From a171a1040c05d94d225a27a300ebb9cb00205ceb Mon Sep 17 00:00:00 2001 From: SashkoMarchuk Date: Wed, 17 Sep 2025 12:09:30 +0200 Subject: [PATCH 1/2] Add security configurations and authentication environment variables to Docker Compose files - Add N8N_BLOCK_ENV_ACCESS_IN_NODE=true to docker-compose.yml for enhanced security - Add N8N_ENV_ACCESS_ALLOWED with ASSEMBLY_USER and ASSEMBLY_PASS to docker-compose.prod.yml - Add ASSEMBLY_USER and ASSEMBLY_PASS environment variables to both compose files --- docker-compose.prod.yml | 4 ++++ docker-compose.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 7ffc2bf..fc6fbc5 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -22,6 +22,10 @@ services: - N8N_BLOCKED_NODES=n8n-nodes-base.executeCommand,n8n-nodes-base.ssh - N8N_DEFAULT_BINARY_DATA_MODE=filesystem - N8N_BINARY_DATA_STORAGE_PATH=/data/n8n/binaryData + # Allowlist specific safe environment variables for node access + - N8N_ENV_ACCESS_ALLOWED=SEMBLY_USER,SEMBLY_PASS + - SEMBLY_USER=${SEMBLY_USER:?SEMBLY_USER is required} + - SEMBLY_PASS=${SEMBLY_PASS:?SEMBLY_PASS is required} postgresql: !reset null temporal: diff --git a/docker-compose.yml b/docker-compose.yml index 5de8e10..2464cd3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,6 +28,10 @@ services: - DB_POSTGRESDB_DATABASE=${POSTGRES_DB_N8N:-n8n} - DB_POSTGRESDB_USER=${POSTGRES_USER_N8N:-n8n} - DB_POSTGRESDB_PASSWORD=${POSTGRES_PASSWORD_N8N:-n8n_password} + # Block $env access in nodes for security (default: true) + - N8N_BLOCK_ENV_ACCESS_IN_NODE=true + - SEMBLY_USER=${SEMBLY_USER:-sembly_user} + - SEMBLY_PASS=${SEMBLY_PASS:-sembly_pass} - N8N_LOG_LEVEL=debug - N8N_LOG_OUTPUT=console - TZ=${TZ:-America/New_York} From 4701c29e22923a2fc44de7588e78ec4f5321795f Mon Sep 17 00:00:00 2001 From: SashkoMarchuk Date: Wed, 17 Sep 2025 17:53:26 +0200 Subject: [PATCH 2/2] Remove invalid n8n environment configuration and allow env access in nodes - Remove invalid N8N_ENV_ACCESS_ALLOWED configuration from docker-compose.prod.yml - Set N8N_BLOCK_ENV_ACCESS_IN_NODE=false in docker-compose.yml to allow environment variable access in nodes --- docker-compose.prod.yml | 4 ++-- docker-compose.yml | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index fc6fbc5..a28e039 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -22,10 +22,10 @@ services: - N8N_BLOCKED_NODES=n8n-nodes-base.executeCommand,n8n-nodes-base.ssh - N8N_DEFAULT_BINARY_DATA_MODE=filesystem - N8N_BINARY_DATA_STORAGE_PATH=/data/n8n/binaryData - # Allowlist specific safe environment variables for node access - - N8N_ENV_ACCESS_ALLOWED=SEMBLY_USER,SEMBLY_PASS - SEMBLY_USER=${SEMBLY_USER:?SEMBLY_USER is required} - SEMBLY_PASS=${SEMBLY_PASS:?SEMBLY_PASS is required} + volumes: + - n8n_data:/data/n8n postgresql: !reset null temporal: diff --git a/docker-compose.yml b/docker-compose.yml index 2464cd3..70679ed 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,8 +28,7 @@ services: - DB_POSTGRESDB_DATABASE=${POSTGRES_DB_N8N:-n8n} - DB_POSTGRESDB_USER=${POSTGRES_USER_N8N:-n8n} - DB_POSTGRESDB_PASSWORD=${POSTGRES_PASSWORD_N8N:-n8n_password} - # Block $env access in nodes for security (default: true) - - N8N_BLOCK_ENV_ACCESS_IN_NODE=true + - N8N_BLOCK_ENV_ACCESS_IN_NODE=false - SEMBLY_USER=${SEMBLY_USER:-sembly_user} - SEMBLY_PASS=${SEMBLY_PASS:-sembly_pass} - N8N_LOG_LEVEL=debug