- dockerfile +69 -0
dockerfile
ADDED
@@ -0,0 +1,69 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
# Use a multi-stage build to manage different services
|
2 |
+
|
3 |
+
# 1. Traefik stage
|
4 |
+
FROM traefik as traefik-stage
|
5 |
+
|
6 |
+
# Set Traefik command options
|
7 |
+
CMD ["traefik",
|
8 |
+
"--api=true",
|
9 |
+
"--api.insecure=true",
|
10 |
+
"--api.dashboard=true",
|
11 |
+
"--providers.docker=true",
|
12 |
+
"--providers.docker.exposedbydefault=false",
|
13 |
+
"--entrypoints.websecure.address=:443",
|
14 |
+
"--certificatesresolvers.mytlschallenge.acme.tlschallenge=true",
|
15 |
+
"--certificatesresolvers.mytlschallenge.acme.email=shayanrl87@gmail.com",
|
16 |
+
"--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
|
17 |
+
]
|
18 |
+
|
19 |
+
# Expose ports for Traefik
|
20 |
+
EXPOSE 80 443
|
21 |
+
|
22 |
+
# Mount volumes
|
23 |
+
VOLUME ["/var/run/docker.sock", "/root/data/n8n/letsencrypt:/letsencrypt"]
|
24 |
+
|
25 |
+
# 2. InitContainer stage for permission adjustment
|
26 |
+
FROM busybox as init-stage
|
27 |
+
|
28 |
+
# Command to change ownership of the .n8n directory
|
29 |
+
CMD ["sh", "-c", "chown -R 1000:1000 /home/node/.n8n"]
|
30 |
+
|
31 |
+
# Mount the volume that needs permission changes
|
32 |
+
VOLUME ["/root/data/.n8n:/home/node/.n8n"]
|
33 |
+
|
34 |
+
# 3. n8n stage
|
35 |
+
FROM docker.n8n.io/n8nio/n8n as n8n-stage
|
36 |
+
|
37 |
+
# Set environment variables
|
38 |
+
ENV N8N_HOST=shayanrl-n8n.hf.space \
|
39 |
+
N8N_PORT=7860 \
|
40 |
+
N8N_PROTOCOL=https \
|
41 |
+
NODE_ENV=production \
|
42 |
+
WEBHOOK_URL=https://shayanrl-n8n.hf.space/app1
|
43 |
+
|
44 |
+
# Expose the port for n8n
|
45 |
+
EXPOSE 7860
|
46 |
+
|
47 |
+
# Mount necessary volumes
|
48 |
+
VOLUME ["/var/run/docker.sock", "/root/data/.n8n:/home/node/.n8n"]
|
49 |
+
|
50 |
+
# Labels for Traefik routing
|
51 |
+
LABEL traefik.enable=true
|
52 |
+
LABEL traefik.http.routers.n8n.rule=Host(`shayanrl-n8n.hf.space`)
|
53 |
+
LABEL traefik.http.routers.n8n.tls=true
|
54 |
+
LABEL traefik.http.routers.n8n.entrypoints=websecure
|
55 |
+
LABEL traefik.http.routers.n8n.rule=PathPrefix(`/app1{regex:$$|/.*}`)
|
56 |
+
LABEL traefik.http.middlewares.n8n-stripprefix.stripprefix.prefixes=/app1
|
57 |
+
LABEL traefik.http.routers.n8n.middlewares=n8n-stripprefix
|
58 |
+
LABEL traefik.http.routers.n8n.tls.certresolver=mytlschallenge
|
59 |
+
LABEL traefik.http.middlewares.n8n.headers.SSLRedirect=true
|
60 |
+
LABEL traefik.http.middlewares.n8n.headers.STSSeconds=315360000
|
61 |
+
LABEL traefik.http.middlewares.n8n.headers.browserXSSFilter=true
|
62 |
+
LABEL traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
|
63 |
+
LABEL traefik.http.middlewares.n8n.headers.forceSTSHeader=true
|
64 |
+
LABEL traefik.http.middlewares.n8n.headers.SSLHost=shayanrl-n8n.hf.space
|
65 |
+
LABEL traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
|
66 |
+
LABEL traefik.http.middlewares.n8n.headers.STSPreload=true
|
67 |
+
|
68 |
+
# Command to run n8n after permissions are set
|
69 |
+
CMD ["n8n", "start"]
|