I’m following the documentation on how to do self-hosting using Docker Compose and I ran into the error about port 443 being used. The problem is that there is actually a service running on port 443 that I cannot take down, I wanted to know if it is possible to change the port that N8N is running on and how I can configure this to be visible in my domains.
root@n8n-server:/opt/n8n/n8n-compose# sudo ss -ltnp | grep :443: users:((“CALERIE.API”,pid=3540132,fd=186))
services:
traefik:
image: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
- "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- traefik_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
n8n:
image: docker.n8n.io/n8nio/n8n
restart: always
ports:
- "127.0.0.1:5678:5678"
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.entrypoints=web,websecure
- traefik.http.routers.n8n.tls.certresolver=mytlschallenge
- traefik.http.middlewares.n8n.headers.SSLRedirect=true
- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
- traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.n8n.headers.STSPreload=true
- traefik.http.routers.n8n.middlewares=n8n@docker
environment:
- N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
- N8N_PORT=5678
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
- GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
volumes:
- n8n_data:/home/node/.n8n
- ./local-files:/files
volumes:
n8n_data:
traefik_data:
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint n8n-compose-traefik-1 (bb09b9c618cab6b114667c5e27e6653f11068e215aadc4bd4f9bb9b4500acdb2): failed to bind host port for 0.0.0.0:443:172.20.0.2:443/tcp: address already in use
n8n version: latestDatabase (default: SQLite): SQLIten8n EXECUTIONS_PROCESS setting (default: own, main): defaultRunning n8n via (Docker, npm, n8n cloud, desktop app): DockerOperating system: Ubuntu for Self-Host, Windows Main
Hey @adrfelipe hope all is well.
Just to clarify, are you asking how to run n8n on other port or traefik? n8n is listening on port 5678. What you are probably looking for is changing the traefik port. Could you please confirm?
Hey @jabbson ! It would be traefik, because the error is only on port 443 and not on 5678 or 80. I can’t move the service from 443
Well in this case, if you want to bind local port other than 443 to the traefik port 443, you would go with something like
- "8443:443"
in the compose file.
This helped, but when accessing the URL, this error appears:
I already ping the domain and it’s working, receiving the IP from my VPS
Well since you changed the port, your url now needs to include a non-default port 8443:https://n8n.<whatever>.com.br:8443
Got it! It worked. But I don’t have authenticated SSL. Would that affect the use of webhooks?
By the way, do I need to pass something to the .env file to configure the webhook URL?
it’s very likely
Most definitely, if you want to use webhooks, you will need to setup WEBHOOK_URL whenever you are not direct frontending n8n.
So how can I configure SSL on this port 8443 to use webhooks?
let’s encrypt probably won’t like that it can’t access 443, so your best bet is to lookup how to configure SSL validation through DNS challenge instead of HTTP challenge. Since this has nothing to do with n8n, but everything to do with SSL and configuring traefik, here is some docs for you to get familiar with:
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
I spent a lot of time studying the documentation you sent me, and now I understand. However, the service is still going live without SSL. I connected the SSL to Cloudflare and generated the API key for the specific DNS, but I generated it for the domain and not for subdomain.domain… I don’t know if there is a problem
Cloudflare DNS Settings (all pointing to VPS ip address)
The biggest problem is that it doesn’t generate any error logs in the containers.
services:
traefik:
image: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.myresolver.acme.email=${SSL_EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
ports:
- "80:80"
- "8443:443"
environment:
- "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
volumes:
- traefik_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
n8n:
image: docker.n8n.io/n8nio/n8n
restart: always
ports:
- "127.0.0.1:5678:5678"
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.entrypoints=web,websecure
- traefik.http.routers.n8n.tls.certresolver=myresolver
- traefik.http.middlewares.n8n.headers.SSLRedirect=true
- traefik.http.middlewares.n8n.headers.STSSeconds=315360000
- traefik.http.middlewares.n8n.headers.browserXSSFilter=true
- traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
- traefik.http.middlewares.n8n.headers.forceSTSHeader=true
- traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
- traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.n8n.headers.STSPreload=true
- traefik.http.routers.n8n.middlewares=n8n@docker
environment:
- N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
- N8N_PORT=5678
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
- GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
volumes:
- n8n_data:/home/node/.n8n
- ./local-files:/files
volumes:
n8n_data:
traefik_data:
