Setup n8n with Portainer and Nginx Proxy Manager

Rene_Kuhn · January 12, 2022, 5:59pm

Hey,
These are some beginner questions, please tell me if I have to provide more information.

I have a VPS and I host a few web apps on it. Mattermost and some Ghost Blogs. To control the server visually I use Portainer.
To visually map the Domains to the right Containers and for SSL I use Nginx Proxy Manager.
Now I want to install n8n on this server and run it in production. I also want to be able to execute some Python3 files once an Incoming Webhook is triggered.

I can deploy n8n and access it via n8n.domain.com but webhooks don’t work.
I don’t really find a good tutorial for beginners.

What I did so far:
I created a new folder and created .env and docker-compose.yml

I pasted this into docker-compose.yml

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "8080:80"
      - "8443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n

Note that I changed the ports from 443 to 8443 and 80 to 8080 because I already use these ports for the Nginx Proxy Manager.

in the .env file I pasted the following

# Folder where data should be saved
DATA_FOLDER=/root/n8n/

#  top level domain to serve from
DOMAIN_NAME=example.com

# The subdomain to serve from
SUBDOMAIN=n8n

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in: https://n8n.example.com

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_USER=user

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_PASSWORD=password

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used
GENERIC_TIMEZONE=Europe/Berlin

# The email address to use for the SSL certificate creation
[email protected]

Of course, I changed all variables

I then run sudo docker-compose up -d
then Portainer shows me this

But I can no access any on these sites, I also mapped n8n.mydomain.com to port 5678 and got an SSL Certificate for it, but my browser says it is unable to connect.

Did I configure something wrong?

I know this doesn’t include anything with python, I just thought if I ask here I include that as well

Jon · January 12, 2022, 6:07pm

Hey @Rene_Kuhn,

When you access your site are setting the port to 8443 so https://n8n.yoursite.com:8443 and have you allowed 8443 through the firewall?

On my setup because I use Nginx as a proxy I didn’t bother with traefik and just set the proxy pass option in nginx to point to http://localhost:5678 and that works for me.

Rene_Kuhn · January 12, 2022, 6:18pm

Thank you for that lightning-fast reply @Jon !
I changed the Nginx Reverse proxy to 8443 and when I open n8n.mysite.com I get and 404
I don’t have any firewall.

So I don’t need traefik to run n8n on a production server right?
Then I delete everything and start again without traefik.

I haven’t fully understood that.

Is that correct ?

Jon · January 12, 2022, 7:09pm

Hey @Rene_Kuhn,

Not sure on that I configure nginx using the config files, I suspect the forward host / ip should be localhost if you have everything on the same server.

Rene_Kuhn · January 12, 2022, 7:50pm

Okay so I made some progress
I have n8n running on my domain now, but I can not receive an incoming webhook because the domain is set to localhost and basic auth is also not working …

    "AppArmorProfile": "docker-default",
    "Args": [
        "--",
        "/docker-entrypoint.sh"
    ],
    "Config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": null,
        "Domainname": "",
        "Entrypoint": [
            "tini",
            "--",
            "/docker-entrypoint.sh"
        ],
        "Env": [
            "DOMAIN_NAME=mydomain.de",
            "GENERIC_TIMEZONE=Europe/Berlin",
            "N8N_BASIC_AUTH_ACTIVE=true",
            "N8N_BASIC_AUTH_PASSWORD=mypasswod",
            "N8N_BASIC_AUTH_USER=rene.kuhn",
            "NODE_ICU_DATA=/usr/local/lib/node_modules/full-icu",
            "NODE_VERSION=14.15.5",
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "SUBDOMAIN=n8n",
            "YARN_VERSION=1.22.5"
        ],
        "ExposedPorts": {
            "5678/tcp": {}
        },
        "Hostname": "0ce8e1334069",
        "Image": "n8nio/n8n:latest",
        "Labels": {},
        "OnBuild": null,
        "OpenStdin": false,
        "StdinOnce": false,
        "Tty": false,
        "User": "root",
        "Volumes": null,
        "WorkingDir": "/data"
    },

this is a part of the file that I get when I click on inspect container in portainer.

I an very confused, can I update the variables also afterwards somewhere and just restart the container ?

Jon · January 12, 2022, 7:56pm

You don’t have the webhook url environment option set, it might be worth opening your instance in a private browsing window to see if you get prompted for credentials as well.

As for updating normally you would just update your environment options in your compose / .env file or docker run command and restart your container and you should be good to go.

It may be tricky as you are using Portainer so a part of this will come down to your knowledge of that system.

Rene_Kuhn · January 12, 2022, 7:57pm

Yes you are right !
Thank you

Rene_Kuhn · January 12, 2022, 8:06pm

Thank you @Jon !!!
I can’t believe it !!!
Everything works now !!
I am so happy !!!
You made my day !

Jon · January 12, 2022, 8:12pm

Made it to Meme status I am happy

Mikhail · May 1, 2023, 7:04am

Hi @Rene_Kuhn !

Thank you for your topic!

Could you please tell how you set up the Portainer so that the n8n works fully ?
Can you upload screenshots, as I don’t really understand which settings and what they are called?

Thank you so much in advance!

BramKn · May 1, 2023, 7:20am

Hi @Mikhail

please open a new topic for your question.

Mikhail · May 1, 2023, 7:38am

Diego_Mesa · February 12, 2025, 10:54pm

Technical Setup Guide for n8n with Portainer, Nginx Proxy Manager, and HTTPS Subdomain

For me, it worked using Portainer, the Portainer Stack, n8n, and Nginx Proxy Manager with HTTPS and a subdomain.

ENV Configuration

Key	Value
`N8N_HOST`	`n8n.mydomain.com`
`N8N_PORT`	`80`
`N8N_PROTOCOL`	`http`

In the .env file, I expose port 5678 to the container’s port 80, meaning: *port: 5678:80

The container itself remains on port 80.

Nginx Proxy Manager Configuration

Go to Proxy Hosts > Add Proxy Host
Fill in the fields as follows:
- Domain Names: n8n.mydomain.com
- Scheme: http
- Forward Port: 5678
- Forward Hostname / IP: container_name (you can check this using the docker ps command or find it in Portainer under “Name” example: n8n-n8n-1 )
Nginx Proxy Manager Configuration2067×360 76.6 KB

Portainer Network Configuration

I add the n8n container to the same network as Nginx Proxy Manager:

The connection is now working with the subdomain and SSL (HTTPS):