You need certificatesresolvers on traefik:
version: "3.7"
services:
traefik:
image: traefik:latest
command:
- "--api.dashboard=false"
- "--providers.docker.swarmMode=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=network_public"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=youremail@gmail.com"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/etc/traefik/letsencrypt/acme.json"
- "--log.level=DEBUG"
- "--log.format=common"
- "--log.filePath=/var/log/traefik/traefik.log"
- "--accesslog=true"
- "--accesslog.filepath=/var/log/traefik/access-log"
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-https@docker"
- "traefik.http.routers.http-catchall.priority=1"
resources:
limits:
memory: 1024M
restart_policy:
condition: on-failure
delay: 11s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "vol_certificates:/etc/traefik/letsencrypt"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
networks:
- network_public
volumes:
vol_shared:
external: true
name: volume_swarm_shared
vol_certificates:
external: true
name: volume_swarm_certificates
networks:
network_public:
external: true
name: network_swarm_public
put the n8n port on loadbalancer:
version: '3.7'
services:
n8n:
image: n8nio/n8n
environment:
- DB_TYPE=mysqldb
- DB_MYSQLDB_DATABASE=n8n
- DB_MYSQLDB_HOST=database
- DB_MYSQLDB_PORT=3306
- DB_MYSQLDB_USER=root
- DB_MYSQLDB_PASSWORD=asdf
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=asdf
- N8N_BASIC_AUTH_PASSWORD=asdf
- N8N_ENCRYPTION_KEY=MdRRn2jiZuVeh5tI77A6
- N8N_HOST=n8n.yourdomain.com
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_URL=https://webhooks.yourdomain.com/
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
resources:
limits:
cpus: '0.5'
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.http.routers.n8n.rule=(Host(`n8n.yourdomain.com`) || Host(`webhooks.yourdomain.com`))"
- "traefik.http.routers.n8n.entrypoints=websecure"
- "traefik.http.routers.n8n.tls.certresolver=letsencryptresolver"
- "traefik.http.services.n8n.loadbalancer.server.port=5678"
- "traefik.http.services.n8n.loadbalancer.passHostHeader=true"
- "traefik.http.middlewares.n8n.headers.SSLRedirect=true"
- "traefik.http.middlewares.n8n.headers.STSSeconds=315360000"
- "traefik.http.middlewares.n8n.headers.browserXSSFilter=true"
- "traefik.http.middlewares.n8n.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.n8n.headers.forceSTSHeader=true"
- "traefik.http.middlewares.n8n.headers.SSLHost=n8n.yourdomain.com"
- "traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.n8n.headers.STSPreload=true"
volumes:
- n8n-data:/var/www/html
networks:
- network_public
command: /bin/sh -c "sleep 10; n8n start"
volumes:
n8n-data:
networks:
network_public:
external: true
name: network_swarm_public