Describe the problem/error/question
I have setup a n8n self-hosted instance on a raspberrypi. The UI is accessible via http://mydomain.com . I need it to be accessible via httpS://mydomain.com in order to add Oauth credentials.
I know I have to set the N8N_SSL_KEY
and N8N_SSL_CERT
in order to do it but not sure what to set.
Current values in container:
N8N_SSL_KEY
: -----BEGIN CERTIFICATE----- xxxxxxxxxx -----END CERTIFICATE-----
N8N_SSL_CERT
: -----BEGIN PRIVATE KEY----- xxxxxxxxxx -----ENDPRIVATE KEY-----
Here is how I start my container:
N8N_SSL_CERT=$(cat /home/pi/n8n/certificates/cert.pem)
N8N_SSL_KEY=$(cat /home/pi/n8n/certificates/privkey.pem)
sudo docker pull n8nio/n8n:latest
sudo docker stop n8n
sudo docker rm n8n
sudo docker run -itd \
--name n8n \
--restart always \
-p 5678:5678 \
-e GENERIC_TIMEZONE="Europe/Paris" \
-e TZ="Europe/Paris" \
-e NODE_FUNCTION_ALLOW_EXTERNAL="axios,cheerio" \
-e N8N_SSL_CERT="$N8N_SSL_CERT" \
-e N8N_SSL_KEY="$N8N_SSL_KEY" \
-v n8n_data:/home/node/.n8n \
n8nio/n8n:latest
What am I doing wrong?
Information setup
n8n version: 1.26.0
Database: default: SQLite
Running n8n via Docker
n8n
March 20, 2024, 3:48pm
2
It looks like your topic is missing some important information. Could you provide the following if applicable.
n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:
barn4k
March 21, 2024, 1:57pm
3
hello @LucBerge
You have forgotten to specify the protocol to use:
N8N_PROTOCOL = https
and usually https uses 443 port instead of 5678
Jon
March 21, 2024, 2:39pm
4
I would probably also handle this with a reverse proxy like Caddy or Traefik which can automate the certificate process so you don’t need to worry about it.
barn4k
March 21, 2024, 2:43pm
5
I think the use of reverse proxy on RaspberryPi is quite overengineering
When I start my docker with
sudo docker run -itd \
--name n8n \
--restart always \
-p 5678:5678 \
-p 443:443\
-e GENERIC_TIMEZONE="Europe/Paris" \
-e TZ="Europe/Paris" \
-e NODE_FUNCTION_ALLOW_EXTERNAL="axios,cheerio" \
-e N8N_SSL_CERT="$N8N_SSL_CERT" \
-e N8N_SSL_KEY="$N8N_SSL_KEY" \
-e N8N_PROTOCOL="https" \
-v n8n_data:/home/node/.n8n \
n8nio/n8n:1.26.0
https://192.168.0.21/ is not working (not expected)
http://192.168.0.21:5678/ is not working (expected ?)
https://192.168.0.21:5678/ is not working (expected ?)
Should I expose the port 443 to 443 ?
Should I expose the port 443 to 5678 ?
Not working with
sudo docker run -itd \
--name n8n \
--restart always \
-p 443:5678 \
-e GENERIC_TIMEZONE="Europe/Paris" \
-e TZ="Europe/Paris" \
-e NODE_FUNCTION_ALLOW_EXTERNAL="axios,cheerio" \
-e N8N_SSL_CERT="$N8N_SSL_CERT" \
-e N8N_SSL_KEY="$N8N_SSL_KEY" \
-e N8N_PROTOCOL="https" \
-v n8n_data:/home/node/.n8n \
n8nio/n8n:1.26.0
barn4k
March 22, 2024, 12:34pm
8
That one works
docker run -itd \
--name n8n \
--restart always \
-p 443:443 \
-e GENERIC_TIMEZONE="Europe/Paris" \
-e TZ="Europe/Paris" \
-e NODE_FUNCTION_ALLOW_EXTERNAL="axios,cheerio" \
-e N8N_SSL_CERT=/home/node/.n8n/n8n_public.pem \
-e N8N_SSL_KEY=/home/node/.n8n/n8n_private.pem \
-e N8N_PROTOCOL="https" \
-e N8N_PORT=443 \
-v n8n_data:/home/node/.n8n \
n8nio/n8n:latest
but you need to place ssl certs into the n8n_data volume
1 Like
Alright, so the N8N_SSL_CERT and N8N_SSL_KEY must point to a file containing the cert and the key ?
The documentation is not clear about it :
“The SSL key for HTTPS protocol.” → “Absolute path to the file containing the SSL key for HTTPS protocol.”
“The SSL certificate for HTTPS protocol.” → “Absolute path to the file containing the SSL certificate for HTTPS protocol.”
barn4k
March 22, 2024, 1:01pm
10
Yes, the docs are not very clear
@bartv who can add more clarity to the docs?
Jon
March 22, 2024, 9:20pm
11
Interesting to me it seemed clear but it is a quick change we can make.
When I was running n8n on a Pi I used a reverse proxy as Caddy and Traefik are pretty lightweight on the resources and it makes life a lot easier.
1 Like
jan
March 23, 2024, 9:46am
12
Actually wonder if we should rather do the opposite and deprecate those options instead in future. Every proper setup should probably have a reverse proxy in front anyway. Or is there a good reason not to do that which I miss right now?
1 Like
barn4k
March 23, 2024, 12:06pm
13
A reverse proxy is not always needed. E.g. we have a setup in AWS without any Load Balancers because we are accessing it via a private network and a Transit gateway (we have a corporate VPN tunnel to AWS). In that case, the Reverse proxy is not needed. It is only required in setups with public access and if there are webhooks/OAuth involved
Jon
March 23, 2024, 5:28pm
14
@barn4k are you also running with https in that configuration? In theory a reverse proxy could also be deployed in the same environment.
I use a reverse proxy in my local dev setup with a self signed certificate so that I can still control access on my local network.
barn4k
March 23, 2024, 6:52pm
15
Yes, we configured the HTTPS. It can be run with reverse proxy, but why do we need an additional link in a chain?
Plus we are planning to move it into Terraform, so there will be no issues with reissuing certs either
why don’t you use free ssl by cloudflare?
that’s easy to set up, just do some dns settings
barn4k
March 24, 2024, 12:00pm
17
Our infra is hosted in AWS, not in Cloudflare
And we have a corporate CA, so we don’t need it anyway.
1 Like
system
Closed
March 31, 2024, 12:00pm
18
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.