How to use nginx insted of traffik while deploying docker server set up

  • This is the 13th time i am reinstalling the Os to set up N8N properly. i was using apache server before when i try to Run docker in server it shows an error that 443 port is already running.

  • now i replaced apache with nginx as per the advice from n8n community to do reverse proxy in a simple way.

  • even now when i try to start docker using sudo docker-compose up -d

  • it giving me the error that Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use

  • i want to know what will be the code i have to use with nginx insted of trafik ?

  • My real problem is i am planning to acces n8n via console.opendream.in and run a website in opendream.in

  • Now what happening is if i start the docker by disabling nginx console.opendream.in is working perfectly but the main domain opendream.in or any other subdomains will stop working and show 404 error

image

  • but if i disable docker and trafik and start nginx very website will show what is there in their public html folder

  • can anyone please help me to set up this accordingly and , n8n is my hope.

@MutedJam

Hey @jaisonkerala1, you didn’t need to open a separate thread to follow up on this. But this seems like something other than nginx is listening on console.opendream.in, a service called “virtualmin” from the looks of it. I am unfortunately not familiar with this, so can’t tell you how to configure this service.

My suggestion would be to simply set up a designated fresh server for n8n without any existing applications running on it. You could for example try the free version of Heroku (though that’s not very performant and won’t allow custom domains) or use Oracle Cloud who have a more generous free tier (this would allow custom domain names as per the tutorial shared in the existing thread).

You can also consider n8n cloud which requires 0 set up (but won’t allow custom domain names either).

i created this topic because it not npm deployment but a docker installation set up, some one from the future can use this like stack

as you said there is nothing running other than nginx please have a look

jaison@saharagroundwater:~$ sudo lsof -i :443
[sudo] password for jaison:
COMMAND  PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
nginx   3321     root   13u  IPv4 900504083      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)
nginx   3322 www-data   13u  IPv4 900504083      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)

Virtual Min is a GUI for ubuntu server both webmin and virtual min will make things easier i guess.
we can do . i installed nginx as per your advice. do you have any idea of creating a simple code which looks like this ? to use with docker insted of traffik

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n

using nginix or using some commands ??

please look at this Link
i think i have a solution for this but you please help me because i am not sure

@MutedJam

So the problem will be pretty much the same as you had before, just with different components at play. nginx is already listening on port 80 and 443 which are the standard HTTP and HTTPS ports. But your docker compose file contains another webserver, traefik, which also tries to listen on these ports.

If you have decided to use nginx exclusively, you would need to get rid of traefik.

Then, in the next step create an nginx server block that listens to incoming traffic for console.opendream.in on port 80 and 443 and proxy that traffic to your machine’s port 5678 where n8n is listening (instead of serving the virtualmin page from your screenshot).

so i need to remove trafic fuction from the service. i am posting what i did. tell me is this the correct way of doing this. correct me is i am wrong

version: "3"

services:
 n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}

@MutedJam

seems like its not working

Hey @jaisonkerala1,

All you would need in your compose file is the lines below, There is no need to have the labels if Traefik is no longer being used.

version: "3"

services:
 n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}

This will make the container listen on 127.0.0.1:5678 which you won’t be able to access unless you are using a reverse proxy that is configured to pass the traffic on or you use an SSH tunnel.

When you say it is not working as well what do you mean? Is the container not starting or are you just not able to access the web interface? Are you also running nginx in a container or is it running on the host?

In your nginx config have you set up a virtual host section for your subdomain that is using proxy_pass?

1 Like

i replaced the docker compose file exactly what you have given and i started docker this is what got from my terminal

jaison@saharagroundwater:~$ sudo docker-compose up -d
WARNING: Found orphan containers (jaison_traefik_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
jaison_n8n_1 is up-to-date
jaison@saharagroundwater:~$ sudo docker-compose up -d --remove-orphans
Removing orphan container "jaison_traefik_1"
jaison_n8n_1 is up-to-date
jaison@saharagroundwater:~$ sudo docker-compose up -d
jaison_n8n_1 is up-to-date
jaison@saharagroundwater:~$


result is

jaison@saharagroundwater:~$ sudo lsof -i :443
COMMAND   PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
nginx   11783     root   15u  IPv4 97495928      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)
nginx   11784 www-data   15u  IPv4 97495928      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)
jaison@saharagroundwater:~$ sudo docker-compose up -d
jaison_n8n_1 is up-to-date

i stared nginx , now the result attached below. seems like nginx is listening to port 443 and 80


edit: when i am using traffik its working

jaison@saharagroundwater:~$ sudo lsof -i :443
[sudo] password for jaison:
COMMAND PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
nginx   496     root   15u  IPv4 129398169      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)
nginx   501 www-data   15u  IPv4 129398169      0t0  TCP saharagroundwater.enrollacademy:https (LISTEN)
jaison@saharagroundwater:~$ sudo docker-compose up -d
jaison_n8n_1 is up-to-date
jaison@saharagroundwater:~$ sudo service apache2 stop
jaison@saharagroundwater:~$ sudo docker-compose up -d
jaison_n8n_1 is up-to-date
jaison@saharagroundwater:~$

final result is

The docker output looks fine, The issue now is probably going to be with the nginx configuration. Have you configured it to use proxy pass and to send the request for the virtual host to the container? Looking at what is loading I suspect that is what you are missing.

i am little bit confused here , so i did the following things , please tell me is this the right thing i did or anything else please suggest me

You learned how to set up n8n via PM2 and access the n8n workflow designer via the IP address. In this section, you will learn how to configure Nginx and an SSL certificate to point n8n to your domain.

Keep in mind that this setup is not officially supported by n8n and we recommend the server setup page. If you don’t set up the domain and SSL, most trigger nodes won’t work.

First, start and enable Nginx by executing the following commands:

sudo systemctl start nginx
sudo systemctl enable nginx

Next, create a configuration file by executing the command sudo vi /etc/nginx/conf.d/n8n.conf. Add the following configuration and save the file.

server {
    server_name subdomain.example.com;
    location / {
        proxy_pass http://localhost:5678;
        proxy_http_version 1.1;
        proxy_set_header Connection '';
        proxy_set_header Host $host;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
    }
}

Configure the A record in the DNS management section for your domain.

Before restarting the Nginx, you need to add the SSL certificate. This will allow you to access n8n via HTTPS and make secure calls to webhooks.

Execute the following commands to install the required packages:

sudo apt install software-properties-common
sudo apt update
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python3-certbot-nginx

Once installed, generate the SSL certificate using the command:

sudo certbot --nginx -d subdomain.example.com

Finally, update your ecosystem.config.js file with the following configurations:

module.exports = {
    apps : [{
        name   : "n8n",
        env: {
            N8N_BASIC_AUTH_ACTIVE:true,
            N8N_BASIC_AUTH_USER:"USERNAME",
            N8N_BASIC_AUTH_PASSWORD:"PASSWORD",
            N8N_PROTOCOL: "https",
            WEBHOOK_TUNNEL_URL: "https://subdomain.example.com/",
            N8N_HOST: "subdomain.example.com"
        }
    }]
}

Now restart Nginx and PM2 using the command sudo systemctl restart nginx and pm2 restart ecosystem.config.js, respectively.

Navigate to your domain, and you will now be able to access n8n.

Note that the SSL certificate will expire after a certain period of time. You need to periodically run the following command to renew the certificate. Refer to the Certbot documentation to learn to setup automated renewal.

sudo certbot renew

is this i supposed to do ???

That is for using npm not docker but the steps for nginx still apply, What does your current nginx config look like for the server name you are planning on using?


it looks like this

and this is my ecosystem.config.js

i tried to start ngnix

i got this

jaison@saharagroundwater:~$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
jaison@saharagroundwater:~$ sudo systemctl stop nginx
jaison@saharagroundwater:~$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
jaison@saharagroundwater:~$ systemctl status nginx.service
â—Ź nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2022-07-15 15:10:31 UTC; 15s ago
     Docs: man:nginx(8)
  Process: 7602 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, st
  Process: 6384 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 7971 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 6386 (code=exited, status=0/SUCCESS)
lines 1-8/8 (END)

and then i got this

jaison@saharagroundwater:~$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
jaison@saharagroundwater:~$ systemctl status nginx.service
â—Ź nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2022-07-15 15:10:31 UTC; 15s ago
     Docs: man:nginx(8)
  Process: 7602 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, st
  Process: 6384 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 7971 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 6386 (code=exited, status=0/SUCCESS)

[3]+  Stopped                 systemctl status nginx.service
jaison@saharagroundwater:~$ sudo service apache2 stop && sudo service nginx stop
jaison@saharagroundwater:~$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
jaison@saharagroundwater:~$ sudo journalctl -xe
Jul 15 15:10:04 saharagroundwater.enrollacademy systemd-logind[194]: New session c18 of user opendream.
-- Subject: A new session c18 has been created for user opendream
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- Documentation: https://www.freedesktop.org/wiki/Software/systemd/multiseat
--
-- A new session with the ID c18 has been created for the user opendream.
--
-- The leading process of the session is 7955.
Jul 15 15:10:04 saharagroundwater.enrollacademy systemd-logind[194]: Removed session c18.
-- Subject: Session c18 has been terminated
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- Documentation: https://www.freedesktop.org/wiki/Software/systemd/multiseat
--
-- A session with the ID c18 has been terminated.
Jul 15 15:10:11 saharagroundwater.enrollacademy sudo[7958]:   jaison : TTY=pts/0 ; PWD=/home/jaison ; USER=root ; COMMAN
Jul 15 15:10:11 saharagroundwater.enrollacademy sudo[7958]: pam_unix(sudo:session): session opened for user root by root
Jul 15 15:10:11 saharagroundwater.enrollacademy systemd[1]: Starting A high performance web server and a reverse proxy s
-- Subject: Unit nginx.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit nginx.service has begun starting up.
Jul 15 15:10:11 saharagroundwater.enrollacademy nginx[7961]: nginx: [emerg] invalid number of arguments in "proxy_pass"
Jul 15 15:10:11 saharagroundwater.enrollacademy nginx[7961]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jul 15 15:10:11 saharagroundwater.enrollacademy systemd[1]: nginx.service: Control process exited, code=exited status=1
Jul 15 15:10:11 saharagroundwater.enrollacademy systemd[1]: nginx.service: Failed with result 'exit-code'.
Jul 15 15:10:11 saharagroundwater.enrollacademy sudo[7958]: pam_unix(sudo:session): session closed for user root
lines 2215-2243/2243 (END)

in that i saw invalid number of arguments in "proxy_pass" what is this error means

The proxy pass address needs to be http://127.0.0.1:5678 as you have the container configured for localhost.

The ecosystem file is only needed if you are using npm and pm2, Have you moved away from docker now as that would change things?

The n8n protocol can stay as http as you will be using a reverse proxy to manage TLS, Did you link your nginx config file or did you add it directly in the enabled folder? If you run nginx -t do you see any errors back? You also have not set a listen port which could be an issue depending on the rest of your nginx config.

so should i change the host address from system config file

this

and delete the ecosystem file ? . can i do that ?

when i run for error

jaison@saharagroundwater:~$ sudo nginx -t
nginx: [emerg] invalid number of arguments in "proxy_pass" directive in /etc/nginx/conf.d/n8n.conf:5
nginx: configuration file /etc/nginx/nginx.conf test failed
jaison@saharagroundwater:~$

That looks better, Don’t forget the ; at the end of the proxy pass line.

now i got ngnix is active what should i do next

In theory that should be it but do you have another nginx config somewhere for console.opendream already?

What you can do now is set it to listen on a specific port like 443 and you should be good to go although you would need to configure an SSL certificate.

in which file i have to change the port number ? i did not understand and about the ssl certificate should
can i follow the given method? can i do this method ??

sudo certbot --nginx -d subdomain.example.com

If it is working it should come in http://156.67.210.167:5678/ right?