diff --git a/docs/configuration.md b/docs/configuration.md index b0fca4dbc2..25bd371ac6 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -137,6 +137,19 @@ export NODE_FUNCTION_ALLOW_EXTERNAL=moment,lodash ``` +## SSL + +It is possible to start n8n with SSL enabled by supplying a certificate to use: + + +```bash +export N8N_PROTOCOL=https +export N8N_SSL_KEY=/data/certs/server.key +export N8N_SSL_CERT=/data/certs/server.pem +``` + + + ## Timezone The timezone is set by default to "America/New_York". It gets for example used by the diff --git a/packages/cli/config/index.ts b/packages/cli/config/index.ts index 0609bdae31..2452bdd67f 100644 --- a/packages/cli/config/index.ts +++ b/packages/cli/config/index.ts @@ -175,6 +175,18 @@ const config = convict({ env: 'N8N_PROTOCOL', doc: 'HTTP Protocol via which n8n can be reached' }, + ssl_key: { + format: String, + default: 'server.key', + env: 'N8N_SSL_KEY', + doc: 'SSL Key for HTTPS Protocol' + }, + ssl_cert: { + format: String, + default: 'server.pem', + env: 'N8N_SSL_CERT', + doc: 'SSL Cert for HTTPS Protocol' + }, security: { basicAuth: { diff --git a/packages/cli/src/Server.ts b/packages/cli/src/Server.ts index 2f539c6f5c..42bed2942e 100644 --- a/packages/cli/src/Server.ts +++ b/packages/cli/src/Server.ts @@ -1,4 +1,7 @@ import * as express from 'express'; +import { + readFileSync, +} from 'fs'; import { dirname as pathDirname, join as pathJoin, @@ -97,6 +100,10 @@ class App { push: Push.Push; versions: IPackageVersions | undefined; + protocol: string; + sslKey: string; + sslCert: string; + constructor() { this.app = express(); @@ -112,6 +119,10 @@ class App { this.push = Push.getInstance(); this.activeExecutionsInstance = ActiveExecutions.getInstance(); + + this.protocol = config.get('protocol'); + this.sslKey = config.get('ssl_key'); + this.sslCert = config.get('ssl_cert'); } @@ -1255,7 +1266,20 @@ export async function start(): Promise { await app.config(); - app.app.listen(PORT, async () => { + let server; + + if(app.protocol === 'https'){ + const https = require('https'); + const privateKey = readFileSync(app.sslKey,'utf8'); + const cert = readFileSync(app.sslCert,'utf8'); + const credentials = { key: privateKey,cert }; + server = https.createServer(credentials,app.app); + }else{ + const http = require('http'); + server = http.createServer(app.app); + } + + server.listen(PORT, async () => { const versions = await GenericHelpers.getVersions(); console.log(`n8n ready on port ${PORT}`); console.log(`Version: ${versions.cli}`);