Hey!
I have n8n running on Ubuntu via pm2 and have a reversed proxy in front of it. The reversed proxy secures the traffic via SSL, but on a different port than 5678. I’ve noticed that the URL for a webhook still uses port 5678. Would these webhooks still be secured via SSL? Or is there any way to change it so it uses my proxys port?
Hey @Felix,
If you are running n8n behind a reverse proxy you will need to set the WEBHOOK_URL environment variable to the domain you want to use so if you have felix.com you would want to set it to https://felix.com
The default value is to use N8N_PROTOCOL + N8N_HOST + N8N_PORT, You can read more about this here: Configuration | Docs
Thanks!
I’ve got another question though:
Is there a way for my web UI to only be able to be reached via my reverse proxy? Right now my proxy is on port 4433 and sends the traffic encrypted to port 5678. The problem is that I can still open the Web UI over port 5678 directly. Can I stop this from n8n directly or do I have to make that configuration in my firewall?
Hey @Felix,
Of course, So what happens is n8n will automatically bind to 0.0.0.0 which is all available IPs so you or anyone else on your network would be able to access it by inputting your IP and the port.
If you were using Docker it wouldn’t be an issue as it is all in the container and you expose the port for the host but because you are running it directly there is another quick config change to make to stop that.
If you set N8N_LISTEN_ADDRESS to 127.0.0.1 it will only listen on the local address so on your machine you could still use http://localhost:5678 to access it but you wouldn’t be able to use any other address.
For your nginx proxy config assuming it is on the same machine you would change the proxy_pass option to http://127.0.0.1:5678 and after a quick restart / reload of the nginx service you should be able to access it through the proxy as well.