Traefik error: Port 443 in use. How do I change this port?

Error about port 443 being used.

I’m following the documentation on how to do self-hosting using Docker Compose and I ran into the error about port 443 being used. The problem is that there is actually a service running on port 443 that I cannot take down, I wanted to know if it is possible to change the port that N8N is running on and how I can configure this to be visible in my domains.

Services running:

root@n8n-server:/opt/n8n/n8n-compose# sudo ss -ltnp | grep :443
LISTEN 0 512 *:443 : users:((“CALERIE.API”,pid=3540132,fd=186))

Compose.YML:

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:
  traefik_data:

Error message

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint n8n-compose-traefik-1 (bb09b9c618cab6b114667c5e27e6653f11068e215aadc4bd4f9bb9b4500acdb2): failed to bind host port for 0.0.0.0:443:172.20.0.2:443/tcp: address already in use

Information on your n8n setup

  • n8n version: latest
  • Database (default: SQLite): SQLIte
  • n8n EXECUTIONS_PROCESS setting (default: own, main): default
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
  • Operating system: Ubuntu for Self-Host, Windows Main

Hey @adrfelipe hope all is well.

Just to clarify, are you asking how to run n8n on other port or traefik? n8n is listening on port 5678. What you are probably looking for is changing the traefik port. Could you please confirm?

Hey @jabbson ! It would be traefik, because the error is only on port 443 and not on 5678 or 80. I can’t move the service from 443

Well in this case, if you want to bind local port other than 443 to the traefik port 443, you would go with something like

- "8443:443" 

in the compose file.

This helped, but when accessing the URL, this error appears:

I already ping the domain and it’s working, receiving the IP from my VPS

Well since you changed the port, your url now needs to include a non-default port 8443:
https://n8n.<whatever>.com.br:8443

Got it! It worked. But I don’t have authenticated SSL. Would that affect the use of webhooks?

By the way, do I need to pass something to the .env file to configure the webhook URL?

it’s very likely

Most definitely, if you want to use webhooks, you will need to setup WEBHOOK_URL whenever you are not direct frontending n8n.

So how can I configure SSL on this port 8443 to use webhooks?

let’s encrypt probably won’t like that it can’t access 443, so your best bet is to lookup how to configure SSL validation through DNS challenge instead of HTTP challenge. Since this has nothing to do with n8n, but everything to do with SSL and configuring traefik, here is some docs for you to get familiar with:

I spent a lot of time studying the documentation you sent me, and now I understand. However, the service is still going live without SSL. I connected the SSL to Cloudflare and generated the API key for the specific DNS, but I generated it for the domain and not for subdomain.domain… I don’t know if there is a problem

Cloudflare DNS Settings (all pointing to VPS ip address)

The biggest problem is that it doesn’t generate any error logs in the containers.

Logs

New compose.yml

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.myresolver.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
    ports:
      - "80:80"
      - "8443:443"
    environment:
      - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=myresolver
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:
  traefik_data: