How to set up SSL with PM2 and Nginx

Hey!
How can I set up SSL Encryption? I am running n8n on Ubuntu 20.04, using a nginx reversed proxy and running it via pm2. I’ve tried setting the environmental variables in pm2, but when trying to open the webinterface it says “ERR_EMPTY_RESPONSE” in my browser.

My enviornmental variables are:

        N8N_BASIC_AUTH_ACTIVE:true,
        N8N_BASIC_AUTH_USER:"//",
        N8N_BASIC_AUTH_PASSWORD:"//",
        N8N_HOST: "//",
        EXECUTIONS_PROCESS: "main",
        GENERIC_TIMEZONE: "Europe/Berlin",
        N8N_PROTOCOL: "https",
        N8N_SSL_KEY: "/etc/nginx/key.key",
        N8N_SSL_CERT: "/etc/nginx/fullchain.pem",
        WEBHOOK_TUNNEL_URL: "https://.."

Actually it is working, I just didn’t access it via https://localhost:5678.
My only problem now is that my proxy no longer works and won’t redirect from port 443 to 5678

This seems to be a very unusual configuration. When using Nginx as a reverse proxy, it would usually be Nginx handle SSL termination (and thus manage the certificates) and then communicate in clear text with the applications sitting behind the reverse proxy. So the setup would look like this:

Meaning you wouldn’t configure certificates in the environment files. Did you follow this guide? It would include the part of setting up SSL/TLS via Lets Encrypt’s bot (which automatically configures Nginx):

Afterwards, you’d have a domain name available at which nginx listens on port 443 for SSL requests and n8n itself listening on port 5678.

This sounds way more logical, youre right.
I tried following this guide up until the Let’s Encrypt part, because I wanted to use my own certificate and not a self signed one.

Ah, I see. You’d still need to configure your certificates in Nginx though. This Digital Ocean tutorial explains the process of generating a cert (which you can skip) and then setting nginx up to use it quite nicely:

The only difference in your case should be to not have root and index directives in your server block but the proxy_pass one telling nginx to forward incoming traffic on port 443 for the right hostname to port 5678.

1 Like

Thanks, you’ve really really helped me!

1 Like

Awesome, I am glad to hear it’s working!

These Digital Ocean tutorials often help me as well :smiley:

1 Like