Make a local n8n container accessible via SSL/HTTPS

Aurangcool · March 6, 2025, 9:30am

Hello n8n Team,

I have a request: Would it be possible for you to write a simple guide on how to make a local n8n container accessible via SSL/HTTPS using Docker Compose? Specifically, I would like to know how to create an SSL certificate and use it for this setup.

I am new to both n8n and Docker, which is why I am asking this question. This topic is particularly important because a webhook requires a unique, externally accessible URL.

I have also been thinking about an alternative solution: Would it be possible to use a Fritzbox (router) that already has its own domain and an SSL certificate? Could the traffic be forwarded from there to the n8n container, potentially eliminating the need for a separate SSL certificate within the n8n installation?

Maybe someone can help me with this.

**n8n version: 1.81.4
**Database (default: SQLite):default
**n8n EXECUTIONS_PROCESS setting (default: own, main): default
**Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
**Operating system: Windows 10

fcarbonare · March 6, 2025, 10:27am

I’m running a similar case and solved the SSL and exposing it externally using a Cloudflare Tunnel (Create a locally-managed tunnel · Cloudflare Zero Trust docs).
It’s not hard to set up once you already have n8n and nginx running locally, but I can’t provide you a complete step-by-step onDockerr because I’m not running it withDockerr, but it shouldn’t be hard to find more detailed instructions.

Knight · March 6, 2025, 3:59pm

Hi @Aurangcool,

The easiest way to expose your local n8n instance with SSL is to use Ngrok for port forwarding, as it already has an SSL-secured domain. This avoids the need to configure SSL, that you would’ve using your router.

You can set it up in seconds with:

ngrok http 5678

This is especially useful if you need to receive webhooks without dealing with networking configurations.

Let me know if it helped!

Aurangcool · March 6, 2025, 5:45pm

Hello Knight,

Could you please explain the two different ways I could set this up?

If I use the Fritzbox, where SSL encryption is already enabled, how can I secure the n8n installation with an SSL certificate?
Or, if I use the ngrok http 5678 function, how can I configure it easily?

I’ve noticed that there isn’t a single good explanation or tutorial video for beginners on this topic.

Knight · March 6, 2025, 5:58pm

Hey @Aurangcool,

I recommend using ngrok for your setup, as it provides a simple, zero-config CLI tool for port forwarding and obtaining an SSL certificate. Even though your Fritzbox router may already have an SSL certificate, ngrok is often the safer and easier solution.

Securing n8n with Ngrok:

Ngrok is a powerful tool that allows you to securely expose local servers to the internet. It also automatically handles SSL encryption, making the setup process much easier.

Steps to Secure n8n with Ngrok:

Step 1: Install ngrok
Start by downloading and installing ngrok from here.
Step 2: Run n8n Locally
Ensure that your n8n instance is running locally, typically on port 5678.
Step 3: Launch ngrok
Open a terminal and run the following command to expose n8n to the internet:
```
ngrok http 5678
```
This will start ngrok and provide a public HTTPS URL for your local n8n instance. Ngrok automatically handles SSL for the URL it generates.
Step 4: Use the ngrok URL
Once you run the command, you’ll see something like this:
```
Forwarding                    https://xxxxxxxx.ngrok.io -> http://localhost:5678
```
You can now securely access your n8n instance via https://xxxxxxxx.ngrok.io.
Step 5: Configure n8n
To ensure n8n knows about its public URL, set the N8N_HOST and N8N_PROTOCOL environment variables:
```
N8N_HOST=xxxxxxxx.ngrok.io
N8N_PROTOCOL=https
```

Let me know if you need any more details!

Aurangcool · March 6, 2025, 7:55pm

Hello Knight,

thank you for your tutorial—it worked very well! However, I don’t fully understand Step 5: Configure n8n. Could you please explain it in more detail? i finde the (https://www.youtube.com/watch?v=aFwrNSfthxU&ab_channel=ProgrammingKnowledge) tutorial that was also helpful.

Knight · March 6, 2025, 8:51pm

Sure, thing!

You have to add 2 new variables into the environment variables of your docker container as seen in this example using docker compose
Docker Compose | n8n Docs in the environments section.

These 2 being N8N_HOST=xxxxxxxx.ngrok.io and N8N_PROTOCOL=https.

Aurangcool · March 6, 2025, 9:25pm

yes but how and where i can find this environment variables under the docker container?

Knight · March 6, 2025, 11:10pm

@Aurangcool if you set up your n8n instance using Docker Compose, you can add the required environment variables to the docker-compose.yml file under the environment section. And re-run docker-compose up -d.

If you didn’t use Docker Compose, you’ll need to stop your current Docker container and remove it. After that, run the following command to start a new container with the necessary environment variables:

docker run -d \
  -e N8N_HOST=localhost \
  -e N8N_PORT=5678 \
  -e N8N_PROTOCOL=https \
  -e NODE_ENV=production \
  -e WEBHOOK_URL={{NGROK_URL}} \
  -e GENERIC_TIMEZONE=UTC \
  -p 5678:5678 \
  --name n8n_instance \
  n8nio/n8n

Make sure to replace {{NGROK_URL}} with your actual ngrok URL.

Aurangcool · March 7, 2025, 4:55pm

Hello Knight, it worked thank you. But why the domain over ngrok.com changes time to time? the problem is that when ist needs how can i use the webhook? CAN I USE THIS ONE? Pinggy - Simple Localhost Tunnels this is cheper and faster?! What do you think?

hukel · April 3, 2025, 10:01pm

Having now done this the hard way, I see the virtue of separating the SSL from the n8n container… but I guess I’ll always have the memories (and a stronger understanding of docker).

For anyone else who wants to do it the hard way, this configuration works in a situation where:

n8n needs to connect to internal resources with “enterprise” certs
n8n needs to connect back to its own API
n8n needs to connect to public services through a MitM SSL inspection layer

This config assumes you have already updated the host-level CA list using (for Ubuntu:

sudo update-ca-certificates --verbose

Once curl or wget can make HTTPS connections at the host level, you can go a level deeper with n8n:

My docker compose:

services:
  n8n:
    image: n8nio/n8n:latest
    restart: unless-stopped
    hostname: ${FQDN}  # necessary for correct docker name resolution of self
    ports:
      - "5678:5678"
    environment:
      - NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt # node needs the custom CAs
      - N8N_HOST=${FQDN}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_SSL_CERT=/ssl/n8n.pem
      - N8N_SSL_KEY=/ssl/n8n.key
      - TZ=Etc/UTC
      - GENERIC_TIMEZONE=Etc/UTC
      - N8N_RUNNERS_ENABLED=true
      - N8N_SECURE_COOKIE=false
    volumes:
      - n8n_data:/home/node/.n8n
      - /etc/n8n/ssl:/ssl:ro  # bind to the container's cert
      - /etc/ssl/certs/:/etc/ssl/certs/:ro  # bind to the host's CA list

volumes:
  n8n_data:
    external: true

Environment info

Debug info

core

n8nVersion: 1.84.3
platform: docker (self-hosted)
nodeJsVersion: 20.18.3
database: sqlite
executionMode: regular
concurrency: -1

system · July 2, 2025, 10:01pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.