Module 2 Lesson 2: Reverse Proxy (SSL)
Secure your connection. Learn how to put n8n behind a reverse proxy like Nginx or Traefik to enable HTTPS and clean domain names (e.g., n8n.mycompany.com).
Module 2 Lesson 2: Reverse Proxy (SSL)
Running n8n on http://localhost is fine for testing. But to receive "Webhooks" from the internet (like Slack or Stripe), your server must be reachable via HTTPS with a valid domain name.
1. What is a Reverse Proxy?
A reverse proxy sits in front of your n8n container.
- It listens on Port 443 (HTTPS).
- It handles the SSL certificates (via Let's Encrypt).
- It passes the traffic securely to n8n on Port 5678.
2. Using Nginx Proxy Manager (The Easy Way)
Nginx Proxy Manager is a web interface for Nginx.
- Run it as a Docker container.
- Add a "Proxy Host":
n8n.yourdomain.com. - Point it to your n8n container's IP/Hostname.
- Click "Request a new SSL Certificate."
3. The WEBHOOK_URL Environment Variable
Once you have a domain, you MUST tell n8n about it. If you don't, webhooks from other apps will try to send data to localhost and fail.
environment:
- WEBHOOK_URL=https://n8n.yourdomain.com/
4. Traefik (The Pro Way)
If you are comfortable with YAML, Traefik can automatically detect your n8n container and setup the SSL without you ever touching a dashboard. This is the preferred method for "Infrastructure as Code" fans.
Exercise: The Secure Portal
- Point a domain (e.g.,
n8n.mytest.com) to your server's IP address. - Setup a Reverse Proxy (Nginx or Traefik).
- Update your
WEBHOOK_URLand restart n8n. - Visit your domain. Does the "Lock" icon appear in the browser address bar?
- Why is it dangerous to run n8n without HTTPS? (Think about your API keys!).
Summary
A reverse proxy turns your local tool into a global platform. By securing your connection with SSL, you ensure that your automation can safely talk to the rest of the world and receive events as they happen.
Next Lesson: Tuning the engine: Environment Variables for n8n.