Ngix proxy

Questions
1

Hello everyone,

I have a VPS running Ubuntu 20 and installed n8n in Docker on port 88 because webhooks don’t work on all ports. Additionally, I’m using ISPmanager, which controls Nginx and port 80, preventing n8n from running on it.

The link to access n8n looks like this:
n8n.site.io:88

version: "3.7"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "88:80"
      - "8443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}:88/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  traefik_data:
    external: true
  n8n_data:
    external: true

My ngix config:

server {
	server_name n8n.site.io www.n8n.site.io;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/n8n.site.io/*.conf;
	access_log /var/www/httpd-logs/n8n.site.io.access.log;
	error_log /var/www/httpd-logs/n8n.site.io.error.log notice;
	ssi on;
	set $root_path /var/www/www-root/data/www/n8n.site.io;
	root $root_path;
	gzip on;
	gzip_comp_level 5;
	gzip_disable "msie6";
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
	location / {
		location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|webp|woff|woff2)$ {
			expires 24h;
		}
	}
	listen 185.111.11.111:80;
}
server {
	server_name n8n.site.io www.n8n.site.io;
	ssl_certificate "/var/www/httpd-cert/www-root/n8n.site.io_le1.crtca";
	ssl_certificate_key "/var/www/httpd-cert/www-root/n8n.site.io_le1.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	charset off;
	index index.php index.html;
	disable_symlinks if_not_owner from=$root_path;
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/n8n.site.io/*.conf;
	access_log /var/www/httpd-logs/n8n.site.io.access.log;
	error_log /var/www/httpd-logs/n8n.site.io.error.log notice;
	ssi on;
	set $root_path /var/www/www-root/data/www/n8n.site.io;
	root $root_path;
	gzip on;
	gzip_comp_level 5;
	gzip_disable "msie6";
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
	location / {
		location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|webp|woff|woff2)$ {
			expires 24h;
		}
	}
	listen 185.111.11.111:443 ssl;
}

Problems:

:one: Webhooks are not working
:two: When using reverse proxy, accessing n8n.site.io:88 opens inside site.io instead
I don’t know how to make it work on port 88 and ensure all requests include :88.

What I’ve tried:

proxy_redirect http://n8n.site.io/ http://n8n.site.io:88/;
proxy_redirect https://n8n.site.io/ https://n8n.site.io:88/;

And also:

<VirtualHost *:80>
    ServerName n8n.unionapp.io
    ProxyPass / http://127.0.0.1:8090/
    ProxyPassReverse / http://127.0.0.1:8090/
</VirtualHost>

and :two:

server {
    listen 80;
    server_name n8n.site.io www.n8n.site.io;

    location / {
        proxy_pass http://127.0.0.1:88;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mp?g|avi|zip|gz|bz2?|rar|swf|webp|woff|woff2)$ {
        expires 24h;
    }

    access_log /var/www/httpd-logs/n8n.site.io.access.log;
    error_log /var/www/httpd-logs/n8n.site.io.error.log notice;
}

server {
    listen 443 ssl;
    server_name n8n.site.io www.n8n.site.io;

    ssl_certificate "/var/www/httpd-cert/www-root/n8n.site.io_le1.crtca";
    ssl_certificate_key "/var/www/httpd-cert/www-root/n8n.site.io_le1.key";
    ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_dhparam /etc/ssl/certs/dhparam4096.pem;

    location / {
        proxy_pass http://127.0.0.1:88;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mp?g|avi|zip|gz|bz2?|rar|swf|webp|woff|woff2)$ {
        expires 24h;
    }

    access_log /var/www/httpd-logs/n8n.site.io.access.log;
    error_log /var/www/httpd-logs/n8n.site.io.error.log notice;
}

Nothing works… Any ideas? :weary:

2

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
3

You say nginx but compose says that you use traefik?

Can you please clarify?

4

but isn’t that the way it’s supposed to be? :slight_smile: I tried deleting all traefik info, the result is the same. but maybe I’m doing something wrong? I’m ready to give it up if you can help me with the correct settings

5

Traefik and nginx both do the same thing. best is to choose one of the 2.
If you remove traefik that still doesnt show us that nginx is set up properly.
The config alone doesnt do a lot. :slight_smile:

6

what to do then? I attached my config

8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.