N8n web page returns http 503 on almost all assets using TLS on kubernetes ingress nginx controller

spreadpeace · January 28, 2023, 2:53pm

Hello n8n gurus,

I need help to better investigate and resolve why my n8n kubernetes deployment only works without TLS configured using ingress nginx controller.

When I enable TLS on the ingress, I immediately get 503 errors on almost all assets. The TLS certs are provided by certmanager via Let’s Encrypt. I pretty much specify the secret name on the ingress and the connection for https is great. I am met with a blank screen and almost all assets giving the 503 error.

Things I have tried:

Disabled ssl_redirect on the ingress using annotation. But same issue
Added an nginx pod which is used to proxy requests to the n8n pod. But same issue
Added the port 5678 to the ingress nginx controller Load Balancer section. But same issue

Has anyone had success with using n8n + TLS via certmanager (Let’s encrypt) and Kubernetes ingress nginx controller? Would like to know what you did to make it work.

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: workflow-ns
  name: workflow-ns-config
data:
  DB_TYPE: "postgresdb"
  DB_POSTGRESDB_HOST: "pg-db.ns.svc.cluster.local"
  DB_POSTGRESDB_PORT: "5432"
  DB_POSTGRESDB_DATABASE: workflow-db
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: workflow-app
  namespace: workflow-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: workflow-app
  template:
    metadata:
      labels:
        app: workflow-app
    spec:
      containers:
      - name: workflow-app
        image: n8nio/n8n
        envFrom:
        - configMapRef:
            name: workflow-ns-config
        env:
          - name: DB_POSTGRESDB_USER
            valueFrom:
              secretKeyRef:
                name: db-secrets
                key: postgresql-user
          - name: DB_POSTGRESDB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: db-secrets
                key: postgresql-password
          - name: N8N_ENCRYPTION_KEY
            valueFrom:
              secretKeyRef:
                name: workflow-secrets
                key: N8N_ENCRYPTION_KEY
        ports:
        - containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
  name: workflow-app
  namespace: workflow-ns
spec:
  selector:
    app: workflow-app
  ports:
  - port: 5678
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: workflow-ns-main-ingress
  namespace: workflow-ns
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 500m
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  tls:
  - hosts:
    - 'workflow.domain.com'
    secretName: wildcard-domain-com-tls-prod
  rules:
  - host: workflow.domain.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: workflow-app
            port:
              number: 5678

Information on your n8n setup

n8n version: lastest version
Database you’re using (default: SQLite): Postgres
Running n8n with the execution process [own(default), main]:
Running n8n via [Docker, npm, n8n.cloud, desktop app]: Kubernetes

Jon · January 28, 2023, 4:46pm

Hey @spreadpeace,

Welcome to the community

The use of “almost all” is interesting, specifically which assets are failing? It sounds like it could be an nginx issue and maybe starting with the logs for that it might show something.

spreadpeace · January 28, 2023, 5:13pm

Thanks for the prompt response @Jon . Below is the screenshot from the browser.

Does this help?

spreadpeace · January 28, 2023, 8:02pm

Haha! Thanks @Jon again. After much digging into my ingress nginx controller, I found out that this was being caused by my nginx controller rate limit settings. I would need to adjust accordingly.

system · April 28, 2023, 8:03pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.