netstack

n8n install

n8n docker install docs

verify docker and docker compose

docker --version

docker compose version

setup non-root user access if needed

sudo usermod -aG docker ${USER}
# Register the `docker` group membership with current session without changing your primary group
exec sg docker newgrp

sudo usermod -aG docker <USER_TO_RUN_DOCKER>

verify groups
```
groups
```
setup DNS A record ( or use cloudflare ) | Record type | Name | Destination | | – | – | | A | n8n | 192.168.x.x |
Create docker-compose file structure
- docker-compose-path
  - n8n-compose
    - .env
    - local-files
      - n8n_data
      - traefic_data
setup env file update
- DOMAIN_NAME
- SUBDOMAIN
- SSL_EMAIL ```
  DOMAIN_NAME and SUBDOMAIN together determine where n8n will be reachable from
  
  The top level domain to serve from
  
  DOMAIN_NAME=example.com

The subdomain to serve from

SUBDOMAIN=n8n

The above example serve n8n at: https://n8n.example.com

Optional timezone to set which gets used by Cron and other scheduling nodes

New York is the default value if not set

GENERIC_TIMEZONE=America/Chicago

The email address to use for the TLS/SSL certificate creation

SSL_EMAIL=user@example.com

- docker-compose.yaml
```yaml
services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_RUNNERS_ENABLED=true
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:
  traefik_data:

Start n8n-Docker Compose in docker/n8n-compose dir
```
sudo docker compose up -d
```
Browse at https://n8n.example.com but with you config url
Stop nn8n Docker in docker/n8n-compose dir
```
sudo docker compose stop
```

netstack

n8n install

DOMAIN_NAME and SUBDOMAIN together determine where n8n will be reachable from

The top level domain to serve from

The subdomain to serve from

The above example serve n8n at: https://n8n.example.com

Optional timezone to set which gets used by Cron and other scheduling nodes

New York is the default value if not set

The email address to use for the TLS/SSL certificate creation