N8N mit Postgres, Redis und Service Workern hinter Nginx-Proxy-Manager

services:
  n8n-main:
    image: n8nio/n8n:latest
    container_name: n8n_v2_main
    restart: always
    user: "1000:1000"
    env_file:
      - .env
    environment:
      - NODE_OPTIONS=${MAIN_NODE_OPTIONS}
      - EXECUTIONS_MODE=queue
      - OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true
      - N8N_RESTRICT_FILE_ACCESS_TO=/files;/home/node/.n8n-files
      # WICHTIG: Main-Prozess soll keine Production-Webhooks verarbeiten
      - N8N_SKIP_WEBHOOK_REGISTRATION_ON_STARTUP=true
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    depends_on:
      - postgres
      - redis
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.120

  n8n-webhook:
    image: n8nio/n8n:latest
    container_name: n8n_v2_webhook
    restart: always
    user: "1000:1000"
    command: webhook # Startet n8n rein als Webhook-Receiver
    env_file:
      - .env
    environment:
      - EXECUTIONS_MODE=queue
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    depends_on:
      - postgres
      - redis
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.121

  n8n-worker:
    image: n8nio/n8n:latest
    restart: always
    deploy:
      replicas: 3 # Starte 3 Worker
    command: worker # Explizit als Worker starten
    env_file:
      - .env
    environment:
      - NODE_OPTIONS=${WORKER_NODE_OPTIONS}
      - EXECUTIONS_MODE=queue
      - N8N_HOST=172.22.0.120 # IP des Main-Containers für interne Kommunikation
      - N8N_PORT=5678
      - QUEUE_BULL_REDIS_HOST=${QUEUE_BULL_REDIS_HOST}
      - QUEUE_BULL_REDIS_PORT=${QUEUE_BULL_REDIS_PORT}
      - QUEUE_BULL_PREFIX=${QUEUE_BULL_PREFIX}
      - N8N_RESTRICT_FILE_ACCESS_TO=/files;/home/node/.n8n-files
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    networks:
      - trusted-internal # Keine feste IPv4 Adresse hier

  postgres:
    image: postgres:15
    container_name: n8n_v2_postgres
    restart: always
    env_file:
      - .env
    volumes:
      - /opt/n8n-v2/postgres:/var/lib/postgresql/data
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.122

  redis:
    image: redis:7
    container_name: n8n_v2_redis
    restart: always
    command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.123

  gotenberg:
    image: gotenberg/gotenberg:8
    container_name: n8n_v2_pdf_service
    restart: always
    environment:
      - GOTENBERG_API_TIMEOUT=300s
      - GOTENBERG_CHROMIUM_MAX_CONCURRENT_PAGES=1
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.124

networks:
  trusted-internal:
    external: true

services:
  n8n-main:
    image: n8nio/n8n:latest
    container_name: n8n_v2_main
    restart: always
    user: "1000:1000"
    env_file:
      - .env
    environment:
      - NODE_OPTIONS=${MAIN_NODE_OPTIONS}
      - EXECUTIONS_MODE=queue
      - OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true
      - N8N_RESTRICT_FILE_ACCESS_TO=/files;/home/node/.n8n-files
      # WICHTIG: Main-Prozess soll keine Production-Webhooks verarbeiten
      - N8N_SKIP_WEBHOOK_REGISTRATION_ON_STARTUP=true
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    depends_on:
      - postgres
      - redis
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.120

  n8n-webhook:
    image: n8nio/n8n:latest
    container_name: n8n_v2_webhook
    restart: always
    user: "1000:1000"
    command: webhook # Startet n8n rein als Webhook-Receiver
    env_file:
      - .env
    environment:
      - EXECUTIONS_MODE=queue
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    depends_on:
      - postgres
      - redis
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.121

  n8n-worker:
    image: n8nio/n8n:latest
    restart: always
    deploy:
      replicas: 3 # Starte 3 Worker
    command: worker # Explizit als Worker starten
    env_file:
      - .env
    environment:
      - NODE_OPTIONS=${WORKER_NODE_OPTIONS}
      - EXECUTIONS_MODE=queue
      - N8N_HOST=172.22.0.120 # IP des Main-Containers für interne Kommunikation
      - N8N_PORT=5678
      - QUEUE_BULL_REDIS_HOST=${QUEUE_BULL_REDIS_HOST}
      - QUEUE_BULL_REDIS_PORT=${QUEUE_BULL_REDIS_PORT}
      - QUEUE_BULL_PREFIX=${QUEUE_BULL_PREFIX}
      - N8N_RESTRICT_FILE_ACCESS_TO=/files;/home/node/.n8n-files
    volumes:
      - /opt/n8n-v2/data:/home/node/.n8n
      - /opt/n8n-v2/files:/files
      - /opt/n8n-v2/tmp:/tmp
    networks:
      - trusted-internal # Keine feste IPv4 Adresse hier

  postgres:
    image: postgres:15
    container_name: n8n_v2_postgres
    restart: always
    env_file:
      - .env
    volumes:
      - /opt/n8n-v2/postgres:/var/lib/postgresql/data
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.122

  redis:
    image: redis:7
    container_name: n8n_v2_redis
    restart: always
    command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.123

  gotenberg:
    image: gotenberg/gotenberg:8
    container_name: n8n_v2_pdf_service
    restart: always
    environment:
      - GOTENBERG_API_TIMEOUT=300s
      - GOTENBERG_CHROMIUM_MAX_CONCURRENT_PAGES=1
    networks:
      trusted-internal:
        ipv4_address: 172.22.0.124

networks:
  trusted-internal:
    external: true

# =========================
# n8n Security
# =========================
N8N_ENCRYPTION_KEY=<unique-encryption-key> # openssl rand -hex 32

# Main / Worker Base
N8N_HOST=workflow.domain.com
N8N_PROTOCOL=https
WEBHOOK_URL=https://workflow.domain.com/
N8N_EDITOR_BASE_URL=https://workflow.domain.com
N8N_EXPRESS_TRUST_PROXY=true
N8N_PROXY_HOPS=1
N8N_BLOCK_JS_PYTHON_TASK_RUNNER=true
N8N_SKIP_WEBHOOK_REGISTRATION_ON_STARTUP=true
N8N_LICENSE_AUTO_RENEW_ENABLED=true
N8N_LICENSE_RENEW_ON_INIT=true

# Queue Mode
EXECUTIONS_MODE=queue
QUEUE_BULL_REDIS_HOST=172.22.0.123
QUEUE_BULL_REDIS_PORT=6379
QUEUE_BULL_PREFIX=n8n_v2

# Postgres
DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=172.22.0.122
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n
DB_POSTGRESDB_PASSWORD=<postgrespassword>

# Redis
REDIS_HOST=172.22.0.123
REDIS_PORT=6379

# Offload manual executions
OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true

# Memory
MAIN_NODE_OPTIONS=--max-old-space-size=2048
WORKER_NODE_OPTIONS=--max-old-space-size=4096

# =========================
# Mail
# =========================
N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST=<mailserverhost>
N8N_SMTP_USER=<mailserveruser>
N8N_SMTP_PASS=<mailserverpassword>

# =========================
# n8n Security
# =========================
N8N_ENCRYPTION_KEY=<unique-encryption-key> # openssl rand -hex 32

# Main / Worker Base
N8N_HOST=workflow.domain.com
N8N_PROTOCOL=https
WEBHOOK_URL=https://workflow.domain.com/
N8N_EDITOR_BASE_URL=https://workflow.domain.com
N8N_EXPRESS_TRUST_PROXY=true
N8N_PROXY_HOPS=1
N8N_BLOCK_JS_PYTHON_TASK_RUNNER=true
N8N_SKIP_WEBHOOK_REGISTRATION_ON_STARTUP=true
N8N_LICENSE_AUTO_RENEW_ENABLED=true
N8N_LICENSE_RENEW_ON_INIT=true

# Queue Mode
EXECUTIONS_MODE=queue
QUEUE_BULL_REDIS_HOST=172.22.0.123
QUEUE_BULL_REDIS_PORT=6379
QUEUE_BULL_PREFIX=n8n_v2

# Postgres
DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=172.22.0.122
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n
DB_POSTGRESDB_PASSWORD=<postgrespassword>

# Redis
REDIS_HOST=172.22.0.123
REDIS_PORT=6379

# Offload manual executions
OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true

# Memory
MAIN_NODE_OPTIONS=--max-old-space-size=2048
WORKER_NODE_OPTIONS=--max-old-space-size=4096

# =========================
# Mail
# =========================
N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST=<mailserverhost>
N8N_SMTP_USER=<mailserveruser>
N8N_SMTP_PASS=<mailserverpassword>

# Tab "Details"

Domain: workflow.domain.com
Scheme: 172.22.0.120
Port: 5678
Websockets Support: on

# Tab "Custom Locations"
Location: /webook/
Scheme: http
Forward Hostname / IP: 172.22.0.121
Forward Port: 5678
Advanced Setting:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;

Location: /webook-test/
Scheme: http
Forward Hostname / IP: 172.22.0.121
Forward Port: 5678
Advanced Setting:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;

# Tab "SSL"
SSL Zertifikat aussuchen
Force SSL: on
HTTP/2 Support: on

# Tab "Details"

Domain: workflow.domain.com
Scheme: 172.22.0.120
Port: 5678
Websockets Support: on

# Tab "Custom Locations"
Location: /webook/
Scheme: http
Forward Hostname / IP: 172.22.0.121
Forward Port: 5678
Advanced Setting:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;

Location: /webook-test/
Scheme: http
Forward Hostname / IP: 172.22.0.121
Forward Port: 5678
Advanced Setting:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;

# Tab "SSL"
SSL Zertifikat aussuchen
Force SSL: on
HTTP/2 Support: on