====== 安裝 n8n (Docker-Compose)  ======
  * 安裝環境 : OS:[[tech:alpine_docker|Alpine 3+Docker]] vCore:2 RAM:2G HD:20G

===== 安裝程序 =====
  * 設定 Domain Name Server 進行服務主機對應 Exp. n8n.ichiayi.com -> 192.168.11.52
  * 編輯 docker-compose.yml <file>
version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER
      - N8N_BASIC_AUTH_PASSWORD
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n
</file>
  * 依照實際狀況設定環境變數 Exp. 
    * 資料存放目錄 - /root/n8n
    * 服務網址 - https://n8n.ichiayi.com
    * 登入帳號密碼 - mytest / password_change_me
    * 設定時區 - Asia/Taipei
    * 申請 Let's Encrypt 憑證的 E-Mail - mytest@ichiayi.com
    * .env<file>
DATA_FOLDER=/root/n8n/
DOMAIN_NAME=ichiayi.com
SUBDOMAIN=n8n
N8N_BASIC_AUTH_USER=mytest
N8N_BASIC_AUTH_PASSWORD=password_change_me
GENERIC_TIMEZONE=Asia/Taipei
SSL_EMAIL=mytest@ichiayi.com
</file>
  * 建立出資料存放路徑 <cli>
mkdir -p /root/n8n/
</cli>
  * 啟動服務 <cli>
docker compose up -d
</cli>
  * 關閉服務 <cli>
docker compose stop
</cli>

===== FAQ =====
  * 如果 Let's Encrypt 憑證要改用 Cloudflare DNS 認證, docker-compose.yml 要將以下三行<file>
:
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
:
</file>修改如下<file>
:
      - "--certificatesresolvers.mytlschallenge.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    environment:
      - CF_API_EMAIL=${SSL_EMAIL}
      - CF_DNS_API_TOKEN=pGuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfZgtYJa
</file>

===== 參考網址 =====
  * https://docs.n8n.io/hosting/installation/server-setups/docker-compose/
  * https://doc.traefik.io/traefik/https/acme/
  * https://www.ichiayi.com/tech/

{{tag>automation workflow}}