docker
docker-compose
一键安装脚本
本脚本使用 caddy 进行内网反代,避开了原本 n8n 对 https 的限制。
#!/bin/bash
echo "=== 开始配置 n8n 与 Caddy 内部反向代理 ==="
# 检查本地配置
if [ -d "data" ]; then
echo "警告:检测到本地已存在配置"
read -p "是否清除现有配置并重新初始化?(y/N) " answer
if [ "$answer" = "y" ] || [ "$answer" = "Y" ]; then
echo "清理现有配置..."
rm -rf data caddy_data
echo "现有配置已清理"
else
echo "保留现有配置,退出脚本"
exit 0
fi
fi
# 检查 docker-compose.yml
if [ -f "docker-compose.yml" ]; then
echo "发现现有的 docker-compose.yml"
read -p "是否覆盖现有的 docker-compose.yml?(y/N) " answer
if [ "$answer" != "y" ] && [ "$answer" != "Y" ]; then
echo "保留现有 docker-compose.yml,退出脚本"
exit 0
fi
fi
# 设置端口号
read -p "请输入要使用的 HTTPS 端口 (默认: 8443): " HTTPS_PORT
HTTPS_PORT=${HTTPS_PORT:-8443}
# 设置内部域名
INTERNAL_DOMAIN="n8n.local"
echo -e "\n1. 启动临时容器..."
docker run -d --name n8n-temp n8nio/n8n:latest
echo "等待10秒让容器完全初始化..."
sleep 10
echo -e "\n2. 创建本地配置目录..."
mkdir -p data
mkdir -p caddy_data/caddy_config
mkdir -p caddy_data/caddy_data
mkdir -p caddy_data/certs
echo "目录创建完成"
echo -e "\n3. 从运行中的容器复制配置..."
docker cp n8n-temp:/home/node/.n8n/. ./data/
if [ $? -eq 0 ]; then
echo "数据目录复制成功"
else
echo "错误:数据目录复制失败"
docker rm -f n8n-temp
exit 1
fi
echo -e "\n4. 清理临时容器..."
docker rm -f n8n-temp
echo "临时容器已清理"
echo -e "\n5. 创建 Caddy 配置文件..."
mkdir -p caddy_data/caddy_config/Caddyfile.d
# 创建自签名证书
echo -e "\n5.1 生成自签名证书..."
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout caddy_data/certs/n8n.key \
-out caddy_data/certs/n8n.crt \
-subj "/CN=${INTERNAL_DOMAIN}" \
-addext "subjectAltName = DNS:${INTERNAL_DOMAIN},IP:127.0.0.1"
echo "证书生成完成"
# 创建 Caddy 配置文件
cat > caddy_data/caddy_config/Caddyfile <<EOL
{
# 禁用 ACME 以使用本地证书
auto_https disable_redirects
}
:${HTTPS_PORT} {
tls /etc/caddy/certs/n8n.crt /etc/caddy/certs/n8n.key
reverse_proxy n8n-app:5678
log {
output file /data/access.log
}
encode gzip
}
EOL
echo "Caddy 配置创建完成"
echo -e "\n6. 创建 docker-compose.yml..."
cat > docker-compose.yml <<EOL
version: "3"
services:
n8n-app:
image: n8nio/n8n:latest
container_name: n8n-app
restart: unless-stopped
expose:
- 5678
volumes:
- ./data:/home/node/.n8n
environment:
- TZ=Asia/Shanghai
- GENERIC_TIMEZONE=Asia/Shanghai
- N8N_PORT=5678
- N8N_PROTOCOL=https
- N8N_HOST=localhost
- NODE_ENV=production
- WEBHOOK_URL=https://localhost:${HTTPS_PORT}/
- N8N_TRUSTED_PROXY_ADDRESSES=caddy-service
dns:
- 8.8.8.8
- 223.5.5.5
networks:
- n8n-network
extra_hosts:
- "${INTERNAL_DOMAIN}:127.0.0.1"
caddy-service:
image: caddy:latest
container_name: caddy-service
restart: unless-stopped
ports:
- "${HTTPS_PORT}:${HTTPS_PORT}"
volumes:
- ./caddy_data/caddy_config:/etc/caddy
- ./caddy_data/caddy_data:/data
- ./caddy_data/certs:/etc/caddy/certs:ro
networks:
- n8n-network
extra_hosts:
- "${INTERNAL_DOMAIN}:127.0.0.1"
networks:
n8n-network:
driver: bridge
EOL
echo "配置文件创建完成"
echo -e "\n7. 创建 hosts 文件更新脚本..."
cat > update_hosts.sh <<EOL
#!/bin/bash
# 检查 /etc/hosts 文件中是否已存在条目
if grep -q "${INTERNAL_DOMAIN}" /etc/hosts; then
echo "${INTERNAL_DOMAIN} 已在 hosts 文件中"
else
echo "添加 ${INTERNAL_DOMAIN} 到 hosts 文件..."
echo "127.0.0.1 ${INTERNAL_DOMAIN}" | sudo tee -a /etc/hosts
echo "hosts 文件已更新"
fi
EOL
chmod +x update_hosts.sh
echo "hosts 更新脚本创建完成"
echo -e "\n=== 配置完成! ==="
echo "你可以:"
echo "1. 运行 './update_hosts.sh' 更新本地 hosts 文件 (需要 sudo 权限)"
echo "2. 编辑 ./data 目录下的配置文件"
echo "3. 编辑 docker-compose.yml 修改设置"
echo "4. 使用 'docker compose up -d' 启动服务"
echo "5. 访问 https://localhost:${HTTPS_PORT} 或 https://${INTERNAL_DOMAIN}:${HTTPS_PORT} 开始使用 n8n"
echo -e "\n注意:"
echo "- 由于使用自签名证书,浏览器会显示安全警告,需要手动确认信任证书"
echo "- 如果访问 webhook 出现问题,可能需要调整 WEBHOOK_URL 环境变量"
# 询问是否立即启动服务
read -p "是否立即启动服务?(y/N) " answer
if [ "$answer" = "y" ] || [ "$answer" = "Y" ]; then
echo "启动 n8n 和 Caddy..."
docker compose up -d
echo "服务已启动,请访问 https://localhost:${HTTPS_PORT}"
fik8s
helm
安装
mkdir n8n
cd n8n
helm pull oci://8gears.container-registry.com/library/n8n --untar
cp n8n/values.yaml values.yaml按照下列所示配置设置
# 镜像配置
image:
repository: n8nio/n8n
pullPolicy: IfNotPresent
tag: "1.116.2" # 指定版本
# Ingress 配置 - 启用外部访问
ingress:
enabled: true
className: "nginx" # 使用 nginx ingress controller
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
hosts:
- host: n8n.local # 使用本地域名进行测试
paths:
- "/"
# 暂时禁用 TLS 以简化测试
tls: []
# 主应用配置
main:
# n8n 环境变量配置
config:
# 使用内置 SQLite 数据库(最小化配置)
db:
type: sqlite
sqlite:
path: "/home/node/.n8n/database.sqlite"
# 基本配置
n8n:
encryption_key: "test-encryption-key-12345" # 测试用加密密钥
log:
level: "info"
timezone: "UTC"
# Webhook 配置
webhook:
url: "http://n8n.local/webhook"
# 敏感信息存储在 secret 中
secret: {}
# 持久化存储配置
persistence:
enabled: true
accessModes:
- ReadWriteOnce
size: 5Gi # 存储大小
storageClass: "local-path" # 使用 local-path 存储类
# 服务配置
service:
enabled: true
type: ClusterIP
port: 80
# 副本数
replicaCount: 1
# 基本资源配置
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
# 健康检查配置
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
