SSL and Security

Hello, I am new to this can someone help me out with all the steps I need to follow after installing n8n on my server I am finding it quite difficult to install SSL and access n8n securely.

Yes, sorry there is currently no proper documentation about it yet. I added some examples here:

I hope that helps!

Can you just give a overview about it, where do I get started on installing SSL. It would be very helpful.

What I referenced above actually includes everything you need. SSL is sadly not something you simply “install”. Next to the software, you need also an actual certificate which you either buy or “get” from a free service like letsencrypt.

Again the setup I referenced above should take care of all of that. Think there is no simpler way to get all up and running in a platform and provider-independent way than Docker compose.

Yeah I have installed N8N on a virtual server (Virtualmin), I got a SSL certificate from Lets encrypt but I am not able to connect with https any help with that?

seems you have a very specific setup, and not everyone here is familiar with Virtualmin (maybe no one here is).

The link @jan pointed at contains everything you need, but if that isn’t enough you can try the following docker-compose file which includes n8n and traefik. It will need some adjustments in the variables I am using.

version: '2.2'
# Keep version 2 for standalone node for CPU limits

services:
  traefik:
    image: "traefik"
    container_name: "traefik"
    restart: always
    networks:
      - traefik_proxy
    command:
      - "--api=true"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--providers.docker.exposedbydefault=true"
      - "--providers.docker.watch=true"
      - "--providers.docker=true"
      - "--providers.file.watch=true"
    ports:
      - "443:443"
      - "8080:8080"
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${USERDIR}/Settings/Traefik/traefik.toml:/traefik.toml
      - ${USERDIR}/Settings/Traefik/config:/config
      - ${USERDIR}/Settings/Traefik/acme.json:/acme.json
      - ${USERDIR}/Settings/Traefik/error.log:/error.log
      - ${USERDIR}/Settings/Traefik/access.log:/access.log
    labels:
       - "traefik.docker.network=traefik_proxy"
       - "traefik.enable=true"
       - "traefik.http.middlewares.traefik.stripprefix.prefixes=traefik/"
       - "traefik.http.routers.traefik.entrypoints=http"
       - "[email protected]"
       - "traefik.http.routers.traefik.tls.options=default"
       - "traefik.http.routers.traefik.tls=true"
       - "traefik.http.services.traefik.loadbalancer.server.port=8080"
  n8n:
    image: n8nio/n8n 
    restart: always
    container_name: n8n 
    restart: always
    networks:
      - traefik_proxy
    ports:
      - 5678:5678
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.n8n.rule=Host(`n8n.${DOMAIN_NAME}`)"
      - "traefik.http.routers.n8n.tls=true"
      - "traefik.port=5678"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.http.middlewares.n8n.headers.SSLRedirect=true"
      - "traefik.http.middlewares.n8n.headers.STSSeconds=315360000"
      - "traefik.http.middlewares.n8n.headers.browserXSSFilter=true"
      - "traefik.http.middlewares.n8n.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.n8n.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}"
      - "traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true"
      - "traefik.http.middlewares.n8n.headers.STSPreload=true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/bruno/n8n/.n8n:/root/.n8n
    environment:
      - N8N_HOST=n8n.${DOMAIN_NAME}
      - N8N_PROTOCOL=https
      - N8N_PORT=5678
      - VUE_APP_URL_BASE_API=https://n8n.${DOMAIN_NAME}/
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=USER
      - N8N_BASIC_AUTH_PASSWORD=PASS
networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  default:
    driver: bridge

Thanks @brunoamaral , I would like to know the steps to setup the files which @jan mentioned in his reply.

You have to save the docker-compose.yaml into it’s own folder and run sudo docker-compose pull and sudo docker-compose up -d --build.

Make sure you have docker and docker-compose installed on the server or your local machine.

The file I shared, and any other for that matter, will have settings that you need to adjust to your needs. Such as directories where you want to store information, domain names to use, etc.

@brunoamaral @jan I did install docker and docker compose on my server but I am not really familiar with those. So I was wondering if could send the steps to configure it, it would be of great help, thanks in advance.

Try to finish some kind of tutorial in the next hours.

@jan Ok thanks for the help, and great work with the application.

@Yuvadeep Nothing to thank for. It was me after all who did not find time to create a tutorial for that. Now however I did.
It is probably not the best tutorial ever but it should hopefully help anyway. It can be found now in the docs here:
https://docs.n8n.io/#/server-setup

@jan Cant thank you enough :blush: , got it up and running.

Nothing to thank for. Just very happy to hear that you got n8n up and running. Hope you enjoy it and it proves helpful for you! Have a great day!

1 Like