Setup n8n with Portainer and Nginx Proxy Manager

These are some beginner questions, please tell me if I have to provide more information.

I have a VPS and I host a few web apps on it. Mattermost and some Ghost Blogs. To control the server visually I use Portainer.
To visually map the Domains to the right Containers and for SSL I use Nginx Proxy Manager.
Now I want to install n8n on this server and run it in production. I also want to be able to execute some Python3 files once an Incoming Webhook is triggered.

I can deploy n8n and access it via but webhooks don’t work.
I don’t really find a good tutorial for beginners.

What I did so far:
I created a new folder and created .env and docker-compose.yml

I pasted this into docker-compose.yml

version: "3"

    image: "traefik"
    restart: always
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - ""
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "${SSL_EMAIL}"
      - ""
      - "8080:80"
      - "8443:443"
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

    image: n8nio/n8n
    restart: always
      - ""
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n

Note that I changed the ports from 443 to 8443 and 80 to 8080 because I already use these ports for the Nginx Proxy Manager.

in the .env file I pasted the following

# Folder where data should be saved

#  top level domain to serve from

# The subdomain to serve from

# DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
# above example would result in:

# The user name to use for authentication - IMPORTANT ALWAYS CHANGE!

# The password to use for authentication - IMPORTANT ALWAYS CHANGE!

# Optional timezone to set which gets used by Cron-Node by default
# If not set New York time will be used

# The email address to use for the SSL certificate creation
[email protected]

Of course, I changed all variables

I then run sudo docker-compose up -d
then Portainer shows me this

But I can no access any on these sites, I also mapped to port 5678 and got an SSL Certificate for it, but my browser says it is unable to connect.

Did I configure something wrong?

I know this doesn’t include anything with python, I just thought if I ask here I include that as well

Hey @Rene_Kuhn,

When you access your site are setting the port to 8443 so and have you allowed 8443 through the firewall?

On my setup because I use Nginx as a proxy I didn’t bother with traefik and just set the proxy pass option in nginx to point to http://localhost:5678 and that works for me.

1 Like

Thank you for that lightning-fast reply @jon !
I changed the Nginx Reverse proxy to 8443 and when I open I get and 404
I don’t have any firewall.

So I don’t need traefik to run n8n on a production server right?
Then I delete everything and start again without traefik.

I haven’t fully understood that.

Is that correct ?

Hey @Rene_Kuhn,

Not sure on that I configure nginx using the config files, I suspect the forward host / ip should be localhost if you have everything on the same server.

1 Like

Okay so I made some progress
I have n8n running on my domain now, but I can not receive an incoming webhook because the domain is set to localhost and basic auth is also not working …

    "AppArmorProfile": "docker-default",
    "Args": [
    "Config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": null,
        "Domainname": "",
        "Entrypoint": [
        "Env": [
        "ExposedPorts": {
            "5678/tcp": {}
        "Hostname": "0ce8e1334069",
        "Image": "n8nio/n8n:latest",
        "Labels": {},
        "OnBuild": null,
        "OpenStdin": false,
        "StdinOnce": false,
        "Tty": false,
        "User": "root",
        "Volumes": null,
        "WorkingDir": "/data"

this is a part of the file that I get when I click on inspect container in portainer.

I an very confused, can I update the variables also afterwards somewhere and just restart the container ?

You don’t have the webhook url environment option set, it might be worth opening your instance in a private browsing window to see if you get prompted for credentials as well.

As for updating normally you would just update your environment options in your compose / .env file or docker run command and restart your container and you should be good to go.

It may be tricky as you are using Portainer so a part of this will come down to your knowledge of that system.

1 Like

Yes you are right !
Thank you

1 Like

Thank you @jon !!!
I can’t believe it !!!
Everything works now !!
I am so happy !!!
You made my day !


Made it to Meme status I am happy :facepunch: