mirror of
https://github.com/kossakovsky/n8n-install.git
synced 2026-03-07 22:33:11 +00:00
26485b32c0
gost now always requires an external upstream proxy to function. wizard prompts for upstream proxy url when gost is selected. if no upstream provided, gost is removed from selection.
573 lines
15 KiB
Plaintext
573 lines
15 KiB
Plaintext
##### Change the name of this file to .env after updating it!
|
|
|
|
############
|
|
# [required]
|
|
# flowise credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
FLOWISE_USERNAME=
|
|
FLOWISE_PASSWORD=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# n8n credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
N8N_ENCRYPTION_KEY=
|
|
N8N_USER_MANAGEMENT_JWT_SECRET=
|
|
N8N_RUNNERS_AUTH_TOKEN=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# grafana credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
GRAFANA_ADMIN_PASSWORD=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# prometheus credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
PROMETHEUS_USERNAME=
|
|
PROMETHEUS_PASSWORD=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# searxng credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
SEARXNG_USERNAME=
|
|
SEARXNG_PASSWORD=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# Supabase Secrets
|
|
|
|
# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION
|
|
# Read these docs for any help: https://supabase.com/docs/guides/self-hosting/docker
|
|
# For the JWT Secret and keys, see: https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys
|
|
# For the other secrets, see: https://supabase.com/docs/guides/self-hosting/docker#update-secrets
|
|
# You can really decide any value for POOLER_TENANT_ID like 1000.
|
|
|
|
# Note that using special symbols (like '%') can complicate things a bit for your Postgres password.
|
|
# If you use special symbols in your Postgres password, you must remember to percent-encode your password later if using the Postgres connection string, for example, postgresql://postgres.projectref:p%3Dword@aws-0-us-east-1.pooler.supabase.com:6543/postgres
|
|
############
|
|
|
|
POSTGRES_PASSWORD=
|
|
JWT_SECRET=
|
|
ANON_KEY=
|
|
SERVICE_ROLE_KEY=
|
|
DASHBOARD_USERNAME=
|
|
DASHBOARD_PASSWORD=
|
|
POOLER_TENANT_ID=1000
|
|
|
|
|
|
############
|
|
# [required]
|
|
# Weaviate username and password
|
|
############
|
|
|
|
WEAVIATE_USERNAME=
|
|
WEAVIATE_API_KEY=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# Qdrant API Key
|
|
############
|
|
QDRANT_API_KEY=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# Neo4j username and password
|
|
############
|
|
|
|
NEO4J_AUTH_USERNAME=neo4j
|
|
NEO4J_AUTH_PASSWORD=
|
|
|
|
|
|
############
|
|
# [required]
|
|
# Langfuse credentials
|
|
# Each of the secret keys you can set to whatever you want, just make it secure!
|
|
# For the encryption key, use the command `openssl rand -hex 32`
|
|
# openssl is available by defualt on Linux/Mac
|
|
# For Windows, you can use the 'Git Bash' terminal installed with git
|
|
############
|
|
|
|
CLICKHOUSE_PASSWORD=
|
|
MINIO_ROOT_PASSWORD=
|
|
LANGFUSE_SALT=
|
|
NEXTAUTH_SECRET=
|
|
ENCRYPTION_KEY=
|
|
LANGFUSE_INIT_PROJECT_PUBLIC_KEY=
|
|
LANGFUSE_INIT_PROJECT_SECRET_KEY=
|
|
LANGFUSE_INIT_USER_EMAIL=
|
|
LANGFUSE_INIT_USER_PASSWORD=
|
|
|
|
############
|
|
# [required]
|
|
# ComfyUI credentials - you set this to whatever you want, just make it a long and secure string for both!
|
|
############
|
|
|
|
COMFYUI_USERNAME=
|
|
COMFYUI_PASSWORD=
|
|
|
|
############
|
|
# [required]
|
|
# LibreTranslate credentials (for Caddy basic auth)
|
|
############
|
|
LT_USERNAME=
|
|
LT_PASSWORD=
|
|
LT_PASSWORD_HASH=
|
|
|
|
############
|
|
# [required for prod]
|
|
# Caddy Config
|
|
|
|
# By default listen on https://localhost:[service port] and don't use an email for SSL
|
|
# To change this for production:
|
|
# Uncomment all of these environment variables for the services you want exposed
|
|
# Note that you might not want to expose Ollama or SearXNG since they aren't secured by default
|
|
# Replace the placeholder value with the host for each service (like n8n.yourdomain.com)
|
|
# Replace internal by your email (require to create a Let's Encrypt certificate)
|
|
############
|
|
|
|
USER_DOMAIN_NAME=
|
|
LETSENCRYPT_EMAIL=
|
|
COMFYUI_HOSTNAME=comfyui.yourdomain.com
|
|
DIFY_HOSTNAME=dify.yourdomain.com
|
|
DOCLING_HOSTNAME=docling.yourdomain.com
|
|
FLOWISE_HOSTNAME=flowise.yourdomain.com
|
|
GRAFANA_HOSTNAME=grafana.yourdomain.com
|
|
LANGFUSE_HOSTNAME=langfuse.yourdomain.com
|
|
LETTA_HOSTNAME=letta.yourdomain.com
|
|
LIGHTRAG_HOSTNAME=lightrag.yourdomain.com
|
|
LT_HOSTNAME=translate.yourdomain.com
|
|
N8N_HOSTNAME=n8n.yourdomain.com
|
|
NEO4J_HOSTNAME=neo4j.yourdomain.com
|
|
PADDLEOCR_HOSTNAME=paddleocr.yourdomain.com
|
|
PORTAINER_HOSTNAME=portainer.yourdomain.com
|
|
POSTGRESUS_HOSTNAME=postgresus.yourdomain.com
|
|
POSTIZ_HOSTNAME=postiz.yourdomain.com
|
|
PROMETHEUS_HOSTNAME=prometheus.yourdomain.com
|
|
QDRANT_HOSTNAME=qdrant.yourdomain.com
|
|
RAGAPP_HOSTNAME=ragapp.yourdomain.com
|
|
RAGFLOW_HOSTNAME=ragflow.yourdomain.com
|
|
SEARXNG_HOSTNAME=searxng.yourdomain.com
|
|
SUPABASE_HOSTNAME=supabase.yourdomain.com
|
|
WAHA_HOSTNAME=waha.yourdomain.com
|
|
WEAVIATE_HOSTNAME=weaviate.yourdomain.com
|
|
WEBUI_HOSTNAME=webui.yourdomain.com
|
|
WELCOME_HOSTNAME=welcome.yourdomain.com
|
|
|
|
############
|
|
# [required]
|
|
# Welcome Page credentials (for Caddy basic auth)
|
|
############
|
|
|
|
WELCOME_USERNAME=
|
|
WELCOME_PASSWORD=
|
|
WELCOME_PASSWORD_HASH=
|
|
|
|
# Everything below this point is optional.
|
|
# Default values will suffice unless you need more features/customization.
|
|
|
|
RUN_N8N_IMPORT=
|
|
|
|
############
|
|
# [optional]
|
|
# n8n configuration
|
|
############
|
|
|
|
# Number of n8n worker-runner pairs to generate.
|
|
# Each worker gets its own dedicated task runner sidecar.
|
|
# After changing, run: bash scripts/generate_n8n_workers.sh
|
|
# Defaults to 1 if unset.
|
|
N8N_WORKER_COUNT=1
|
|
|
|
# Enable offloading manual executions to workers (recommended for production).
|
|
# When true, the main n8n instance does not execute workflows, only coordinates.
|
|
OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true
|
|
|
|
# Maximum number of concurrent Code node executions per task runner. Defaults to 5.
|
|
N8N_RUNNERS_MAX_CONCURRENCY=5
|
|
|
|
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true
|
|
EXECUTIONS_MODE=queue
|
|
N8N_LOG_LEVEL=info
|
|
N8N_LOG_OUTPUT=console
|
|
|
|
# Timezone for n8n and workflows (https://docs.n8n.io/hosting/configuration/environment-variables/timezone-localization/)
|
|
GENERIC_TIMEZONE=America/New_York
|
|
|
|
############
|
|
# [optional]
|
|
# n8n SMTP environment variables
|
|
############
|
|
N8N_EMAIL_MODE=smtp
|
|
N8N_SMTP_HOST=
|
|
N8N_SMTP_PORT=
|
|
N8N_SMTP_USER=
|
|
N8N_SMTP_PASS=
|
|
N8N_SMTP_OAUTH_SERVICE_CLIENT=
|
|
N8N_SMTP_OAUTH_PRIVATE_KEY=
|
|
N8N_SMTP_SENDER=
|
|
N8N_SMTP_SSL=true
|
|
N8N_SMTP_STARTTLS=true
|
|
|
|
############
|
|
# [required]
|
|
# PaddleOCR credentials
|
|
############
|
|
|
|
PADDLEOCR_USERNAME=
|
|
PADDLEOCR_PASSWORD=
|
|
PADDLEOCR_PASSWORD_HASH=
|
|
|
|
############
|
|
# [required]
|
|
# Docling credentials (for Caddy basic auth)
|
|
############
|
|
|
|
DOCLING_USERNAME=
|
|
DOCLING_PASSWORD=
|
|
DOCLING_PASSWORD_HASH=
|
|
|
|
############
|
|
# [required]
|
|
# RAGApp credentials - used for Basic Auth in Caddy
|
|
############
|
|
|
|
RAGAPP_USERNAME=
|
|
RAGAPP_PASSWORD=
|
|
|
|
############
|
|
# [required]
|
|
# LightRAG credentials (for built-in authentication)
|
|
# Username and password for web interface login
|
|
# API key for programmatic access to the API
|
|
############
|
|
|
|
LIGHTRAG_USERNAME=
|
|
LIGHTRAG_PASSWORD=
|
|
LIGHTRAG_API_KEY=
|
|
|
|
#
|
|
#
|
|
#######
|
|
#####
|
|
#
|
|
|
|
############
|
|
# LibreTranslate Configuration
|
|
# These map directly to container envs (LT_* in docker-compose)
|
|
############
|
|
LT_API_KEYS=false
|
|
LT_BATCH_LIMIT=
|
|
LT_CHAR_LIMIT=10000
|
|
LT_DEBUG=false
|
|
LT_FRONTEND_LANGUAGE_SOURCE=auto
|
|
LT_FRONTEND_LANGUAGE_TARGET=en
|
|
LT_FRONTEND_TIMEOUT=2000
|
|
LT_HOST=0.0.0.0
|
|
LT_LOAD_ONLY=en,ru
|
|
LT_METRICS=false
|
|
LT_PORT=5000
|
|
LT_REQ_LIMIT=
|
|
LT_SSL=false
|
|
LT_SUGGESTIONS=false
|
|
LT_THREADS=4
|
|
LT_UPDATE_MODELS=true
|
|
|
|
############
|
|
# Optional Google Authentication for Supabase
|
|
# Get these values from the Google Admin Console
|
|
############
|
|
# ENABLE_GOOGLE_SIGNUP=true
|
|
# GOOGLE_CLIENT_ID=
|
|
# GOOGLE_CLIENT_SECRET=
|
|
# GOOGLE_REDIRECT_URI=
|
|
|
|
############
|
|
# Optional SearXNG Config
|
|
# If you run a very small or a very large instance, you might want to change the amount of used uwsgi workers and threads per worker
|
|
# More workers (= processes) means that more search requests can be handled at the same time, but it also causes more resource usage
|
|
############
|
|
|
|
# SEARXNG_UWSGI_WORKERS=4
|
|
# SEARXNG_UWSGI_THREADS=4
|
|
|
|
############
|
|
# Database - You can change these to any PostgreSQL database that has logical replication enabled.
|
|
############
|
|
|
|
POSTGRES_HOST=db
|
|
POSTGRES_DB=postgres
|
|
POSTGRES_PORT=5432
|
|
POSTGRES_USER=postgres
|
|
|
|
############
|
|
# Supavisor -- Database pooler and others that can be left as default values
|
|
############
|
|
POOLER_PROXY_PORT_TRANSACTION=6543
|
|
POOLER_DEFAULT_POOL_SIZE=20
|
|
POOLER_MAX_CLIENT_CONN=100
|
|
SECRET_KEY_BASE=
|
|
VAULT_ENC_KEY=
|
|
PG_META_CRYPTO_KEY=
|
|
# Pool size for internal metadata storage used by Supavisor
|
|
# This is separate from client connections and used only by Supavisor itself
|
|
POOLER_DB_POOL_SIZE=5
|
|
|
|
|
|
############
|
|
# API Proxy - Configuration for the Kong Reverse proxy.
|
|
############
|
|
|
|
KONG_HTTP_PORT=8000
|
|
KONG_HTTPS_PORT=8443
|
|
|
|
|
|
############
|
|
# API - Configuration for PostgREST.
|
|
############
|
|
|
|
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
|
|
|
|
|
############
|
|
# Auth - Configuration for the GoTrue authentication server.
|
|
############
|
|
|
|
## General
|
|
SITE_URL=http://localhost:3000
|
|
ADDITIONAL_REDIRECT_URLS=
|
|
JWT_EXPIRY=3600
|
|
DISABLE_SIGNUP=false
|
|
API_EXTERNAL_URL=http://localhost:8000
|
|
|
|
## Mailer Config
|
|
MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify"
|
|
MAILER_URLPATHS_INVITE="/auth/v1/verify"
|
|
MAILER_URLPATHS_RECOVERY="/auth/v1/verify"
|
|
MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"
|
|
|
|
## Email auth
|
|
ENABLE_EMAIL_SIGNUP=true
|
|
ENABLE_EMAIL_AUTOCONFIRM=true
|
|
SMTP_ADMIN_EMAIL=admin@example.com
|
|
SMTP_HOST=supabase-mail
|
|
SMTP_PORT=2500
|
|
SMTP_USER=fake_mail_user
|
|
SMTP_PASS=fake_mail_password
|
|
SMTP_SENDER_NAME=fake_sender
|
|
ENABLE_ANONYMOUS_USERS=false
|
|
|
|
## Phone auth
|
|
ENABLE_PHONE_SIGNUP=true
|
|
ENABLE_PHONE_AUTOCONFIRM=true
|
|
|
|
|
|
############
|
|
# Studio - Configuration for the Dashboard
|
|
############
|
|
|
|
STUDIO_DEFAULT_ORGANIZATION=Organization
|
|
STUDIO_DEFAULT_PROJECT=Project
|
|
|
|
STUDIO_PORT=3000
|
|
# replace if you intend to use Studio outside of localhost
|
|
SUPABASE_PUBLIC_URL=http://localhost:8000
|
|
|
|
# Enable webp support
|
|
IMGPROXY_ENABLE_WEBP_DETECTION=true
|
|
|
|
# Add your OpenAI API key to enable SQL Editor Assistant
|
|
OPENAI_API_KEY=
|
|
|
|
# ============================================
|
|
# Cloudflare Tunnel Configuration (Optional)
|
|
# ============================================
|
|
CLOUDFLARE_TUNNEL_TOKEN=
|
|
|
|
# ============================================
|
|
# Gost Proxy Configuration (Optional)
|
|
# ============================================
|
|
# Routes AI service traffic through an external proxy for geo-bypass.
|
|
# Use this to access OpenAI/Anthropic/Google APIs from restricted regions.
|
|
|
|
# Credentials (auto-generated)
|
|
GOST_USERNAME=
|
|
GOST_PASSWORD=
|
|
|
|
# Proxy URL for AI services (auto-generated: http://user:pass@gost:8080)
|
|
GOST_PROXY_URL=
|
|
|
|
# External upstream proxy (REQUIRED - asked during wizard if gost is selected)
|
|
# Examples: socks5://user:pass@proxy.com:1080, http://user:pass@proxy.com:8080
|
|
GOST_UPSTREAM_PROXY=
|
|
|
|
# Internal services bypass list (prevents internal Docker traffic from going through proxy)
|
|
GOST_NO_PROXY=localhost,127.0.0.1,postgres,redis,caddy,ollama,neo4j,qdrant,weaviate,clickhouse,minio,searxng,crawl4ai,gotenberg,langfuse-web,langfuse-worker,flowise,n8n,n8n-import,n8n-worker-1,n8n-worker-2,n8n-worker-3,n8n-worker-4,n8n-runner-1,n8n-runner-2,n8n-runner-3,n8n-runner-4,letta,lightrag,docling,postiz,ragflow,ragflow-mysql,ragflow-minio,ragflow-redis,ragflow-elasticsearch,ragapp,open-webui,comfyui,waha,libretranslate,paddleocr,gost
|
|
|
|
############
|
|
# Functions - Configuration for Functions
|
|
############
|
|
# NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.
|
|
FUNCTIONS_VERIFY_JWT=false
|
|
|
|
|
|
############
|
|
# Logs - Configuration for Analytics
|
|
# Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction
|
|
############
|
|
|
|
# Change vector.toml sinks to reflect this change
|
|
# these cannot be the same value
|
|
LOGFLARE_PUBLIC_ACCESS_TOKEN="not-in-use"
|
|
LOGFLARE_PRIVATE_ACCESS_TOKEN="not-in-use"
|
|
|
|
# Docker socket location - this value will differ depending on your OS
|
|
DOCKER_SOCKET_LOCATION=/var/run/docker.sock
|
|
|
|
# Google Cloud Project details
|
|
GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID
|
|
GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER
|
|
|
|
# Letta
|
|
LETTA_SERVER_PASSWORD=
|
|
|
|
# Langsmith
|
|
LANGCHAIN_ENDPOINT=https://api.smith.langchain.com
|
|
LANGCHAIN_TRACING_V2=true
|
|
LANGCHAIN_API_KEY=
|
|
|
|
# Dify application settings
|
|
# Based on: https://docs.dify.ai/en/getting-started/install-self-hosted/environments
|
|
############
|
|
DIFY_SECRET_KEY=
|
|
DIFY_EXPOSE_NGINX_PORT=8080
|
|
DIFY_EXPOSE_NGINX_SSL_PORT=9443
|
|
|
|
###########################################################################################
|
|
COMPOSE_PROFILES="n8n,portainer,monitoring,postgresus"
|
|
PROMETHEUS_PASSWORD_HASH=
|
|
SEARXNG_PASSWORD_HASH=
|
|
COMFYUI_PASSWORD_HASH=
|
|
RAGAPP_PASSWORD_HASH=
|
|
|
|
############
|
|
# Postiz configuration
|
|
# Reference: https://docs.postiz.com/configuration/reference
|
|
# To protect Postiz via Caddy basic auth (optional), set these:
|
|
############
|
|
|
|
POSTIZ_DISABLE_REGISTRATION=false
|
|
|
|
############
|
|
# Postiz Social Media Integrations
|
|
# Leave blank if not used. Provide credentials from each platform.
|
|
############
|
|
|
|
X_API_KEY=
|
|
X_API_SECRET=
|
|
|
|
LINKEDIN_CLIENT_ID=
|
|
LINKEDIN_CLIENT_SECRET=
|
|
|
|
REDDIT_CLIENT_ID=
|
|
REDDIT_CLIENT_SECRET=
|
|
|
|
GITHUB_CLIENT_ID=
|
|
GITHUB_CLIENT_SECRET=
|
|
|
|
BEEHIIVE_API_KEY=
|
|
BEEHIIVE_PUBLICATION_ID=
|
|
|
|
THREADS_APP_ID=
|
|
THREADS_APP_SECRET=
|
|
|
|
FACEBOOK_APP_ID=
|
|
FACEBOOK_APP_SECRET=
|
|
|
|
YOUTUBE_CLIENT_ID=
|
|
YOUTUBE_CLIENT_SECRET=
|
|
|
|
TIKTOK_CLIENT_ID=
|
|
TIKTOK_CLIENT_SECRET=
|
|
|
|
PINTEREST_CLIENT_ID=
|
|
PINTEREST_CLIENT_SECRET=
|
|
|
|
DRIBBBLE_CLIENT_ID=
|
|
DRIBBBLE_CLIENT_SECRET=
|
|
|
|
DISCORD_CLIENT_ID=
|
|
DISCORD_CLIENT_SECRET=
|
|
DISCORD_BOT_TOKEN_ID=
|
|
|
|
SLACK_ID=
|
|
SLACK_SECRET=
|
|
SLACK_SIGNING_SECRET=
|
|
|
|
MASTODON_URL=https://mastodon.social
|
|
MASTODON_CLIENT_ID=
|
|
MASTODON_CLIENT_SECRET=
|
|
|
|
############
|
|
# WAHA (WhatsApp HTTP API) configuration
|
|
# Engine: NOWEB | WEBJS | GOWS
|
|
############
|
|
WAHA_ENGINE=NOWEB
|
|
WAHA_PUBLIC_URL=https://waha.yourdomain.com
|
|
|
|
# API key (hashed). Value must look like: sha512:HEX
|
|
WAHA_API_KEY=
|
|
# Plaintext API key (generated; shown in final report). Keep private.
|
|
WAHA_API_KEY_PLAIN=
|
|
|
|
# Dashboard credentials
|
|
WAHA_DASHBOARD_USERNAME=
|
|
WAHA_DASHBOARD_PASSWORD=
|
|
|
|
# Swagger credentials
|
|
WHATSAPP_SWAGGER_USERNAME=
|
|
WHATSAPP_SWAGGER_PASSWORD=
|
|
|
|
############
|
|
# [required]
|
|
# RAGFlow internal credentials (for MySQL, MinIO, Redis, and Elasticsearch)
|
|
############
|
|
RAGFLOW_MYSQL_ROOT_PASSWORD=
|
|
RAGFLOW_MINIO_ROOT_PASSWORD=
|
|
RAGFLOW_REDIS_PASSWORD=
|
|
RAGFLOW_ELASTICSEARCH_PASSWORD=
|
|
|
|
############
|
|
# [optional]
|
|
# Docling configuration
|
|
# DOCLING_IMAGE: Choose CPU or GPU version
|
|
# - ghcr.io/docling-project/docling-serve-cpu (4.4 GB, default)
|
|
# - ghcr.io/docling-project/docling-serve-cu126 (10.0 GB, NVIDIA GPU with CUDA 12.6)
|
|
# - ghcr.io/docling-project/docling-serve-cu128 (11.4 GB, NVIDIA GPU with CUDA 12.8)
|
|
# Note: Web UI is always enabled on /ui
|
|
#
|
|
# VLM Pipeline Configuration:
|
|
# DOCLING_SERVE_ENABLE_REMOTE_SERVICES: Required for VLM via external APIs (Ollama, vLLM)
|
|
# DOCLING_SERVE_LOAD_MODELS_AT_BOOT: Pre-load standard models at startup
|
|
# DOCLING_DEVICE: Device for model inference (cpu, cuda, mps)
|
|
############
|
|
DOCLING_IMAGE=ghcr.io/docling-project/docling-serve-cpu
|
|
DOCLING_SERVE_ENABLE_REMOTE_SERVICES=true
|
|
DOCLING_SERVE_LOAD_MODELS_AT_BOOT=false
|
|
DOCLING_DEVICE=cpu
|
|
|
|
########################################################################################## |