LLM/n8n-install
1
0
Fork 0
mirror of https://github.com/kossakovsky/n8n-install.git synced 2026-03-06 22:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
n8n-install/.env.example
Yury Kossakovsky 107f18296a feat: add appsmith low-code platform for internal tools 
adds appsmith as an optional service with caddy reverse proxy,
auto-generated encryption secrets, wizard selection, welcome page
integration, update preview support, and final report output.
bumps version to 1.3.0.
2026-02-27 18:39:45 -07:00

618 lines
16 KiB
Plaintext
Raw Permalink Blame History

##### Change the name of this file to .env after updating it!
############
# [optional]
# Anonymous telemetry - helps improve the project
# Set to false to disable (default: true)
############
# SCARF_ANALYTICS=false
############
# [required]
# n8n credentials - you set this to whatever you want, just make it a long and secure string for both!
############
N8N_ENCRYPTION_KEY=
N8N_USER_MANAGEMENT_JWT_SECRET=
N8N_RUNNERS_AUTH_TOKEN=
############
# [required]
# grafana credentials - you set this to whatever you want, just make it a long and secure string for both!
############
GRAFANA_ADMIN_PASSWORD=
############
# [required]
# prometheus credentials - you set this to whatever you want, just make it a long and secure string for both!
############
PROMETHEUS_USERNAME=
PROMETHEUS_PASSWORD=
############
# [required]
# searxng credentials - you set this to whatever you want, just make it a long and secure string for both!
############
SEARXNG_USERNAME=
SEARXNG_PASSWORD=
############
# [required]
# Supabase Secrets
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
# Read these docs for any help: https://supabase.com/docs/guides/self-hosting/docker
# For the JWT Secret and keys, see: https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys
# For the other secrets, see: https://supabase.com/docs/guides/self-hosting/docker#update-secrets
# You can really decide any value for POOLER_TENANT_ID like 1000.
# Note that using special symbols (like '%') can complicate things a bit for your Postgres password.
# If you use special symbols in your Postgres password, you must remember to percent-encode your password later if using the Postgres connection string, for example, postgresql://postgres.projectref:p%3Dword@aws-0-us-east-1.pooler.supabase.com:6543/postgres
############
POSTGRES_PASSWORD=
JWT_SECRET=
ANON_KEY=
SERVICE_ROLE_KEY=
DASHBOARD_USERNAME=
DASHBOARD_PASSWORD=
POOLER_TENANT_ID=1000
############
# [required]
# Weaviate username and password
############
WEAVIATE_USERNAME=
WEAVIATE_API_KEY=
############
# [required]
# Qdrant API Key
############
QDRANT_API_KEY=
############
# [required]
# Neo4j username and password
############
NEO4J_AUTH_USERNAME=neo4j
NEO4J_AUTH_PASSWORD=
############
# [required]
# NocoDB JWT Secret (auto-generated)
############
NOCODB_JWT_SECRET=
############
# [required]
# Appsmith encryption credentials (auto-generated)
############
APPSMITH_ENCRYPTION_PASSWORD=
APPSMITH_ENCRYPTION_SALT=
############
# [required]
# Langfuse credentials
# Each of the secret keys you can set to whatever you want, just make it secure!
# For the encryption key, use the command `openssl rand -hex 32`
# openssl is available by defualt on Linux/Mac
# For Windows, you can use the 'Git Bash' terminal installed with git
############
CLICKHOUSE_PASSWORD=
MINIO_ROOT_PASSWORD=
LANGFUSE_SALT=
NEXTAUTH_SECRET=
ENCRYPTION_KEY=
LANGFUSE_INIT_PROJECT_PUBLIC_KEY=
LANGFUSE_INIT_PROJECT_SECRET_KEY=
LANGFUSE_INIT_USER_EMAIL=
LANGFUSE_INIT_USER_PASSWORD=
############
# [required]
# ComfyUI credentials - you set this to whatever you want, just make it a long and secure string for both!
############
COMFYUI_USERNAME=
COMFYUI_PASSWORD=
############
# [required]
# LibreTranslate credentials (for Caddy basic auth)
############
LT_USERNAME=
LT_PASSWORD=
LT_PASSWORD_HASH=
############
# [required for prod]
# Caddy Config
# By default listen on https://localhost:[service port] and don't use an email for SSL
# To change this for production:
# Uncomment all of these environment variables for the services you want exposed
# Note that you might not want to expose Ollama or SearXNG since they aren't secured by default
# Replace the placeholder value with the host for each service (like n8n.yourdomain.com)
# Replace internal by your email (require to create a Let's Encrypt certificate)
############
USER_DOMAIN_NAME=
LETSENCRYPT_EMAIL=
APPSMITH_HOSTNAME=appsmith.yourdomain.com
COMFYUI_HOSTNAME=comfyui.yourdomain.com
DATABASUS_HOSTNAME=databasus.yourdomain.com
DIFY_HOSTNAME=dify.yourdomain.com
DOCLING_HOSTNAME=docling.yourdomain.com
FLOWISE_HOSTNAME=flowise.yourdomain.com
GRAFANA_HOSTNAME=grafana.yourdomain.com
LANGFUSE_HOSTNAME=langfuse.yourdomain.com
LETTA_HOSTNAME=letta.yourdomain.com
LIGHTRAG_HOSTNAME=lightrag.yourdomain.com
LT_HOSTNAME=translate.yourdomain.com
N8N_HOSTNAME=n8n.yourdomain.com
NEO4J_HOSTNAME=neo4j.yourdomain.com
NOCODB_HOSTNAME=nocodb.yourdomain.com
PADDLEOCR_HOSTNAME=paddleocr.yourdomain.com
PORTAINER_HOSTNAME=portainer.yourdomain.com
POSTIZ_HOSTNAME=postiz.yourdomain.com
TEMPORAL_UI_HOSTNAME=temporal.yourdomain.com
PROMETHEUS_HOSTNAME=prometheus.yourdomain.com
QDRANT_HOSTNAME=qdrant.yourdomain.com
RAGAPP_HOSTNAME=ragapp.yourdomain.com
RAGFLOW_HOSTNAME=ragflow.yourdomain.com
SEARXNG_HOSTNAME=searxng.yourdomain.com
SUPABASE_HOSTNAME=supabase.yourdomain.com
WAHA_HOSTNAME=waha.yourdomain.com
WEAVIATE_HOSTNAME=weaviate.yourdomain.com
WEBUI_HOSTNAME=webui.yourdomain.com
WELCOME_HOSTNAME=welcome.yourdomain.com
############
# [required]
# Welcome Page credentials (for Caddy basic auth)
############
WELCOME_USERNAME=
WELCOME_PASSWORD=
WELCOME_PASSWORD_HASH=
# Everything below this point is optional.
# Default values will suffice unless you need more features/customization.
RUN_N8N_IMPORT=
############
# [optional]
# n8n configuration
############
# Number of n8n worker-runner pairs to generate.
# Each worker gets its own dedicated task runner sidecar.
# After changing, run: bash scripts/generate_n8n_workers.sh
# Defaults to 1 if unset.
N8N_WORKER_COUNT=1
# Enable offloading manual executions to workers (recommended for production).
# When true, the main n8n instance does not execute workflows, only coordinates.
OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true
# Maximum number of concurrent Code node executions per task runner. Defaults to 5.
N8N_RUNNERS_MAX_CONCURRENCY=5
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true
EXECUTIONS_MODE=queue
N8N_LOG_LEVEL=info
NODES_EXCLUDE="[]"
N8N_LOG_OUTPUT=console
# Timezone for n8n and workflows (https://docs.n8n.io/hosting/configuration/environment-variables/timezone-localization/)
GENERIC_TIMEZONE=America/New_York
############
# [optional]
# n8n SMTP environment variables
############
N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST=
N8N_SMTP_PORT=
N8N_SMTP_USER=
N8N_SMTP_PASS=
N8N_SMTP_OAUTH_SERVICE_CLIENT=
N8N_SMTP_OAUTH_PRIVATE_KEY=
N8N_SMTP_SENDER=
N8N_SMTP_SSL=true
N8N_SMTP_STARTTLS=true
############
# [required]
# PaddleOCR credentials
############
PADDLEOCR_USERNAME=
PADDLEOCR_PASSWORD=
PADDLEOCR_PASSWORD_HASH=
############
# [required]
# Docling credentials (for Caddy basic auth)
############
DOCLING_USERNAME=
DOCLING_PASSWORD=
DOCLING_PASSWORD_HASH=
############
# [required]
# RAGApp credentials - used for Basic Auth in Caddy
############
RAGAPP_USERNAME=
RAGAPP_PASSWORD=
############
# [required]
# LightRAG credentials (for built-in authentication)
# Username and password for web interface login
# API key for programmatic access to the API
############
LIGHTRAG_USERNAME=
LIGHTRAG_PASSWORD=
LIGHTRAG_API_KEY=
#
#
#######
#####
#
############
# LibreTranslate Configuration
# These map directly to container envs (LT_* in docker-compose)
############
LT_API_KEYS=false
LT_BATCH_LIMIT=
LT_CHAR_LIMIT=10000
LT_DEBUG=false
LT_FRONTEND_LANGUAGE_SOURCE=auto
LT_FRONTEND_LANGUAGE_TARGET=en
LT_FRONTEND_TIMEOUT=2000
LT_HOST=0.0.0.0
LT_LOAD_ONLY=en,ru
LT_METRICS=false
LT_PORT=5000
LT_REQ_LIMIT=
LT_SSL=false
LT_SUGGESTIONS=false
LT_THREADS=4
LT_UPDATE_MODELS=true
############
# Optional Google Authentication for Supabase
# Get these values from the Google Admin Console
############
# ENABLE_GOOGLE_SIGNUP=true
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=
############
# Optional SearXNG Config
# If you run a very small or a very large instance, you might want to change the amount of used uwsgi workers and threads per worker
# More workers (= processes) means that more search requests can be handled at the same time, but it also causes more resource usage
############
# SEARXNG_UWSGI_WORKERS=4
# SEARXNG_UWSGI_THREADS=4
############
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
############
POSTGRES_HOST=db
POSTGRES_DB=postgres
POSTGRES_PORT=5432
POSTGRES_USER=postgres
# Service-specific database names
# New installations use dedicated databases per service
# Existing installations may use 'postgres' for backward compatibility
POSTIZ_DB_NAME=postiz
WAHA_DB_NAME=waha
LIGHTRAG_DB_NAME=lightrag
############
# Supavisor -- Database pooler and others that can be left as default values
############
POOLER_PROXY_PORT_TRANSACTION=6543
POOLER_DEFAULT_POOL_SIZE=20
POOLER_MAX_CLIENT_CONN=100
SECRET_KEY_BASE=
VAULT_ENC_KEY=
PG_META_CRYPTO_KEY=
# Pool size for internal metadata storage used by Supavisor
# This is separate from client connections and used only by Supavisor itself
POOLER_DB_POOL_SIZE=5
############
# API Proxy - Configuration for the Kong Reverse proxy.
############
KONG_HTTP_PORT=8000
KONG_HTTPS_PORT=8443
############
# API - Configuration for PostgREST.
############
PGRST_DB_SCHEMAS=public,storage,graphql_public
############
# Auth - Configuration for the GoTrue authentication server.
############
## General
SITE_URL=http://localhost:3000
ADDITIONAL_REDIRECT_URLS=
JWT_EXPIRY=3600
DISABLE_SIGNUP=false
API_EXTERNAL_URL=http://localhost:8000
## Mailer Config
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
MAILER_URLPATHS_INVITE="/auth/v1/verify"
MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
## Email auth
ENABLE_EMAIL_SIGNUP=true
ENABLE_EMAIL_AUTOCONFIRM=true
SMTP_ADMIN_EMAIL=admin@example.com
SMTP_HOST=supabase-mail
SMTP_PORT=2500
SMTP_USER=fake_mail_user
SMTP_PASS=fake_mail_password
SMTP_SENDER_NAME=fake_sender
ENABLE_ANONYMOUS_USERS=false
## Phone auth
ENABLE_PHONE_SIGNUP=true
ENABLE_PHONE_AUTOCONFIRM=true
############
# Studio - Configuration for the Dashboard
############
STUDIO_DEFAULT_ORGANIZATION=Organization
STUDIO_DEFAULT_PROJECT=Project
STUDIO_PORT=3000
# replace if you intend to use Studio outside of localhost
SUPABASE_PUBLIC_URL=http://localhost:8000
# Enable webp support
IMGPROXY_ENABLE_WEBP_DETECTION=true
# Add your OpenAI API key to enable SQL Editor Assistant
OPENAI_API_KEY=
# ============================================
# Cloudflare Tunnel Configuration (Optional)
# ============================================
CLOUDFLARE_TUNNEL_TOKEN=
# ============================================
# Gost Proxy Configuration (Optional)
# ============================================
# Routes AI service traffic through an external proxy for geo-bypass.
# Use this to access OpenAI/Anthropic/Google APIs from restricted regions.
# Credentials (auto-generated)
GOST_USERNAME=gost
GOST_PASSWORD=
# Proxy URL for AI services (auto-generated: http://user:pass@gost:8080)
GOST_PROXY_URL=
# External upstream proxy (REQUIRED - asked during wizard if gost is selected)
# Examples: socks5://user:pass@proxy.com:1080, http://user:pass@proxy.com:8080
# IMPORTANT: For HTTP proxies use http://, NOT https://
# The protocol refers to proxy type, not connection security.
GOST_UPSTREAM_PROXY=
# Internal services bypass list (prevents internal Docker traffic from going through proxy)
# Includes: Docker internal networks (172.16-31.*, 10.*), Docker DNS (127.0.0.11), and all service hostnames
GOST_NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.local,appsmith,postgres,postgres:5432,redis,redis:6379,caddy,ollama,neo4j,qdrant,weaviate,clickhouse,minio,searxng,crawl4ai,gotenberg,langfuse-web,langfuse-worker,flowise,n8n,n8n-import,n8n-worker-1,n8n-worker-2,n8n-worker-3,n8n-worker-4,n8n-worker-5,n8n-worker-6,n8n-worker-7,n8n-worker-8,n8n-worker-9,n8n-worker-10,n8n-runner-1,n8n-runner-2,n8n-runner-3,n8n-runner-4,n8n-runner-5,n8n-runner-6,n8n-runner-7,n8n-runner-8,n8n-runner-9,n8n-runner-10,letta,lightrag,docling,postiz,temporal,temporal-ui,ragflow,ragflow-mysql,ragflow-minio,ragflow-redis,ragflow-elasticsearch,ragapp,open-webui,comfyui,waha,libretranslate,paddleocr,nocodb,db,studio,kong,auth,rest,realtime,storage,imgproxy,meta,functions,analytics,vector,supavisor,gost,api.telegram.org,telegram.org,t.me,core.telegram.org
############
# Functions - Configuration for Functions
############
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
FUNCTIONS_VERIFY_JWT=false
############
# Logs - Configuration for Analytics
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
############
# Change vector.toml sinks to reflect this change
# these cannot be the same value
LOGFLARE_PUBLIC_ACCESS_TOKEN="not-in-use"
LOGFLARE_PRIVATE_ACCESS_TOKEN="not-in-use"
# Docker socket location - this value will differ depending on your OS
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
# Google Cloud Project details
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
# Letta
LETTA_SERVER_PASSWORD=
# Langsmith
LANGCHAIN_ENDPOINT=https://api.smith.langchain.com
LANGCHAIN_TRACING_V2=true
LANGCHAIN_API_KEY=
# Dify application settings
# Based on: https://docs.dify.ai/en/getting-started/install-self-hosted/environments
############
DIFY_SECRET_KEY=
DIFY_EXPOSE_NGINX_PORT=8080
DIFY_EXPOSE_NGINX_SSL_PORT=9443
############
# Docker Compose parallel limit
# Limits the number of simultaneous Docker image pulls to prevent
# "net/http: TLS handshake timeout" errors when many services are selected.
# Increase this value if you have a fast network connection.
############
COMPOSE_PARALLEL_LIMIT=3
###########################################################################################
COMPOSE_PROFILES="n8n,portainer,monitoring,databasus"
PROMETHEUS_PASSWORD_HASH=
SEARXNG_PASSWORD_HASH=
COMFYUI_PASSWORD_HASH=
RAGAPP_PASSWORD_HASH=
############
# Postiz configuration
# Reference: https://docs.postiz.com/configuration/reference
# To protect Postiz via Caddy basic auth (optional), set these:
############
POSTIZ_DISABLE_REGISTRATION=false
############
# Temporal UI credentials (for Caddy basic auth)
############
TEMPORAL_UI_USERNAME=
TEMPORAL_UI_PASSWORD=
TEMPORAL_UI_PASSWORD_HASH=
############
# Postiz Social Media Integrations
# Leave blank if not used. Provide credentials from each platform.
############
X_API_KEY=
X_API_SECRET=
LINKEDIN_CLIENT_ID=
LINKEDIN_CLIENT_SECRET=
REDDIT_CLIENT_ID=
REDDIT_CLIENT_SECRET=
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
BEEHIIVE_API_KEY=
BEEHIIVE_PUBLICATION_ID=
THREADS_APP_ID=
THREADS_APP_SECRET=
FACEBOOK_APP_ID=
FACEBOOK_APP_SECRET=
YOUTUBE_CLIENT_ID=
YOUTUBE_CLIENT_SECRET=
TIKTOK_CLIENT_ID=
TIKTOK_CLIENT_SECRET=
PINTEREST_CLIENT_ID=
PINTEREST_CLIENT_SECRET=
DRIBBBLE_CLIENT_ID=
DRIBBBLE_CLIENT_SECRET=
DISCORD_CLIENT_ID=
DISCORD_CLIENT_SECRET=
DISCORD_BOT_TOKEN_ID=
SLACK_ID=
SLACK_SECRET=
SLACK_SIGNING_SECRET=
MASTODON_URL=https://mastodon.social
MASTODON_CLIENT_ID=
MASTODON_CLIENT_SECRET=
############
# WAHA (WhatsApp HTTP API) configuration
# Engine: NOWEB | WEBJS | GOWS
############
WAHA_ENGINE=NOWEB
WAHA_PUBLIC_URL=https://waha.yourdomain.com
# API key (hashed). Value must look like: sha512:HEX
WAHA_API_KEY=
# Plaintext API key (generated; shown in final report). Keep private.
WAHA_API_KEY_PLAIN=
# Dashboard credentials
WAHA_DASHBOARD_USERNAME=
WAHA_DASHBOARD_PASSWORD=
# Swagger credentials
WHATSAPP_SWAGGER_USERNAME=
WHATSAPP_SWAGGER_PASSWORD=
############
# [required]
# RAGFlow internal credentials (for MySQL, MinIO, Redis, and Elasticsearch)
############
RAGFLOW_MYSQL_ROOT_PASSWORD=
RAGFLOW_MINIO_ROOT_PASSWORD=
RAGFLOW_REDIS_PASSWORD=
RAGFLOW_ELASTICSEARCH_PASSWORD=
############
# [optional]
# Docling configuration
# DOCLING_IMAGE: Choose CPU or GPU version
# - ghcr.io/docling-project/docling-serve-cpu (4.4 GB, default)
# - ghcr.io/docling-project/docling-serve-cu126 (10.0 GB, NVIDIA GPU with CUDA 12.6)
# - ghcr.io/docling-project/docling-serve-cu128 (11.4 GB, NVIDIA GPU with CUDA 12.8)
# Note: Web UI is always enabled on /ui
#
# VLM Pipeline Configuration:
# DOCLING_SERVE_ENABLE_REMOTE_SERVICES: Required for VLM via external APIs (Ollama, vLLM)
# DOCLING_SERVE_LOAD_MODELS_AT_BOOT: Pre-load standard models at startup
# DOCLING_DEVICE: Device for model inference (cpu, cuda, mps)
############
DOCLING_IMAGE=ghcr.io/docling-project/docling-serve-cpu
DOCLING_SERVE_ENABLE_REMOTE_SERVICES=true
DOCLING_SERVE_LOAD_MODELS_AT_BOOT=false
DOCLING_DEVICE=cpu
##########################################################################################
Reference in New Issue View Git Blame Copy Permalink