Questions
1

I’ve tried with traefik for a whole day now and gave up and finally decided to give Caddy a try.
Seems to be easier, but I still run into similar problems.

How do you do that?

rootless docker, SSL and then using n8n in a fairly secure manner?

volumes:
  n8n_storage:
  caddy_storage:

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:8080"
      - "443:8443"
    volumes:
      - ./caddy_storage:/data
      - ${DATA_FOLDER}/caddy_config:/config
      - ${DATA_FOLDER}/caddy_config/Caddyfile:/etc/caddy/Caddyfile

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - 5678:5678
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      # Enable authentication
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=${N8N_BASIC_AUTH_USER}
      - N8N_BASIC_AUTH_PASSWORD=${N8N_BASIC_AUTH_PASSWORD}
      # Secure credentials with encryption
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
      # Disable the public API https://docs.n8n.io/hosting/securing/disable-public-api/
      - N8N_PUBLIC_API_DISABLED=true
      - N8N_PUBLIC_API_SWAGGERUI_DISABLED=true
      # Disable data collection https://docs.n8n.io/hosting/securing/telemetry-opt-out/#collected-data
      - N8N_DIAGNOSTICS_ENABLED=false
      - N8N_VERSION_NOTIFICATIONS_ENABLED=false
      - N8N_TEMPLATES_ENABLED=false
    volumes:
      - n8n_storage:/home/node/.n8n
      - ${DATA_FOLDER}/local_files:/files

According to the logs, things seem to be running now.
No errors at all - yeah!

I just can’t access n8n.
In Chrome I get: ERR_CONNECTION_REFUSED
In Firefox it is: Error code: PR_END_OF_FILE_ERROR

I’ve tried:
http://sub.domain.de
https://sub.domain.de
https://sub.domain.de:443
https://sub.domain.de:8443

How do I access my n8n now?

Information on your n8n setup

  • n8n version: latest
  • Database (default: SQLite): SQLite
  • n8n EXECUTIONS_PROCESS setting (default: own, main): own
  • Running n8n via (Docker, npm, n8n cloud, desktop app): docker
  • Operating system: Ubuntu 24.04 LTS
2

I am not confident with how caddy works. But if the port is open, does going to https://domain:5678 work?

Personally I set network mode to bridge on the n8n image, and use nginx on the host to do the reverse proxying, instead of relying on another docker image to do routing.

3

That’s odd …

on
https://sub.domain.de:5678/
I’m being redirected to the setup folder and receive this error:
Error code: SSL_ERROR_RX_RECORD_TOO_LONG

http brings up this one:

image
image1224×510 72.7 KB

But I seem to not understand:
Isn’t the whole point of Caddy / Traefik / NGinx, that port 5678 can’t be reached anymore?

4

I am not confident in how caddy works. I could not say.

But that is true for traefik/nginx. You would still need to use a firewall such as UFW to prevent other ports. If you install a firewall, or use iptables, immediately allow port 22 (ssh, sftp) and 443 (https), 80 (http)

For nginx you would setup a new entry for the subdomain, and route IP:5678 to that subdomain.

But yes it is recommended you use a real ssl cert to host with n8n under a domain. Not a self signed cert. It could be easily deployed with certbot --nginx if you are using nginx on the host for example.