From 684c013b68a50c12dc1f73bde004d1bd11224b76 Mon Sep 17 00:00:00 2001 From: Matt White <> Date: Mon, 13 Apr 2026 12:37:49 +0100 Subject: [PATCH 1/4] Add N8N to services --- services/n8n/.env-example | 30 +++++++++ services/n8n/README.md | 37 ++++++++++++ services/n8n/docker-compose.yml | 104 ++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 services/n8n/.env-example create mode 100644 services/n8n/README.md create mode 100644 services/n8n/docker-compose.yml diff --git a/services/n8n/.env-example b/services/n8n/.env-example new file mode 100644 index 0000000..f64cbc6 --- /dev/null +++ b/services/n8n/.env-example @@ -0,0 +1,30 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=n8n +IMAGE_URL=docker.n8n.io/n8nio/n8n:stable +TAILNET_NAME= + +# Network Configuration +SERVICEPORT=5678 # N8N default port +DNS_SERVER=9.9.9.9 + +# Tailscale Configuration +TS_AUTHKEY= + +# Optional Service variables +# PUID=1000 + +# N8N Configuration variables +POSTGRES_USER= +POSTGRES_PASSWORD= +POSTGRES_DB= + +POSTGRES_NON_ROOT_USER= +POSTGRES_NON_ROOT_PASSWORD= + +N8N_ENCRYPTION_KEY= + +TZ=Europe/London \ No newline at end of file diff --git a/services/n8n/README.md b/services/n8n/README.md new file mode 100644 index 0000000..74b7a1c --- /dev/null +++ b/services/n8n/README.md @@ -0,0 +1,37 @@ +# SERVICE with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [N8N](https://n8n.io/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## SERVICE + +[N8N](https://n8n.io/) a workflow automation platform that uniquely combines AI capabilities with business process automation, giving technical teams the flexibility of code with the speed of no code. + +## Configuration Overview + +In this setup, the `tailscale-N8N` service runs Tailscale, which manages secure networking for SERVICE. The `SERVICE` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + +For the folder structure you will need to pre-create the n8n-storage directory, and correct the ownership before the first run, by doing the following: + +```bash +mkdir -p n8n-storage +sudo chown -R 1000:1000 n8n-storage +``` + +## What to document for users + +In this setup, the tailscale-n8n service runs Tailscale, which manages secure networking for the N8N service. The N8N service uses the Tailscale network stack via Docker’s network_mode: service: configuration. This setup ensures that N8N management interface is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for managing your automations. + +If you need the runners for N8N uncomment the following within the docker-compose.yaml file - `N8N_RUNNERS_MODE=external`, `N8N_RUNNERS_AUTH_TOKEN=${RUNNERS_AUTH_TOKEN}`, `N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0` as well as uncommenting `RUNNERS_AUTH_TOKEN` within the .env file. + +The configs section also needs to be updated to match the below. Specifically the Proxy port needs changing from 8080 to 5678 + +``` +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5678"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} +``` \ No newline at end of file diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml new file mode 100644 index 0000000..cf732bc --- /dev/null +++ b/services/n8n/docker-compose.yml @@ -0,0 +1,104 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5678"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + postgres: + container_name: n8n-postgres + image: postgres:16 + restart: always + environment: + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - POSTGRES_NON_ROOT_USER + - POSTGRES_NON_ROOT_PASSWORD + volumes: + - ./${SERVICE}-db:/var/lib/postgresql/data + - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh + healthcheck: + test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}'] + interval: 5s + timeout: 5s + retries: 10 + + application: + image: ${IMAGE_URL} + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} + restart: unless-stopped + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + volumes: + - ./${SERVICE}-storage:/home/node/.n8n + environment: + - N8N_HOST=${TAILNET_NAME} + - N8N_PORT=5678 + - N8N_PROTOCOL=https + - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} + - N8N_RUNNERS_ENABLED=true + - N8N_BLOCK_ENV_ACCESS_IN_NODE=true + - N8N_GIT_NODE_DISABLE_BARE_REPOS=true + - NODE_ENV=production + - WEBHOOK_URL=https://${TAILNET_NAME}/ + - DB_TYPE=postgresdb + - DB_POSTGRESDB_HOST=postgres + - DB_POSTGRESDB_PORT=5432 + - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} + - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} + - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} + # - N8N_RUNNERS_MODE=external + # - N8N_RUNNERS_AUTH_TOKEN=${RUNNERS_AUTH_TOKEN} + # - N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0 + links: + - postgres + depends_on: + postgres: + condition: service_healthy \ No newline at end of file From 56b6e2aeedc103da1635da3cbd7d50612ac260c8 Mon Sep 17 00:00:00 2001 From: mattkgwhite Date: Mon, 13 Apr 2026 12:51:39 +0100 Subject: [PATCH 2/4] Update N8N_HOST environment variable format update the format of the N8N_HOST variable to be n8n.{TAILNET_NAME} --- services/n8n/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml index cf732bc..bbad4d1 100644 --- a/services/n8n/docker-compose.yml +++ b/services/n8n/docker-compose.yml @@ -79,7 +79,7 @@ services: volumes: - ./${SERVICE}-storage:/home/node/.n8n environment: - - N8N_HOST=${TAILNET_NAME} + - N8N_HOST=n8n.${TAILNET_NAME} - N8N_PORT=5678 - N8N_PROTOCOL=https - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} @@ -101,4 +101,4 @@ services: - postgres depends_on: postgres: - condition: service_healthy \ No newline at end of file + condition: service_healthy From 96ec79728de42f5bc79b6b72b3926a8142b90789 Mon Sep 17 00:00:00 2001 From: Matt White <> Date: Sat, 18 Apr 2026 16:58:38 +0100 Subject: [PATCH 3/4] N8N: Update file names to match the template --- services/n8n/.env | 30 +++++++++ services/n8n/compose.yml | 104 ++++++++++++++++++++++++++++++++ services/n8n/docker-compose.yml | 2 +- 3 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 services/n8n/.env create mode 100644 services/n8n/compose.yml diff --git a/services/n8n/.env b/services/n8n/.env new file mode 100644 index 0000000..cad42f8 --- /dev/null +++ b/services/n8n/.env @@ -0,0 +1,30 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=n8n +IMAGE_URL=docker.n8n.io/n8nio/n8n:stable +TAILNET_NAME= + +# Network Configuration +SERVICEPORT=5678 # N8N default port +DNS_SERVER=9.9.9.9 + +# Tailscale Configuration +TS_AUTHKEY= + +# Optional Service variables +# PUID=1000 + +# N8N Configuration variables +POSTGRES_USER= +POSTGRES_PASSWORD= +POSTGRES_DB= + +POSTGRES_NON_ROOT_USER= +POSTGRES_NON_ROOT_PASSWORD= + +N8N_ENCRYPTION_KEY= + +GENERIC_TIMEZONE=Europe/London \ No newline at end of file diff --git a/services/n8n/compose.yml b/services/n8n/compose.yml new file mode 100644 index 0000000..f4ff21b --- /dev/null +++ b/services/n8n/compose.yml @@ -0,0 +1,104 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5678"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + postgres: + container_name: n8n-postgres + image: postgres:16 + restart: always + environment: + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - POSTGRES_NON_ROOT_USER + - POSTGRES_NON_ROOT_PASSWORD + volumes: + - ./${SERVICE}-db:/var/lib/postgresql/data + - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh + healthcheck: + test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}'] + interval: 5s + timeout: 5s + retries: 10 + + application: + image: ${IMAGE_URL} + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} + restart: unless-stopped + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + volumes: + - ./${SERVICE}-storage:/home/node/.n8n + environment: + - N8N_HOST=n8n.${TAILNET_NAME} + - N8N_PORT=5678 + - N8N_PROTOCOL=https + - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} + - N8N_RUNNERS_ENABLED=true + - N8N_BLOCK_ENV_ACCESS_IN_NODE=true + - N8N_GIT_NODE_DISABLE_BARE_REPOS=true + - NODE_ENV=production + - WEBHOOK_URL=https://${TAILNET_NAME}/ + - DB_TYPE=postgresdb + - DB_POSTGRESDB_HOST=postgres + - DB_POSTGRESDB_PORT=5432 + - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} + - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} + - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} + # - N8N_RUNNERS_MODE=external + # - N8N_RUNNERS_AUTH_TOKEN=${RUNNERS_AUTH_TOKEN} + # - N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0 + links: + - postgres + depends_on: + postgres: + condition: service_healthy \ No newline at end of file diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml index cf732bc..f4ff21b 100644 --- a/services/n8n/docker-compose.yml +++ b/services/n8n/docker-compose.yml @@ -79,7 +79,7 @@ services: volumes: - ./${SERVICE}-storage:/home/node/.n8n environment: - - N8N_HOST=${TAILNET_NAME} + - N8N_HOST=n8n.${TAILNET_NAME} - N8N_PORT=5678 - N8N_PROTOCOL=https - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} From 8d7082853cdeb911cecd212d5c10dce3cbfd60ca Mon Sep 17 00:00:00 2001 From: crypt0rr <57799908+crypt0rr@users.noreply.github.com> Date: Mon, 27 Apr 2026 09:41:43 +0200 Subject: [PATCH 4/4] Updates to reflect template and mitigate some errors. --- services/n8n/.env | 31 +++++----- services/n8n/.env-example | 30 --------- services/n8n/README.md | 4 +- services/n8n/compose.yml | 7 --- services/n8n/docker-compose.yml | 104 -------------------------------- 5 files changed, 19 insertions(+), 157 deletions(-) delete mode 100644 services/n8n/.env-example delete mode 100644 services/n8n/docker-compose.yml diff --git a/services/n8n/.env b/services/n8n/.env index cad42f8..66cfcd1 100644 --- a/services/n8n/.env +++ b/services/n8n/.env @@ -3,28 +3,31 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=n8n -IMAGE_URL=docker.n8n.io/n8nio/n8n:stable -TAILNET_NAME= +SERVICE=n8n # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=docker.n8n.io/n8nio/n8n:stable # Docker image URL from container registry (e.g., adguard/adguard-home). +TAILNET_NAME= # Webhook URL for Tailscale. # Network Configuration -SERVICEPORT=5678 # N8N default port -DNS_SERVER=9.9.9.9 +SERVICEPORT=5678 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 -# N8N Configuration variables -POSTGRES_USER= -POSTGRES_PASSWORD= -POSTGRES_DB= +#Time Zone setting for containers +TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + +# Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/ -POSTGRES_NON_ROOT_USER= -POSTGRES_NON_ROOT_PASSWORD= +# N8N Configuration variables +POSTGRES_USER= # Postgres username for n8n database. +POSTGRES_PASSWORD= # Postgres password for n8n database. +POSTGRES_DB= # Postgres database name for n8n. -N8N_ENCRYPTION_KEY= +POSTGRES_NON_ROOT_USER= # Postgres non-root user for n8n database. +POSTGRES_NON_ROOT_PASSWORD= # Postgres non-root password for n8n database. -GENERIC_TIMEZONE=Europe/London \ No newline at end of file +N8N_ENCRYPTION_KEY= # Encryption key for n8n. \ No newline at end of file diff --git a/services/n8n/.env-example b/services/n8n/.env-example deleted file mode 100644 index f64cbc6..0000000 --- a/services/n8n/.env-example +++ /dev/null @@ -1,30 +0,0 @@ -#version=1.1 -#URL=https://github.com/tailscale-dev/ScaleTail -#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. - -# Service Configuration -SERVICE=n8n -IMAGE_URL=docker.n8n.io/n8nio/n8n:stable -TAILNET_NAME= - -# Network Configuration -SERVICEPORT=5678 # N8N default port -DNS_SERVER=9.9.9.9 - -# Tailscale Configuration -TS_AUTHKEY= - -# Optional Service variables -# PUID=1000 - -# N8N Configuration variables -POSTGRES_USER= -POSTGRES_PASSWORD= -POSTGRES_DB= - -POSTGRES_NON_ROOT_USER= -POSTGRES_NON_ROOT_PASSWORD= - -N8N_ENCRYPTION_KEY= - -TZ=Europe/London \ No newline at end of file diff --git a/services/n8n/README.md b/services/n8n/README.md index 74b7a1c..1b50fe2 100644 --- a/services/n8n/README.md +++ b/services/n8n/README.md @@ -25,7 +25,7 @@ If you need the runners for N8N uncomment the following within the docker-compos The configs section also needs to be updated to match the below. Specifically the Proxy port needs changing from 8080 to 5678 -``` +```plain configs: ts-serve: content: | @@ -34,4 +34,4 @@ configs: {"Handlers":{"/": {"Proxy":"http://127.0.0.1:5678"}}}}, "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} -``` \ No newline at end of file +``` diff --git a/services/n8n/compose.yml b/services/n8n/compose.yml index f4ff21b..8395d2e 100644 --- a/services/n8n/compose.yml +++ b/services/n8n/compose.yml @@ -71,11 +71,6 @@ services: network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale container_name: app-${SERVICE} restart: unless-stopped - #ports: - # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required - # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - #dns: - # - ${DNS_SERVER} volumes: - ./${SERVICE}-storage:/home/node/.n8n environment: @@ -97,8 +92,6 @@ services: # - N8N_RUNNERS_MODE=external # - N8N_RUNNERS_AUTH_TOKEN=${RUNNERS_AUTH_TOKEN} # - N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0 - links: - - postgres depends_on: postgres: condition: service_healthy \ No newline at end of file diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml deleted file mode 100644 index bbad4d1..0000000 --- a/services/n8n/docker-compose.yml +++ /dev/null @@ -1,104 +0,0 @@ -configs: - ts-serve: - content: | - {"TCP":{"443":{"HTTPS":true}}, - "Web":{"$${TS_CERT_DOMAIN}:443": - {"Handlers":{"/": - {"Proxy":"http://127.0.0.1:5678"}}}}, - "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} - -services: - # Make sure you have updated/checked the .env file with the correct variables. - # All the ${ xx } need to be defined there. - # Tailscale Sidecar Configuration - tailscale: - image: tailscale/tailscale:latest # Image to be used - container_name: tailscale-${SERVICE} # Name for local container management - hostname: ${SERVICE} # Name used within your Tailscale environment - environment: - - TS_AUTHKEY=${TS_AUTHKEY} - - TS_STATE_DIR=/var/lib/tailscale - - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required - - TS_USERSPACE=false - - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" - - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint - #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS - - TS_AUTH_ONCE=true - configs: - - source: ts-serve - target: /config/serve.json - volumes: - - ./config:/config # Config folder used to store Tailscale files - you may need to change the path - - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path - devices: - - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work - cap_add: - - net_admin # Tailscale requirement - #ports: - # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required - # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - # dns: - # - ${DNS_SERVER} - healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 10s # Time to wait before starting health checks - restart: always - - postgres: - container_name: n8n-postgres - image: postgres:16 - restart: always - environment: - - POSTGRES_USER - - POSTGRES_PASSWORD - - POSTGRES_DB - - POSTGRES_NON_ROOT_USER - - POSTGRES_NON_ROOT_PASSWORD - volumes: - - ./${SERVICE}-db:/var/lib/postgresql/data - - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh - healthcheck: - test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}'] - interval: 5s - timeout: 5s - retries: 10 - - application: - image: ${IMAGE_URL} - network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale - container_name: app-${SERVICE} - restart: unless-stopped - #ports: - # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required - # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - #dns: - # - ${DNS_SERVER} - volumes: - - ./${SERVICE}-storage:/home/node/.n8n - environment: - - N8N_HOST=n8n.${TAILNET_NAME} - - N8N_PORT=5678 - - N8N_PROTOCOL=https - - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY} - - N8N_RUNNERS_ENABLED=true - - N8N_BLOCK_ENV_ACCESS_IN_NODE=true - - N8N_GIT_NODE_DISABLE_BARE_REPOS=true - - NODE_ENV=production - - WEBHOOK_URL=https://${TAILNET_NAME}/ - - DB_TYPE=postgresdb - - DB_POSTGRESDB_HOST=postgres - - DB_POSTGRESDB_PORT=5432 - - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} - - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} - - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} - # - N8N_RUNNERS_MODE=external - # - N8N_RUNNERS_AUTH_TOKEN=${RUNNERS_AUTH_TOKEN} - # - N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0 - links: - - postgres - depends_on: - postgres: - condition: service_healthy