This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Chosing the right configuration to secure my app (n8n) on GKE

Posted on 02-25-2024 09:48 PM
Jean-Philippe
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi There,

I'm new with Google Cloud and I will host a n8n on GKE (standard).

My question is about security and webhooks.
I've heard it is necessary to setup a reverse proxy to use webhooks.

Could you please help me select the right configuration to secure the connexion (https) and manage webhooks properly ?

Thanks a lot,
JP

0 1 545
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Willbin
Staff
Reply posted on --/--/---- --:-- AM

Hello @Jean-Philippe,

Welcome to Google Cloud Community!

Here are some tips to secure your n8n instance hosted on GKE for handling webhooks.

Setup a reverse proxy for Webhook security
Choose the right reverse proxy
HTTPS with SSL/TLS:

  • Enable HTTPS in your reverse proxy configuration.
  • Obtain SSL/TLS certificates: You can either use self-signed certificates for testing or obtain certificates from trusted CAs for production environments.
  • Configure SSL/TLS termination on the reverse proxy. This ensures that only encrypted connections reach your n8n instance.

Webhook Management:

  • Configure n8n webhooks: Define webhooks within n8n specifying their URL endpoints.
  • Use secure connections: Ensure webhook URLs (exposed by the reverse proxy) use HTTPS and are accessible to the authorized senders.
  • Implement authentication and authorization: Use appropriate mechanisms like API keys, tokens, or challenge-response to restrict access to your webhooks and prevent unauthorized data manipulation. Consider using n8n's native features or additional security plugins for authentication and authorization.
  • Monitor and log webhook activity: Monitor and log webhook requests to track usage, identify potential issues, and maintain an audit trail.

See resources below that might be helpful for you
https://www.doit.com/securely-access-aws-from-gke/
https://github.com/elastic/cloud-on-k8s/issues/1437
https://cloud.google.com/kubernetes-engine/docs/how-to/optimize-webhooks
https://cloud.google.com/kubernetes-engine/docs/deprecations/webhookcompatibility

Don't hesitate to post back any questions here. We are delighted to try and help.

Thanks!

0 Likes
Top Labels in this Space
Top Solution Authors
View all