help me use the private network for database conenctions
I want to connect database to a container using private network but my concern is the public url (which I want to avoid using) and the host use the same ${{RAILWAY_TCP_PROXY_DOMAIN}} and I don't know if my data will go 100% through private network
Solution:Jump to solution
How to connect to Postgres over the Private Network:
Preparation work:
Do this If your app uses the
PGHOST
or PGPORT
variables:...202 Replies
Project ID:
4867c71f-0625-4544-afe4-eb30a0af4f9d
4867c71f-0625-4544-afe4-eb30a0af4f9d
your database does have a volume, right?
The new one yes
I'm testing the new database
to switch soon my plugin v1 db
my concern right now is, this is what my container requires:
This is what I have from the new db:
the public url and the host share the ${{RAILWAY_TCP_PROXY_DOMAIN}}
so I want to make sure my data will go trough the private network even if they share that parameter
in the grand scheme of things it doesnt matter, but i find it odd that your app needs the DATABASE_URL variable along with all the other database variables?
No idea, I'm using a template so the variables were there
gotcha
I could import the template again in a separated project and try deleting the DATABASE_URL var
okay so give me a bit while i write you a guide
ok thank you
what template did you say you deployed?
the highlighted one:
im actually working with the creator of the N8N template you didnt use to have communication to the postgres database go over the private network by default
but i will still write this guide for your already deployed template
Cool thank you!
give me a bit to polish it
sure take your time!
I'm checking now the other template, back in time when I installed this (+1 month ago) that template didn't had queue mode available
that's why I went with the second one
but seems he added that in the last month
he added it last night lol
but its not ready yet
hehe yep
I knew it has to be recent because I really struggled haha
just so you know, you will not be able to communicate to redis over the private network, this is a limitation of the underlying librarys n8n uses to connect to redis
I see
nothing me or railway can do about that
well isn't that important for me as the usage of redis on n8n is pretty pretty low
I wish I could have all the same thing but...
more specifically, its an issue with ioredis thats in use by bull, it assumes the connection to redis will be done with ipv4 and n8n provides no way to tell it to use ipv6 since railways private network is ipv6 only
:/
I will send a feature request to n8n, they always have been pretty open to requests... I don't think they will make it tomorrow but maybe in a few months if isn't a big change they could make it...
that would be awsome
so basically the request would be to ask them to allow choose ipv4 or ipv6 to connect redis right? This only happens with redis?
well technically the change needs to be done in ioredis, then bull needs to update the ioredis library in use, then n8n needs to update the bull library in use
hahaha that looks more complicated now
I though n8n could do a patch from their side
but if they require external updates then it's more complicated
they might be able to come up with something
first draft
Solution
How to connect to Postgres over the Private Network:
Preparation work:
Do this If your app uses the
PGHOST
or PGPORT
variables:
- In the Postgres database open the service variables, Click + New Variable
- Paste in PGHOST_PRIVATE=${{RAILWAY_PRIVATE_DOMAIN}}
, click Add
, cancel the popup
- click + New Variable
again
- Paste in PGPORT_PRIVATE=5432
, click Add
, cancel the popup
Switching to the private network variables:
- For the DATABASE_URL
variable in your app's service, reference the DATABASE_PRIVATE_URL
variable that the postgres database comes with.
- In your app's service variables, change the raw DATABASE_URL
variable's value to ${{Postgres.DATABASE_PRIVATE_URL}}
- If your database is named something other than Postgres
, use the appropriate name instead.
- If applicable: For the PGHOST
variable in your app's service, reference the PGHOST_PRIVATE
variable we just added to the Postgres database.
- In your app's service variables, change the raw PGHOST
variable's value to ${{Postgres.PGHOST_PRIVATE}}
- If your database is named something other than Postgres
, use the appropriate name instead.
- If applicable: For the PGPORT
variable in your app's service, reference the PGPORT_PRIVATE
variable we just added to the Postgres database.
- In your app's service variables, change the raw PGPORT
variable's value to ${{Postgres.PGPORT_PRIVATE}}
- If your database is named something other than Postgres
, use the appropriate name instead.oh wow
thank you
awesome
let me know if that guide is easy to follow
Yep very easy thank you, probably will be migrating next week as this wont be possible for me hehe!
I was re-reading this msg and another solution could be railways allow to use ipv4 on private network? (just mixing ideas hehe)
that wont happen haha
Im curious for the technical reason, which I think there is?
ipv6 is better š¤£
got it
š
though you would say weeelll... it's because ipv6 hash optical md5 point .......................................
and truthfully, ive only seen two pieces of software not play nice with ipv6, it wouldnt make any sense to add ipv4 support for two pieces of software
in both cases it would be an easy fix for the maintainers of said software, and not an easy thing to introduce ipv4
okay, understood
Hello Brody I'm doing this migration now
I'm using your guide + the one button click migration, everything seems to be working fine
I've set the database url to:
Works OK, I tested it
but I have a question
PGHOST and PGPORT look like this:
Since I'm using the private url
should I update PGHOST and PGPORT to ${{Postgresql.PGHOST_PRIVATE}} and ${{Postgresql.PGPORT_PRIVATE}}
?
Appreciate if you could confirm, it seems to be working now with the currentt PGHOST and PGPORT
just want to make sure all the egress will go through the private network
I actually tried updating them to _PRIVATE
With the PGHOST and PGPORT and the private URL everything seems to be working fine
I tested everything and seems to be working fine
š
if you're using the private url in code you have no need to use the host and port
This is what I'm using in the dockerfile
super common misconception, i dont think you are using any of the variables from line 5 to line 21 during build, so you can remove all those lines
hmm, those lines were there when I installed the template...
as long as you have them as service variables, and aren't using them during build, you don't need them in the dockerfile
I just added the lines from 20 to 26
I know, it's a super common misconception
so I can remove lines from 5 to 21?
well 11 I need it
I use it on 25
my bad, you do use one of them,
CUSTOM_MODULES
everything else, you can remove
but you don't need to set the arg to an env variableOk so just to understand better actually and learn to use it. So anything added as VARS in the railway instance doesn't need to be added again to dockerfile?
all service variables will always be available during runtime
Ok makes sense
so dockerfile only build vars
like installing the modules
you can delete lines 5 to 10 and lines 14 to 21
looks ok now?
yep, that's all that's needed
k cool
I assume you have DB_TYPE and N8N_LOG_LEVEL set in the service variables right?
This is my service variables
DATABASE_URL=${{postgresql.DATABASE_PRIVATE_URL}}
EXECUTIONS_DATA_MAX_AGE=168
EXECUTIONS_DATA_PRUNE=true
EXECUTIONS_MODE=queue
GENERIC_TIMEZONE=America/Puerto_Rico
N8N_ENCRYPTION_KEY=xxxsecretxxx
N8N_LOG_LEVEL=debug
N8N_METRICS=true
NODE_FUNCTION_ALLOW_BUILTIN=*
NODE_FUNCTION_ALLOW_EXTERNAL=axios,cheerio,request,aws-sdk,mime,google-libphonenumber
PGDATABASE=${{postgresql.PGDATABASE}}
PGHOST=${{postgresql.PGHOST}}
PGPASSWORD=${{postgresql.PGPASSWORD}}
PGPORT=${{postgresql.PGPORT}}
PGUSER=${{postgresql.PGUSER}}
PORT=5678
QUEUE_BULL_REDIS_HOST=${{redis.REDISHOST}}
QUEUE_BULL_REDIS_PASSWORD=${{redis.REDISPASSWORD}}
QUEUE_BULL_REDIS_PORT=${{redis.REDISPORT}}
QUEUE_BULL_REDIS_USERNAME=${{redis.REDISUSER}}
REDISHOST=${{redis.REDISHOST}}
REDISPASSWORD=${{redis.REDISPASSWORD}}
REDISPORT=${{redis.REDISPORT}}
REDISUSER=${{redis.REDISUSER}}
REDIS_URL=${{redis.REDIS_URL}}
WEBHOOK_URL=https://domain.com/
CUSTOM_MODULES=axios cheerio request aws-sdk mime google-libphonenumber
EXECUTIONS_DATA_PRUNE_MAX_COUNT=60000
I think I have to add the DB_TYPE rigbht?
I mean it would probably default to postgres, but check if it works without it, no sense in setting a variable to the same value as it's default
ok, lemme try without it
and if it doesn't works
I'll try adding it
can't find the database
I hope it doesn't wiped my data š„²
unlikely
but rule of thumb, if you would ever be remotely worried about any data anywhere, have a backup strategy
should I try now adding hte DB_TYPE in service vars?
yes
I have daily backups hehe
not worried at all really
just it's bit scary when you see
"Welcome to n8n"
š
true true
hmm
and the worker crashed
some of your service variable names are not named correctly according to what n8n expects
maybe this is the issue?
This are not in my service vars
all the DB_
it was renaming variables, just set the variables to the correct name from within the service variables
so instead of this:
to
what I had in the dockerfile
PGDATABASE to DB_POSTGRESDB_DATABASE
what service is that screenshot from
etc.
main
main n8n
then yes, just change the variable names to what n8n expects, thats the beauty of reference variables
redeploying
n8n does not use a url variable for postgres
https://docs.n8n.io/hosting/environment-variables/environment-variables/#postgresql
i have a strong feeling you are not connecting to it via the private network
seems it worked now
it's up...
and now I can see the data again
lemme do a quick test to see everything works
do you have the tcp proxy disabled on the database?
no
do you need to access the database externally?
hmm no
well just
to make the backups
but I do them using private network as well..
Otherwise the db is used exclusively by n8n service
(main and workers)
then disable it
ok
redeploy n8n and if n8n doesnt work, you wernt using the private network
ok
I'll try that in 5 mins
if I change something in a database service like postgres or redis
or whatever service is
that is being used by other services
does the other services automatically re-build?
or I have to manually do it
unfortunately no, you would have to manually rebuild
ok
Sorry Brody, had to go...
Deleted the TCP from the database
redeploying the main and worker instance
I have a feeling it won't work
nope
Had to re-enable TCP
you dont want to communicate to the database publicly, remember, egress costs is what got us here
please follow the guide i wrote above
yeah I know, but what I'm saying is
If I turn off the TCP
the worker and the main crash
So somehow it still trying to use the public con
yes i know, follow the guide i wrote above, set the variables up correctly and it will work
jack's n8n template communicates with the postgres database through the private network with the tcp proxy turned off, so its just a matter of following my guide and naming the variables correctly
Yep I think
I see where the issue is
omw
you can always reference his template for the correct variables if you are stuck
I didn't had _PRIVATE created in the postgresql
thats why It was failing
now it's referenced
reference jack's template š
but for this specific error
https://docs.railway.app/reference/private-networking#workaround-for-alpine-based-images
it works
yay
with the tcp proxy disabled?
yep
Thank you sooo much!
Can I ask you something else?
It's pretty simple question
sure
I have 10 replicas for worker
Works perfect
But for this next two months (high season)
I would like to increase them to 20 (probably too much, but just in case)
if I turn ON the auto sleep feature
I have seen doc says if service not used in 10 minutes it will sleep... ok
but my n8n have crons that run every few minutes
so it will sleep the "non-used" workers?
Because the horizontal scaling video of railway explained it selects a random worker
so not sure how it handles that event
well hold on, does n8n even support horizontal scaling like this?
you mean multiple-workers?
yeah, multiple clones of the exact same worker
yes
n8n is auto detection the additional workers?
I guess so
Actually I think you are right
The concurrency is the tasks that a worker can pick simultaneously
Configuring queue mode | n8n Docs
Documentation for n8n, a workflow automation platform.
right, what I'm getting as is just because you can change the replica count in railway does not mean the app will know what to do with 10 clones of itself
š¤¦āāļø
lmao
I'm laughing so hard right now
no no it's alright, it's another common misconception
I got confused because the bad luck of running 10 replicas, and n8n default concurrency is 10
so every time it went up I see the concurrency 10
and I totally missed that
though were the workers
yeah I can see how that would cause confusion
just one run replica, you're on pro, I'm sure the vertical scaling up to 32vcpu and 32gb of ram will be fine for an n8n worker
You recommend better one worker with maybe x20 concurrency?
Or better two workers in the same instance with x10 each ?
n8n's worker may not even support any amount of replicas, you'd need to look into that.
but my recommendation would be to run one replica with its default settings for now and play around with its configuration when the time comes, like I said you'd probably be fine with the default settings for quite a while
Okay
understood
well
I been running x10 replicas for a month
it wasn't expensive at all...
lol
right but how do you know if those extra 9 replicas are even doing anything?
I don't think so
but I guess they "use" some ram
dunno
tbh
hehe
they do use resources of course, but are they actually doing "work"
That's what I mean, they been doing nothing just watching one worker actually working
yeah so they aren't hurting anything, but they probably aren't helping anything, just run one worker
yep, changing
In case I want to increase the concurrency
how this can be passed as a service variable?
I guess this should go in the dockerfile
is that command like flag available as an environment variable?
don't think you wanna put it in the dockerfile, as I'm fairly certain the dockerfile is shared between the two n8n services
At some point I would like to migrate to Jack's n8n template. Hopefully he will add soon NPM support to install external modules
The template I am using has many bugs like webhooks don't start so I have to start them manually, etc,..
But right now it's the only way to use NPM as Jack's template doesn't have a dockerfile
so I can't "edit" the image
before deploying it
wouldn't that more so be something n8n would have to add?, though you can always run your npm install command during runtime
No, as far as I know NPM packages have to be installed into a specific folder /usr/local/lib/node_modules/n8n
yep you can do that during runtime before starting n8n
don't know how ideal that is, but I can't see why it wouldn't work
but how? You mean passing service variables ?
just have railway run the same command you are running in the dockerfile before starting n8n
ARG CUSTOM_MODULES
USER root
WORKDIR /usr/local/lib/node_modules/n8n
RUN npm install -g $CUSTOM_MODULES
USER node
this is the commands that I have
how I can tell railway to run them?
obviously you would need some adapting, that is a dockerfile after all. but you'd run it in the start command
but for example, in Jack's template that runs directly an image from Docker
how can I edit the start command
there is no file or anything to edit
it's in the service settings
railway allows you to overwrite a docker image's entrypoint
Ok, I'm doing a test
USER root && WORKDIR /usr/local/lib/node_modules/n8n && RUN npm install -g axios cheerio request aws-sdk mime google-libphonenumber && USER node && n8n start
nope, you are trying to use dockerfile directives
you need to come up with a command that would work in a shell
Tried this: cd /usr/local/lib/node_modules/n8n && npm install axios cheerio request aws-sdk mime google-libphonenumber && npm run n8n start
wait why do you even need to be in a specific folder? can't you just install them globally?
You know what it was easier to just make my own image installing the needed npm modules and push it to dockerhub and use it directly
that's an option too lol
lol
I was tired testing commands
fair enough
works perfect
with jack template
using my custom image
Now I think it's time to clone database
Im going 2 check if theres a built-way to export data (workflows) instead of copy/pasting the database
I think you can export stuff from within n8n
otherwise you can pg_dump and pg_restore
Im migrating because every time I deploy using the other template and have to turn off and on each workflow manually that uses webhook because for some reason they don't auto start
that's why I don't want to pg restore
just in case something in the db is wrong
that's some damn good thinking
can I connect my main instance linux machine using my windows powershell?
I want to download the backup file
connect to what
Like I do when using Digitalocean droplet
to connect to linux via ssh or putty
no railway doesn't provide a way to ssh into the container
does the n8n web UI not allow you to export the flows?
One by one... I have hundreds. That's not the problem. The problem is I need to download the "credentials" file and upload it to my new instance otherwise all the exported workflows will require an account configuration again...
in each workflow
and
cant you run that command locally through the railway shell? doesn't all that command do is connect to the database and export some data
you'd need to turn back on the tcp proxy and switch the variables back over temporarily for that though
Actually you gave me an idea
what idea did I give you
about what you said n8n UI
If I'm able to at least import manually the credentials
using
n8n export:credentials --all --decrypted
which shows the credentials in plain text in my n8n terminal
and then I can quickly copy paste all the workflows
sounds like a long process
Ok credentials done
Now I have to go manually with the workflows. I mean I'm sure it's possible to export/import workflows because I did it in the past using ssh or putty
but I think I will spend more time exploring, reading and understanding how to in Railway
than just going straightorward to copy-paste... maybe I have 45-60 minutes of
understanding how to in Railwayif all the import and export n8n commands do are access the database, you can use railway shell https://docs.railway.app/develop/cli#local-shell
Took me less than expected
already done
now going to move the domain to the new projeect
and then activate everything
progress!!
Question, If i disable everything (turn off) all the services but keep it just as copy for a few days
it should not be a problem at all right?
I mean off projects dont even generate cost
or any capacity usage right?
services with no deployments will not cost anything, the only passive cost would be volumes
ok
perfect
everything working smoooth š
big W
Thank youuuuuuuuu sooooooooooooooooooo muchh!!!!
lol
no problem š