Good day. Such a question, I want to install n8n on my Linux server. On the server I use a tunnel (- tunnel), I use web hooks for telegram. This flag is replaced with nginx and ssl?, I found out that if I install ssl I have to buy a domain on my server. Is this correct or is there another way?
Yes you would have to get an own domain or if you already have one (no matter which one) you can also use simply a subdomain of that.
The tunnel is really just meant for testing and development and should not be used in production.
So if I have n8n working through nginx and ssl, then the tunnel flag will not need to be installed?
No, in this case the tunnel flag can be removed.
The localtunnel application essentially sets up a link between a network port on an internet facing server and your local computer running n8n, bypassing your firewalls. When a request is made to your webhook by an external service, it is actually making the request to the internet server which then sends it to your computer and the n8n webhook service.
Now, if your n8n computer is connected directly to the internet or you have control over your firewall and you can forward ports to your n8n server webhook, then you do not need to have the tunnel running. Nginx can perform the load balancing and routing for you.
Now, a word of caution. Just like any system that is exposed to the internet, it is critical that you lock down and harden your n8n server so that only systems that you want accessing it can get to the webhook. A few suggestions include:
- Put the n8n server behind a next generation firewall (NGFW) such as OpnSense
- Restrict traffic to the n8n server so that only the minimum required ports are forwarded to the server
- Only allow access to the administrative interface through an encrypted and locked down connection (if the n8n server is not on the same network as your own)
- Restrict access to the webhook port so that only specific IP addresses can get to the webhook
- Make sure that you have the right version of SSL certificate so that you eliminate errors
For Telegram specifically, there is a great article on how to configure webhooks properly.