Thoughts on my Traefik + n8n Docker Compose setup

Hi everyone,

I’m running n8n behind Traefik and put together the following docker-compose.yml.
I’d love to hear what you think about this configuration—any feedback or suggestions are welcome.

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
      - "--log.level=ERROR"
      - "--log.filePath=/var/log/traefik/traefik.log"
      - "--log.maxSize=25"
      - "--log.maxBackups=12"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /home/ano/n8n/traefik-logs:/var/log/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    healthcheck:
      test: wget --spider http://localhost:8080 > /dev/null 2>&1 && exit 0 || exit 1
      interval: 20s
      retries: 3
    labels:
      - autoheal=true

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - autoheal=true
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
	  - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=800
      - QUEUE_HEALTH_CHECK_ACTIVE=true
      - N8N_LOG_LEVEL=warn
      - N8N_LOG_OUTPUT=file
      - N8N_LOG_FILE_MAXSIZE=25
      - N8N_LOG_FILE_MAXCOUNT=60
    volumes:
      - /home/ano/n8n/n8n-logs:/home/node/.n8n/logs
      - n8n_data:/home/node/.n8n
      - /home/ano/n8n/n8n-local-files:/files
    healthcheck:
      test: wget --spider http://127.0.0.1:5678/healthz > /dev/null 2>&1 && wget --spider http://127.0.0.1:5678/healthz/readiness > /dev/null 2>&1 || exit 1
      interval: 20s
      retries: 3
      start_period: 1m00s

  autoheal:
    image: willfarrell/autoheal:latest
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock

volumes:
  traefik_data:
    external: true
  n8n_data:
    external: true

Thanks in advance for your thoughts!

hello @Lost_Soul

at least this one is not good

- “–api.insecure=true”

Also, your health checks have a format of command && success || failure, that actually doesn’t work in the way you think it should. Check an example here: BashPitfalls - Greg’s Wiki

better to use curl -F for that

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.