n8n not accessible when using custom IPvlan network
Hello everyone,
I’m trying to set up n8n using Docker Compose together with Traefik for reverse proxy.
I followed the official documentation up to step 5 successfully.
Before step 6, I made a change — I wanted to use my own IPvlan network instead of the default Docker bridge network.
Here’s how I created the IPvlan network:
sudo docker network create -d ipvlan
–subnet 192.168.1.0/24
–gateway 192.168.1.1
-o parent=ens34
ipvlannetwork
And here is my docker-compose.yml file:
services:
traefik:
image: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
- "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
volumes:
- traefik_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
ipvlannetwork:
ipv4_address: 192.168.1.77
n8n:
image: docker.n8n.io/n8nio/n8n
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.entrypoints=web,websecure
- traefik.http.routers.n8n.tls.certresolver=mytlschallenge
- traefik.http.middlewares.n8n.headers.SSLRedirect=true
- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
- traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.n8n.headers.STSPreload=true
- traefik.http.routers.n8n.middlewares=n8n@docker
environment:
- N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
- N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
- N8N_PORT=5678
- N8N_PROTOCOL=https
- N8N_RUNNERS_ENABLED=true
- NODE_ENV=production
- WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
- GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
- TZ=${GENERIC_TIMEZONE}
volumes:
- n8n_data:/home/node/.n8n
- ./local-files:/files
networks:
ipvlannetwork:
ipv4_address: 192.168.1.76
volumes:
n8n_data:
traefik_data:
networks:
ipvlannetwork:
external: true
The containers start without any errors, and they both get their assigned IP addresses.
However:
-
When I try to reach n8n via Cloudflare Tunnel, I get a “Bad Gateway” error.
-
When I try to access it directly (e.g.,
https://192.168.1.76:5678), I get “ERR_CONNECTION_REFUSED.”
I can ping the container IP (192.168.1.76) successfully, so networking seems fine.
I suspect this might be related to how IPvlan isolates containers from the host network, but I’m not sure how to properly make it reachable.
Can anyone help me figure out the right configuration to make n8n accessible when using IPvlan?