TLS/SSL configuration for HTTPS requests

Hello community,
I have recently installed docker version of n8n on my Windows laptop. I am trying to make a REST call(s) to an API which is protected using bearer authentication and also needs the client to have a valid ssl (atleast). Having used Node-red, it was possible to upload the cert file and private key in the http request node itself and make a small change in the settings file to enable https requests. However, I was not able to find out how to do the same in n8n.
While looking up for ways to solve this problem, I found this link but I am not entirely sure of how to implement this. https://docs.n8n.io/#/server-setup
Any help would be greatly appreciated.

Hey @sumeet0211,

When you say have a valid SSL are you referring to using key based authentication with the other server or does the request have to come from an HTTPS referrer? You wouldn’t normally want to ever add a private key to any request.

The docker approach would do the job with Traefik for the SSL/TLS side of things but it may not be doing what you are after. You could create your docker compose file using the steps on that page so from step 4 onwards as you would need to have an external URL for the certificate to be signed although with some work you could pop something like nginx in front of it with a self signed cert.

Are you able to share what you are trying to connect to?

Hey @jon!
Thanks for your quick reply. I mean the client side (n8n needs to be secured before I can get access to the public API). But even I think the docker approach would do the job for me. Its just that I haven’t used docker before and hence not sure what exactly is to be done in step 4 and where is should the docker compose file, .env file and DATAFOLDER be created? Also, if there are changes(path) to be made in the scripts of these files?

Ah perfect, So I am not sure how compose works on Windows but I normally make a folder called Docker and in there put a folder for the container so n8n then in that have the docker-compose file, .env file and the data folder.

You will need to change the paths for the data folder, username and password for accessing the interface and the hostname.

Before you do that though you will need to make sure you have a domain name registered and an A record set up to point to your external IP you will then need to forward the ports on the router to your machine which could be a problem.

Have you thought about using the cloud option or maybe seeing if the desktop version works instead?

1 Like

@jon
I will try to follow the procedure and see what I can achieve out of it.
For Step 4, I do have domain name registered but what do you mean “a record set up tp a point to external IP” and forwarding the ports?
Using cloud is a paid service and I am not planning on doing that at the moment. But I tried using the desktop version and had no luck with it and also could not find any documentation.

Hey @sumeet0211,

So if you were to use the Lets Encrypt certificate the service would need to talk back to your traefik instance in docker to verify the domain so if your external IP was 8.8.8.8 you would go to your domains DNS settings and point something like n8n.yourdomain.tld to 8.8.8.8 then on your router you would direct port 80 and 443 to your desktop unless you have a reverse proxy running.

You could make your own compose file using nginx as a proxy with a self signed certificate which wouldn’t need the port forwarding or an A record to be setup though.

I don’t have an example for this but there could be one on here somewhere.