Setup n8n with Portainer and Nginx Proxy Manager

Rene_Kuhn · January 12, 2022, 5:59pm

Hey,
These are some beginner questions, please tell me if I have to provide more information.

I have a VPS and I host a few web apps on it. Mattermost and some Ghost Blogs. To control the server visually I use Portainer.
To visually map the Domains to the right Containers and for SSL I use Nginx Proxy Manager.
Now I want to install n8n on this server and run it in production. I also want to be able to execute some Python3 files once an Incoming Webhook is triggered.

I can deploy n8n and access it via n8n.domain.com but webhooks don’t work.
I don’t really find a good tutorial for beginners.

What I did so far:
I created a new folder and created .env and docker-compose.yml

I pasted this into docker-compose.yml

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "8080:80"
      - "8443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n

Note that I changed the ports from 443 to 8443 and 80 to 8080 because I already use these ports for the Nginx Proxy Manager.

in the .env file I pasted the following

# Folder where data should be saved
DATA_FOLDER=/root/n8n/

#  top level domain to serve from
DOMAIN_NAME=example.com

# The subdomain to serve from
SUBDOMAIN=n8n

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in: https://n8n.example.com

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_USER=user

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!
N8N_BASIC_AUTH_PASSWORD=password

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used
GENERIC_TIMEZONE=Europe/Berlin

# The email address to use for the SSL certificate creation
[email protected]

Of course, I changed all variables

I then run sudo docker-compose up -d
then Portainer shows me this

But I can no access any on these sites, I also mapped n8n.mydomain.com to port 5678 and got an SSL Certificate for it, but my browser says it is unable to connect.

Did I configure something wrong?

I know this doesn’t include anything with python, I just thought if I ask here I include that as well

Jon · January 12, 2022, 6:07pm

Hey @Rene_Kuhn,

When you access your site are setting the port to 8443 so https://n8n.yoursite.com:8443 and have you allowed 8443 through the firewall?

On my setup because I use Nginx as a proxy I didn’t bother with traefik and just set the proxy pass option in nginx to point to http://localhost:5678 and that works for me.

Rene_Kuhn · January 12, 2022, 6:18pm

Thank you for that lightning-fast reply @Jon !
I changed the Nginx Reverse proxy to 8443 and when I open n8n.mysite.com I get and 404
I don’t have any firewall.

So I don’t need traefik to run n8n on a production server right?
Then I delete everything and start again without traefik.

I haven’t fully understood that.

Is that correct ?

Jon · January 12, 2022, 7:09pm

Hey @Rene_Kuhn,

Not sure on that I configure nginx using the config files, I suspect the forward host / ip should be localhost if you have everything on the same server.

Rene_Kuhn · January 12, 2022, 7:50pm

Okay so I made some progress
I have n8n running on my domain now, but I can not receive an incoming webhook because the domain is set to localhost and basic auth is also not working …

    "AppArmorProfile": "docker-default",
    "Args": [
        "--",
        "/docker-entrypoint.sh"
    ],
    "Config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": null,
        "Domainname": "",
        "Entrypoint": [
            "tini",
            "--",
            "/docker-entrypoint.sh"
        ],
        "Env": [
            "DOMAIN_NAME=mydomain.de",
            "GENERIC_TIMEZONE=Europe/Berlin",
            "N8N_BASIC_AUTH_ACTIVE=true",
            "N8N_BASIC_AUTH_PASSWORD=mypasswod",
            "N8N_BASIC_AUTH_USER=rene.kuhn",
            "NODE_ICU_DATA=/usr/local/lib/node_modules/full-icu",
            "NODE_VERSION=14.15.5",
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "SUBDOMAIN=n8n",
            "YARN_VERSION=1.22.5"
        ],
        "ExposedPorts": {
            "5678/tcp": {}
        },
        "Hostname": "0ce8e1334069",
        "Image": "n8nio/n8n:latest",
        "Labels": {},
        "OnBuild": null,
        "OpenStdin": false,
        "StdinOnce": false,
        "Tty": false,
        "User": "root",
        "Volumes": null,
        "WorkingDir": "/data"
    },

this is a part of the file that I get when I click on inspect container in portainer.

I an very confused, can I update the variables also afterwards somewhere and just restart the container ?

Jon · January 12, 2022, 7:56pm

You don’t have the webhook url environment option set, it might be worth opening your instance in a private browsing window to see if you get prompted for credentials as well.

As for updating normally you would just update your environment options in your compose / .env file or docker run command and restart your container and you should be good to go.

It may be tricky as you are using Portainer so a part of this will come down to your knowledge of that system.

Rene_Kuhn · January 12, 2022, 7:57pm

Yes you are right !
Thank you

Rene_Kuhn · January 12, 2022, 8:06pm

Thank you @Jon !!!
I can’t believe it !!!
Everything works now !!
I am so happy !!!
You made my day !

Jon · January 12, 2022, 8:12pm

Made it to Meme status I am happy

Mikhail · May 1, 2023, 7:04am

Hi @Rene_Kuhn !

Thank you for your topic!

Could you please tell how you set up the Portainer so that the n8n works fully ?
Can you upload screenshots, as I don’t really understand which settings and what they are called?

Thank you so much in advance!

BramKn · May 1, 2023, 7:20am

Hi @Mikhail

please open a new topic for your question.

Mikhail · May 1, 2023, 7:38am