N8n with traefik-2

sgw · December 15, 2022, 12:05pm

Describe the issue/error/question

Running n8n as docker container on a Fedora 37 workstation.
Along that I run traefik v2.9.6.

traefik is configured to use a cert created by mkcert, matching domains like “docker.localhost”.

Things work with other containers like portainer: https://portainer.docker.localhost works fine, as far as I see.

But https://n8n.docker.localhost does not work and I can’t find why.

Information on your n8n setup

n8n version: 207.1
Database you’re using (default: SQLite): default
Running n8n via Docker

n8n config

# .env
N8N_BASIC_AUTH_USER=sgw
N8N_BASIC_AUTH_PASSWORD=n8-somepass
DOMAIN_NAME=docker.localhost
SUBDOMAIN=n8n
GENERIC_TIMEZONE=Europe/Vienna
TZ=Europe/Vienna

# docker-compose.yml
version: '3.8'

volumes:
  n8n_storage:

services:
  n8n:
    image: n8nio/n8n
    restart: always
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}

    ports:
      - 5678:5678
    volumes:
      - n8n_storage:/home/node/.n8n
        # command: /bin/sh -c "n8n start --tunnel"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.routers.n8n.entrypoints=https
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=n8n.${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
      - "traefik.http.services.n8n.loadbalancer.passHostHeader=true"
    command: /bin/sh -c "n8n start"

I already changed various settings.

Tried to follow this for example.

One step back, when I try to access http://localhost:5678 I am asked to register etc

I can now access for example http://localhost:5678/workflows

But https://n8n.docker.localhost/ is just dead.

Sure, for the whole picture I would have to show the traefik-config as well, right?
I keep that for another posting now.

Thanks in advance, Stefan

treyr · December 15, 2022, 2:39pm

I dont know traefik - but here is what I had to do to resolve my localhost in various docker instances

.....
    volumes:
      - ${DATA_FOLDER}/caddy_data:/data
      - ${DATA_FOLDER}/caddy_config:/config
      - ${DATA_FOLDER}/caddy_config/Caddyfile:/etc/caddy/Caddyfile

    extra_hosts:
      - "host.docker.internal:host-gateway"
.....

The extra_hosts points to my localhost and is how I reference from other docker containers
eg the Caddy included with n8n has this config for other hosted containers using this name

# another random docker container listening on port 6060
random.mydomain.com {
    reverse_proxy http://host.docker.internal:6060
}

sgw · December 20, 2022, 5:41pm

I solved this now, works for me.
Maybe I share some bits later if someone is interested.
Every setup is different, and traefik is a complex beast …

MutedJam · December 22, 2022, 2:30pm

Sweet, glad to hear you figured it out. Also +1 for the caddy suggestion from @treyr. It has also become my webserver of choice for pretty much all use cases because the configuration is so much easier (and thus faster and less error-prone).

sgw · December 22, 2022, 2:54pm

I was nearly trying caddy as well
Currently I run a setup based on this basically.

Key features:

uses Traefik
uses a self generated cert for local domains like “docker.localhost” etc (using mkcert)
does http to https redirection with entrypoints (the current best practise with traefik)

Now that the basics are OK, it is quite easy to deploy other docker containers with local FQDNs and get them routed by traefik, with matching certs etc

I have it on 2 systems right now, looks good to me. I don’t want to flood the forum with off-topic and specific configuration, let me know if I should share more details.

Flite_Tuber · March 4, 2023, 4:10pm

Hi. On my dedicated server (Ubuntu) I had have several services running (n8n, an automation tool) and phpMyAdmin with Apache.

Here’s the end result, I want to achieve on this server:

Nginx (instead of Apache) as reverse proxy
Running n8n instance (in docker compose) on domain https://n8n.xxxxxx.com
Running phpMyAdmin instance on domain https://pma.xxxx.com (or through port xxxx.com:8080 is also fine)
Running SeaTable instance (in docker compose) on root domain https://xxxx.com or subdomain seatable.xxxxx.com

Some info on the current status:
n8n uses docker compose. When starting n8n, it also starts a container called “traefik” which routes traffic from port 80 to the n8n instance.

n8n/Traefik currently also handles the creation and renewal of Letsencrypt SSL certificate (Certbot).
phpMyAdmin was running on port 8080 (because port 80 was already used by traefik/n8n)

So far it worked, but now I also want to install SeaTable (a service like AirTable) on the same server. SeaTable would also be used through docker compose and it also needs port 80.

To solve this I tried installing/setting up Nginx as reverse proxy. I got n8n to work on http but not https. I was troubleshooting and trying so much stuff but couldn’t get Certbot to fetch the SSL document. Don’t know what I’m doing wrong.

Jon · March 4, 2023, 4:55pm

Hey @Flite_Tuber,

Welcome to the community

Can you open a new thread as there is a lot to go through, we can of course look into the n8n side of things but configuring nginx, Seatable and Docker is going to be something you will need to handle.

As a starting point… I would drop Traefik and install n8n in docker using port 5678 then configure your nginx reverse proxy to pass the traffic from port 443 to 5678 for the domain you are using.

Configure certbot with nginx in the normal way and you are good to go, for the other applications install them and don’t use port 80 / 443 on the host for them and instead configure nginx to handle it. Once you have one service working it is pretty much just a case of copy / pasting the config items.

system · June 2, 2023, 4:55pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.