n8n + postgres + cloudflare tunnel - compose

.env

POSTGRES_USER=<user>
POSTGRES_PASSWORD=<pass>
POSTGRES_DB=n8n

POSTGRES_NON_ROOT_USER=n8nuser
POSTGRES_NON_ROOT_PASSWORD=<password>

# DOMAIN_NAME and SUBDOMAIN together determine where n8n will be reachable from
# The top level domain to serve from
DOMAIN_NAME=my-domain.com

# The subdomain to serve from
SUBDOMAIN=n8n

.env-cf

CLOUDFLARE_TUNNEL_TOKEN=<token>

readme.md

post by tomer about cloudflare tunnel

https://techblog.co.il/cloudflare-zero-trust-my-first-tunnel/

docker-compose-cf.yml

services:
  cloudflare-tunnel:
    image: cloudflare/cloudflared
    container_name: cloudflare-tunnel
    hostname: cloudflare-tunnel
    restart: unless-stopped
    network_mode: "host"
    command: tunnel run
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./config/hosts:/etc/hosts
    environment:
      - "TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}"

docker-compose-n8n.yml

# volumes:
#   db_storage:
#   n8n_storage:

networks:
  shared-postgres-net:
    external: true

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    networks:
      - shared-postgres-net
    environment:
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_RUNNERS_ENABLED=true
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
      - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
      - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
      - N8N_SECURE_COOKIE=false
    ports:
      - 5678:5678
    # links:
    #   - postgres
    volumes:
      - ./n8n_storage:/home/node/.n8n
    # depends_on:
    #   postgres:
    #     condition: service_healthy

docker-compose-postgres.yml

# volumes:
#   db_storage:
#   n8n_storage:

networks:
  shared-postgres-net:
    external: true

services:
  postgres:
    image: postgres:16
    restart: always
    networks:
      shared-postgres-net:
        aliases:
          - postgres
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB
      - POSTGRES_NON_ROOT_USER
      - POSTGRES_NON_ROOT_PASSWORD
    volumes:
      - ./db_storage:/var/lib/postgresql/data
      - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
      - ./init-npm-db.sh:/docker-entrypoint-initdb.d/init-npm-db.sh
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}']
      interval: 5s
      timeout: 5s
      retries: 10

 

init-data.sh

#!/bin/bash
set -e;


if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then
	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
		CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';
		GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};
		GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER};
	EOSQL
else
	echo "SETUP INFO: No Environment variables given!"
fi