N8n with traefik-2

Describe the issue/error/question

Running n8n as docker container on a Fedora 37 workstation.
Along that I run traefik v2.9.6.

traefik is configured to use a cert created by mkcert, matching domains like “docker.localhost”.

Things work with other containers like portainer: https://portainer.docker.localhost works fine, as far as I see.

But https://n8n.docker.localhost does not work and I can’t find why.

Information on your n8n setup

  • n8n version: 207.1
  • Database you’re using (default: SQLite): default
  • Running n8n via Docker

n8n config

# .env
# docker-compose.yml
version: '3.8'


    image: n8nio/n8n
    restart: always
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production

      - 5678:5678
      - n8n_storage:/home/node/.n8n
        # command: /bin/sh -c "n8n start --tunnel"
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.routers.n8n.entrypoints=https
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=n8n.${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
      - "traefik.http.services.n8n.loadbalancer.passHostHeader=true"
    command: /bin/sh -c "n8n start"

I already changed various settings.

Tried to follow this for example.

One step back, when I try to access http://localhost:5678 I am asked to register etc

I can now access for example http://localhost:5678/workflows

But https://n8n.docker.localhost/ is just dead.

Sure, for the whole picture I would have to show the traefik-config as well, right?
I keep that for another posting now.

Thanks in advance, Stefan

I dont know traefik - but here is what I had to do to resolve my localhost in various docker instances

      - ${DATA_FOLDER}/caddy_data:/data
      - ${DATA_FOLDER}/caddy_config:/config
      - ${DATA_FOLDER}/caddy_config/Caddyfile:/etc/caddy/Caddyfile

      - "host.docker.internal:host-gateway"

The extra_hosts points to my localhost and is how I reference from other docker containers
eg the Caddy included with n8n has this config for other hosted containers using this name

# another random docker container listening on port 6060
random.mydomain.com {
    reverse_proxy http://host.docker.internal:6060
1 Like

I solved this now, works for me.
Maybe I share some bits later if someone is interested.
Every setup is different, and traefik is a complex beast …

1 Like

Sweet, glad to hear you figured it out. Also +1 for the caddy suggestion from @treyr. It has also become my webserver of choice for pretty much all use cases because the configuration is so much easier (and thus faster and less error-prone).

I was nearly trying caddy as well :wink:
Currently I run a setup based on this basically.

Key features:

  • uses Traefik
  • uses a self generated cert for local domains like “docker.localhost” etc (using mkcert)
  • does http to https redirection with entrypoints (the current best practise with traefik)

Now that the basics are OK, it is quite easy to deploy other docker containers with local FQDNs and get them routed by traefik, with matching certs etc

I have it on 2 systems right now, looks good to me. I don’t want to flood the forum with off-topic and specific configuration, let me know if I should share more details.


Hi. On my dedicated server (Ubuntu) I had have several services running (n8n, an automation tool) and phpMyAdmin with Apache.

Here’s the end result, I want to achieve on this server:

Some info on the current status:
n8n uses docker compose. When starting n8n, it also starts a container called “traefik” which routes traffic from port 80 to the n8n instance.

  • n8n/Traefik currently also handles the creation and renewal of Letsencrypt SSL certificate (Certbot).
  • phpMyAdmin was running on port 8080 (because port 80 was already used by traefik/n8n)

So far it worked, but now I also want to install SeaTable (a service like AirTable) on the same server. SeaTable would also be used through docker compose and it also needs port 80.

To solve this I tried installing/setting up Nginx as reverse proxy. I got n8n to work on http but not https. I was troubleshooting and trying so much stuff but couldn’t get Certbot to fetch the SSL document. Don’t know what I’m doing wrong.

Hey @Flite_Tuber,

Welcome to the community :tada:

Can you open a new thread as there is a lot to go through, we can of course look into the n8n side of things but configuring nginx, Seatable and Docker is going to be something you will need to handle.

As a starting point… I would drop Traefik and install n8n in docker using port 5678 then configure your nginx reverse proxy to pass the traffic from port 443 to 5678 for the domain you are using.

Configure certbot with nginx in the normal way and you are good to go, for the other applications install them and don’t use port 80 / 443 on the host for them and instead configure nginx to handle it. Once you have one service working it is pretty much just a case of copy / pasting the config items.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.