Skip to content

在 Google Cloud Run 上托管 n8n#

¥Hosting n8n on Google Cloud Run

本托管指南将向你展示如何在 Google Cloud Run(一种无服务器容器运行时)上自行托管 n8n。如果你刚开始使用 n8n,并且不需要生产级部署,你可以选择下面的 "简易模式" 部署选项。如果你打算大规模使用此 n8n 部署,请参阅下文的 "持久模式" 说明。

¥This hosting guide shows you how to self-host n8n on Google Cloud Run, a serverless container runtime. If you're just getting started with n8n and don't need a production-grade deployment, you can go with the "easy mode" option below for deployment. Otherwise, if you intend to use this n8n deployment at-scale, refer to the "durable mode" instructions further down.

你还可以启用通过 OAuth 访问 Google Workspace(例如 Gmail 和云端硬盘)的功能,以便将这些服务用作 n8n 工作流工具。授予 n8n 访问这些服务的说明位于本文档末尾。

¥You can also enable access via OAuth to Google Workspace, such as Gmail and Drive, to use these services as n8n workflow tools. Instructions for granting n8n access to these services are at the end of of this documentation.

如果你想部署到 Google Kubernetes Engine (GKE),可以参考 相关说明

¥If you want to deploy to Google Kubernetes Engine (GKE) instead, you can refer to these instructions.

Self-hosting knowledge prerequisites

Self-hosting n8n requires technical knowledge, including:

  • Setting up and configuring servers and containers
  • Managing application resources and scaling
  • Securing servers and applications
  • Configuring n8n

n8n recommends self-hosting for expert users. Mistakes can lead to data loss, security issues, and downtime. If you aren't experienced at managing servers, n8n recommends n8n Cloud.

Latest and Next versions

n8n releases a new minor version most weeks. The latest version is for production use. next is the most recent release. You should treat next as a beta: it may be unstable. To report issues, use the forum.

Current latest: 1.122.5 Current next: 1.123.2

开始之前:获取 Google Cloud 项目#

¥Before you begin: get a Google Cloud project

如果你尚未创建 Google Cloud 项目,请参阅 首先执行此操作(并确保已为该项目启用结算功能;即使你的 Cloud Run 服务免费运行,也必须激活结算功能才能进行部署)。否则,请导航至要部署 n8n 的项目。

¥If you have not yet created a Google Cloud project, do this first (and ensure you have billing enabled on the project; even if your Cloud Run service runs for free you must have billing activated to deploy). Otherwise, navigate to the project where you want to deploy n8n.

简易模式#

¥Easy mode

这是在 Cloud Run 上部署 n8n 的最快方法。对于此部署,n8n 的数据位于内存中,因此仅建议用于演示目的。每当此 Cloud Run 服务缩减至零或重新部署时,n8n 数据将会丢失。如果你需要生产级部署,请参阅以下持久模式说明。

¥This is the fastest way to deploy n8n on Cloud Run. For this deployment, n8n's data is in-memory so this is only recommended for demo purposes. Anytime this Cloud Run service scales to zero or is redeployed, the n8n data will be lost. Refer to the durable mode instructions below if you need a production-grade deployment.

如果你尚未创建 Google Cloud 项目,请参阅 首先执行此操作(并确保已为该项目启用结算功能;即使你的 Cloud Run 服务免费运行,也必须激活结算功能才能进行部署)。否则,请导航至要部署 n8n 的项目。

¥If you have not yet created a Google Cloud project, do this first (and ensure you have billing enabled on the project; even if your Cloud Run service will run for free you must have billing enabled to activated to deploy). Otherwise, navigate to the project where you want to deploy n8n.

打开 Cloud Shell 终端(在 Google Cloud 控制台中,输入 "G" 然后 "S",或点击右上角的终端图标)。

¥Open the Cloud Shell Terminal (on the Google Cloud console, either type "G" then "S" or click on the terminal icon on the upper right).

会话打开后,你可能需要先运行以下命令登录(并按照提示完成步骤):

¥Once your session is open, you may need to run this command first to login (and follow the steps it asks you to complete):

1
gcloud auth login

你还可以显式启用 Cloud Run API(即使你不这样做,部署时也会询问你是否要启用此功能):

¥You can also explicitly enable the Cloud Run API (even if you don't do this, it will ask if you want this enabled when you deploy):

1
gcloud services enable run.googleapis.com

部署 n8n:

¥To deploy n8n:

1
2
3
4
5
6
7
gcloud run deploy n8n \
    --image=n8nio/n8n \
    --region=us-west1 \
    --allow-unauthenticated \
    --port=5678 \
    --no-cpu-throttling \
    --memory=2Gi

(你可以指定任何你喜欢的区域,而不是 "us-west1")

¥(you can specify whichever region you prefer, instead of "us-west1")

部署完成后,打开另一个标签页导航到服务 URL。n8n 可能仍在加载,你会看到“n8n 正在启动”的提示。请稍候”消息,但不久后你应该会看到 n8n 登录屏幕。

¥Once the deployment finishes, open another tab to navigate to the Service URL. n8n may still be loading and you will see a "n8n is starting up. Please wait" message, but shortly thereafter you should see the n8n login screen.

可选的:如果你想尽可能长时间地保持 n8n 服务运行以避免数据丢失,你还可以将手动缩放设置为 1,以防止其自动缩放至 0。

¥Optional: If you want to keep this n8n service running for as long as possible to avoid data loss, you can also set manual scale to 1 to prevent it from autoscaling to 0.

1
2
3
4
5
6
7
8
gcloud run deploy n8n \
    --image=n8nio/n8n \
    --region=us-west1 \
    --allow-unauthenticated \
    --port=5678 \
    --no-cpu-throttling \
    --memory=2Gi \
    --scaling=1

这并不能完全防止数据丢失,例如在重新部署/更新 Cloud Run 服务时。如果你需要真正持久化的数据,请参阅以下关于如何附加数据库的说明。

¥This does not prevent data loss completely, such as whenever the Cloud Run service is re-deployed/updated. If you want truly persistant data, you should refer to the instructions below for how to attach a database.

持久模式#

¥Durable mode

以下说明旨在实现 n8n 在 Cloud Run 上更持久、更符合生产环境的部署。它包含持久化数据库和敏感数据密钥管理器等资源。

¥The following instructions are intended for a more durable, production-grade deployment of n8n on Cloud Run. It includes resources such as a database for persistance and secret manager for sensitive data.

启用 API 并设置环境变量#

¥Enable APIs and set env vars

打开 Cloud Shell 终端(在 Google Cloud 控制台中,输入 "G" 然后 "S",或点击右上角的终端图标),并在终端会话中运行以下命令:

¥Open the Cloud Shell Terminal (on the Google Cloud console, either type "G" then "S" or click on the terminal icon on the upper right) and run these commands in the terminal session:

1
2
3
4
5
6
## You may need to login first
gcloud auth login

gcloud services enable run.googleapis.com
gcloud services enable sqladmin.googleapis.com
gcloud services enable secretmanager.googleapis.com

你还需要为后续步骤设置一些环境变量:

¥You'll also want to set some environment variables for the remainder of these instructions:

1
2
export PROJECT_ID=your-project
export REGION=region-where-you-want-this-deployed

设置 Postgres 数据库#

¥Setup your Postgres database

运行以下命令创建 Postgres 数据库实例(需要几分钟才能完成;同时请确保将 root-password 字段更新为你自己的密码):

¥Run this command to create the Postgres DB instance (it will take a few minutes to complete; also ensure you update the root-password field with your own desired password):

1
2
3
4
5
6
7
8
9
gcloud sql instances create n8n-db \
    --database-version=POSTGRES_13 \
    --tier=db-f1-micro \
    --region=$REGION \
    --root-password="change-this-password" \
    --storage-size=10GB \
    --availability-type=ZONAL \
    --no-backup \
    --storage-type=HDD

完成后,你可以添加 n8n 将使用的数据库:

¥Once complete, you can add the database that n8n will use:

1
gcloud sql databases create n8n --instance=n8n-db

为 n8n 创建数据库用户(当然,需要更改密码值):

¥Create the DB user for n8n (change the password value, of course):

1
2
3
gcloud sql users create n8n-user \
    --instance=n8n-db \
    --password="change-this-password"

你可以将为此 n8n 用户设置的密码保存到文件中,以便在 Secret Manager 中保存密码。务必稍后删除此文件。

¥You can save the password you set for this n8n-user to a file for the next step of saving the password in Secret Manager. Be sure to delete this file later.

将敏感数据存储在 Secret Manager 中#

¥Store sensitive data in Secret Manager

虽然并非必需,但强烈建议你将敏感数据存储在 Secrets Manager 中。

¥While not required, it's absolutely recommended to store your sensitive data in Secrets Manager.

创建一个用于数据库密码的密钥(将 "/your/password/file" 替换为你上面创建的用于 n8n 用户密码的文件):

¥Create a secret for the database password (replace "/your/password/file" with the file you created above for the n8n-user password):

1
2
3
gcloud secrets create n8n-db-password \
    --data-file=/your/password/file \
    --replication-policy="automatic"

创建加密密钥(你可以使用自己的密钥,本示例会生成一个随机密钥):

¥Create an encryption key (you can use your own, this example generates a random one):

1
openssl rand -base64 -out my-encryption-key 42

创建一个用于此加密密钥的密钥(如果你提供自己的密钥,请替换 "my-encryption-key"):

¥Create a secret for this encryption key (replace "my-encryption-key" if you are supplying your own):

1
2
3
gcloud secrets create n8n-encryption-key \
    --data-file=my-encryption-key \
    --replication-policy="automatic"

现在你可以删除你创建的 my-encryption-key 和数据库密码文件。这些值现在安全地存储在 Secret Manager 中。

¥Now you can delete my-encryption-key and the database password files you created. These values are now securely stored in Secret Manager.

创建 Cloud Run 服务帐号#

¥Create a service account for Cloud Run

你希望限制此 Cloud Run 服务仅访问其所需的资源。以下命令创建服务账户并添加访问密钥和数据库所需的权限:

¥You want this Cloud Run service to be restricted to access only the resources it needs. The following commands create the service account and adds the permissions necessary to access secrets and the database:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
gcloud iam service-accounts create n8n-service-account \
    --display-name="n8n Service Account"

gcloud secrets add-iam-policy-binding n8n-db-password \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

gcloud secrets add-iam-policy-binding n8n-encryption-key \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/cloudsql.client"

部署 Cloud Run 服务#

¥Deploy the Cloud Run service

现在你可以部署 n8n 服务:

¥Now you can deploy your n8n service:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
gcloud run deploy n8n \
    --image=n8nio/n8n:latest \
    --command="/bin/sh" \
    --args="-c,sleep 5;n8n start" \
    --region=$REGION \
    --allow-unauthenticated \
    --port=5678 \
    --memory=2Gi \
    --no-cpu-throttling \
    --set-env-vars="N8N_PORT=5678,N8N_PROTOCOL=https,DB_TYPE=postgresdb,DB_POSTGRESDB_DATABASE=n8n,DB_POSTGRESDB_USER=n8n-user,DB_POSTGRESDB_HOST=/cloudsql/$PROJECT_ID:$REGION:n8n-db,DB_POSTGRESDB_PORT=5432,DB_POSTGRESDB_SCHEMA=public,GENERIC_TIMEZONE=UTC,QUEUE_HEALTH_CHECK_ACTIVE=true" \
    --set-secrets="DB_POSTGRESDB_PASSWORD=n8n-db-password:latest,N8N_ENCRYPTION_KEY=n8n-encryption-key:latest" \
    --add-cloudsql-instances=$PROJECT_ID:$REGION:n8n-db \
    --service-account=n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com

部署完成后,打开另一个标签页导航到服务 URL。你应该看到 n8n 登录屏幕。

¥Once the deployment finishes, open another tab to navigate to the Service URL. You should see the n8n login screen.

故障排除#

¥Troubleshooting

如果你看到 "无法执行 GET / 请求" 屏幕,这通常表示 n8n 仍在启动。你可以刷新页面,页面最终应该会加载完毕。

¥If you see a "Cannot GET /" screen this usually indicates that n8n is still starting up. You can refresh the page and it should eventually load.

(可选的)将 Google Workspace 服务启用为 n8n 工具#

¥(Optional) Enabling Google Workspace services as n8n tools

如果你想在 n8n 中使用 Google Workspace 服务(Gmail、日历、云端硬盘等)作为工具,建议你设置 OAuth 以访问这些服务。

¥If you want to use Google Workspace services (Gmail, Calendar, Drive, etc.) as tools in n8n, it's recommended to setup OAuth to access these services.

首先确保已启用所需的相应 API:

¥First ensure the respective APIs you want are enabled:

1
2
3
4
5
6
7
## Enable whichever APIs you need
## Note: If you want Sheets/Docs, it's not enough to just enable Drive; these services each have their own API
gcloud services enable gmail.googleapis.com
gcloud services enable drive.googleapis.com
gcloud services enable sheets.googleapis.com
gcloud services enable docs.googleapis.com
gcloud services enable calendar-json.googleapis.com

使用必要的 OAuth 回调 URL 作为环境变量,在 Cloud Run 上重新部署 n8n:

¥Re-deploy n8n on Cloud Run with the necessary OAuth callback URLs as environment variables:

1
2
3
4
5
6
7
8
export SERVICE_URL="your-n8n-service-URL"
## e.g. https://n8n-12345678.us-west1.run.app

gcloud run services update n8n \
    --region=$REGION \
    --update-env-vars="N8N_HOST=$(echo $SERVICE_URL | sed 's/https:\/\

///'),WEBHOOK_URL=$SERVICE_URL,N8N_EDITOR_BASE_URL=$SERVICE_URL"

最后,你必须为这些服务设置 OAuth。访问 https://console.cloud.google.com/auth 并按照以下步骤操作:

¥Lastly, you must setup OAuth for these services. Visit https://console.cloud.google.com/auth and follow these steps:

  1. 如果此按钮显示,请点击 "开始使用"(当你尚未在此云项目中设置 OAuth 时)。

¥Click "Get Started" if this button shows (when you have not yet setup OAuth in this Cloud project). 2. 对于 "应用信息",你可以输入你偏好的 "应用名称" 和 "用户支持邮箱"。

¥For "App Information", enter whichever "App Name" and "User Support Email" you prefer. 3. 对于 "受众",如果你只想允许同一 Google 工作区内的用户访问,请选择 "内部"。否则,你可以选择 "外部"。

¥For "Audience", select "Internal" if you intend to only enable access to your user(s) within this same Google Workspace. Otherwise, you can select "External". 4. 输入 "联系人信息"。

¥Enter "Contact Information". 5. 如果你选择 "外部",请单击 "受众" 并添加你需要授予访问权限的任何测试用户。

¥If you selected "External", then click "Audience" and add any test users you need to grant access. 6. 点击 "客户端" > "创建客户端",在 "应用类型" 中选择 "Web 应用",在 "已授权的 JavaScript 来源" 中输入你的 n8n 服务 URL,在 "已授权的重定向 URI" 中输入 "/rest/oauth2-credential/callback",其中你的 YOUR-N8N-URL 也应为 n8n 服务 URL(例如 https://n8n-12345678.us-west1.run.app/rest/oauth2-credential/callback)。确保下载已创建的客户端 JSON 文件,因为它包含客户端密钥,你稍后将无法在控制台中看到该密钥。

¥Click "Clients" > "Create client", select "Web application" for "Application type", enter your n8n service URL into "Authorized JavaScript origins", and "/rest/oauth2-credential/callback" into "Authorized redirect URIs" where your YOUR-N8N-URL is also the n8n service URL (e.g. https://n8n-12345678.us-west1.run.app/rest/oauth2-credential/callback). Make sure you download the created client's JSON file since it contains the client secret which you will not be able to see later in the Console. 7. 点击 "数据访问" 并添加你希望 n8n 拥有的访问权限范围(例如,要访问 Google Sheets,你需要 https://googleapis.com/auth/drive.filehttps://googleapis.com/auth/spreadsheets)。

¥Click "Data Access" and add the scopes you want n8n to have access for (e.g. to access Google Sheets, you need https://googleapis.com/auth/drive.file and https://googleapis.com/auth/spreadsheets) 8. 现在你应该能够使用这些工作区服务了。你可以通过登录 n8n,为相应的服务添加一个工具,并使用步骤 6 中的 OAuth 客户端 JSON 文件中的信息添加其凭据来测试其是否有效。

¥Now you should be able to use these workspace services. You can test if it works by logging into n8n, add a Tool for the respective service and add its credentials using the information in the OAuth client JSON file from step 6.