Expose n8n with traefik, caddy or cloudflared

.env.example

@@ -0,0 +1,17 @@
+POSTGRES_USER=root
+POSTGRES_PASSWORD=password
+POSTGRES_DB=n8n
+
+N8N_ENCRYPTION_KEY=super-secret-key
+N8N_USER_MANAGEMENT_JWT_SECRET=even-more-secret
+N8N_DEFAULT_BINARY_DATA_MODE=filesystem
+
+# For Mac users running OLLAMA locally
+# See https://github.com/n8n-io/self-hosted-ai-starter-kit?tab=readme-ov-file#for-mac--apple-silicon-users
+# OLLAMA_HOST=host.docker.internal:11434
+
+# Set your WEBHOOK_URL to expose n8n to the internet
+# WEBHOOK_URL=n8n.example.com
+
+# If you are using Cloudflare Tunnel, set the token here
+# CLOUDFLARED_TUNNEL_TOKEN=find-your-token-in-cloudflare-dashboard

.gitignore

@@ -0,0 +1,2 @@
+.env
+shared/

README.md

@@ -42,15 +42,17 @@ Engineering world, handles large amounts of data safely.
 ```bash
 git clone https://github.com/n8n-io/self-hosted-ai-starter-kit.git
 cd self-hosted-ai-starter-kit
+cp .env.example .env # you should update secrets and passwords inside
 ```
 
 ### Running n8n using Docker Compose
 
 #### For Nvidia GPU users
 
-```
+```bash
 git clone https://github.com/n8n-io/self-hosted-ai-starter-kit.git
 cd self-hosted-ai-starter-kit
+cp .env.example .env # you should update secrets and passwords inside
 docker compose --profile gpu-nvidia up
 ```
 
@@ -60,9 +62,10 @@ docker compose --profile gpu-nvidia up
 
 ### For AMD GPU users on Linux
 
-```
+```bash
 git clone https://github.com/n8n-io/self-hosted-ai-starter-kit.git
 cd self-hosted-ai-starter-kit
+cp .env.example .env # you should update secrets and passwords inside
 docker compose --profile gpu-amd up
 ```
 
@@ -80,36 +83,30 @@ If you want to run Ollama on your mac, check the
 [Ollama homepage](https://ollama.com/)
 for installation instructions, and run the starter kit as follows:
 
-```
+```bash
 git clone https://github.com/n8n-io/self-hosted-ai-starter-kit.git
 cd self-hosted-ai-starter-kit
+cp .env.example .env # you should update secrets and passwords inside
 docker compose up
 ```
 
 ##### For Mac users running OLLAMA locally
 
 If you're running OLLAMA locally on your Mac (not in Docker), you need to modify the OLLAMA_HOST environment variable
-in the n8n service configuration. Update the x-n8n section in your Docker Compose file as follows:
-
-```yaml
-x-n8n: &service-n8n
-  # ... other configurations ...
-  environment:
-    # ... other environment variables ...
-    - OLLAMA_HOST=host.docker.internal:11434
-```
 
-Additionally, after you see "Editor is now accessible via: <http://localhost:5678/>":
+1. Set OLLAMA_HOST to `host.docker.internal:11434` in your .env file. 
+2. Additionally, after you see "Editor is now accessible via: <http://localhost:5678/>":
 
-1. Head to <http://localhost:5678/home/credentials>
-2. Click on "Local Ollama service"
-3. Change the base URL to "http://host.docker.internal:11434/"
+    1. Head to <http://localhost:5678/home/credentials>
+    2. Click on "Local Ollama service"
+    3. Change the base URL to "http://host.docker.internal:11434/"
 
 #### For everyone else
 
-```
+```bash
 git clone https://github.com/n8n-io/self-hosted-ai-starter-kit.git
 cd self-hosted-ai-starter-kit
+cp .env.example .env # you should update secrets and passwords inside
 docker compose --profile cpu up
 ```
 
@@ -143,6 +140,40 @@ language model and Qdrant as your vector store.
 > combines robust components that work well together for proof-of-concept
 > projects. You can customize it to meet your specific needs
 
+## 🌍 Expose n8n publicly 
+
+Making your n8n instance accessible on the Internet can be achieved in different ways. Traefik or Caddy generate TLS 
+certificat with let's encrypt. If you don't have a public-facing server but still want to share your n8n instance from
+ a machine on a private network, Cloudflare Tunnel.
+
+### With Traefik
+
+```bash
+sed -i 's/n8n\.example\.com/n8n\.myowndomain\.com/g' .env
+sed -i '' 's/n8n\.example\.com/n8n\.myowndomain\.com/g' .env  # Mac compatible
+docker compose -f docker-compose.yml -f docker-compose.traefik.yml up
+```
+
+### With Caddy
+
+```bash
+sed -i 's/n8n\.example\.com/n8n\.myowndomain\.com/g' .env
+sed -i '' 's/n8n\.example\.com/n8n\.myowndomain\.com/g' .env  # Mac compatible
+docker compose -f docker-compose.yml -f docker-compose.caddy.yml up
+```
+
+### With Cloudflared
+
+First, create a Cloudflare account and add a domain to it. For detailed instructions, see the 
+[Cloudflare documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
+
+Once you have your tunnel token, add it to your `.env` file.
+
+```bash
+# Set CLOUDFLARED_TUNNEL_TOKEN environement variable in .env
+docker compose -f docker-compose.yml -f docker-compose.cloudflared.yml up
+```
+
 ## Upgrading
 
 * ### For Nvidia GPU setups:
@@ -154,7 +185,7 @@ docker compose create && docker compose --profile gpu-nvidia up
 
 * ### For Mac / Apple Silicon users
 
-```
+```bash
 docker compose pull
 docker compose create && docker compose up
 ```

docker-compose.caddy.yml

@@ -0,0 +1,26 @@
+
+volumes:
+  caddy_data:
+  caddy_config:
+
+services:
+  n8n:
+    environment:
+      - WEBHOOK_URL
+
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    restart: unless-stopped
+    networks: ['demo']
+    ports:
+      - 80:80
+      - 1443:443
+    volumes:
+      - ./docker/Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
+      - caddy_config:/config
+    environment:
+      - WEBHOOK_URL
+    env_file:
+      - .env

docker-compose.cloudflared.yml

@@ -0,0 +1,11 @@
+services:  
+  tunnel:
+    container_name: cloudflared-tunnel
+    image: cloudflare/cloudflared:latest
+    restart: unless-stopped
+    networks: ['demo']
+    command: tunnel run
+    environment:
+      - TUNNEL_TOKEN=${CLOUDFLARED_TUNNEL_TOKEN}
+    env_file:
+      - .env 

docker-compose.traefik.yml

@@ -0,0 +1,35 @@
+volumes:
+  traefik_data:
+
+services:
+  n8n:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.n8n.rule=Host(`${WEBHOOK_URL}`)"
+      - "traefik.http.routers.n8n.entrypoints=websecure"
+      - "traefik.http.routers.n8n.tls.certresolver=myresolver"
+    environment:
+      - WEBHOOK_URL
+    env_file:
+      - .env
+
+
+  traefik:
+    image: traefik:v3.4
+    container_name: traefik
+    restart: unless-stopped
+    networks: ['demo']
+    command:
+      - "--log.level=INFO"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entryPoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "1443:443"
+      - "8080:8080"
+    volumes:
+      - traefik_data:/letsencrypt
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"

docker-compose.yml

@@ -19,7 +19,7 @@ x-n8n: &service-n8n
     - N8N_PERSONALIZATION_ENABLED=false
     - N8N_ENCRYPTION_KEY
     - N8N_USER_MANAGEMENT_JWT_SECRET
-    - OLLAMA_HOST=ollama:11434
+    - OLLAMA_HOST=${OLLAMA_HOST:-ollama:11434}
   env_file:
     - .env
 

docker/Caddyfile

@@ -0,0 +1,3 @@
+{$WEBHOOK_URL} {
+    reverse_proxy n8n:5678
+}