Skip to content

在 Google Cloud Run 上托管 n8n(Hosting n8n on Google Cloud Run)#

本托管指南将向你展示如何在 Google Cloud Run(无服务器容器运行时)上自托管 n8n。如果你刚开始使用 n8n,并且不需要生产级别的部署,可以选择下面的“简易模式”选项进行部署。否则,如果你打算大规模使用此 n8n 部署,请参考下面的“持久模式”说明。

🌐 This hosting guide shows you how to self-host n8n on Google Cloud Run, a serverless container runtime. If you're just getting started with n8n and don't need a production-grade deployment, you can go with the "easy mode" option below for deployment. Otherwise, if you intend to use this n8n deployment at-scale, refer to the "durable mode" instructions further down.

你还可以通过 OAuth 启用对 Google Workspace 的访问,例如 Gmail 和 Drive,以将这些服务用作 n8n 工作流工具。授予 n8n 访问这些服务的说明在本教程的末尾。

🌐 You can also enable access via OAuth to Google Workspace, such as Gmail and Drive, to use these services as n8n workflow tools. Instructions for granting n8n access to these services are at the end of of this documentation.

如果你想改为部署到 Google Kubernetes Engine (GKE),可以参考这些说明

🌐 If you want to deploy to Google Kubernetes Engine (GKE) instead, you can refer to these instructions.

Self-hosting knowledge prerequisites

Self-hosting n8n requires technical knowledge, including:

  • Setting up and configuring servers and containers
  • Managing application resources and scaling
  • Securing servers and applications
  • Configuring n8n

n8n recommends self-hosting for expert users. Mistakes can lead to data loss, security issues, and downtime. If you aren't experienced at managing servers, n8n recommends n8n Cloud.

Stable and Beta versions

n8n releases a new minor version most weeks. The stable version is for production use. beta is the most recent release. The beta version may be unstable. To report issues, use the forum.

Current stable: 2.4.7 Current beta: 2.6.2

开始之前:创建一个 Google Cloud 项目(Before you begin: get a Google Cloud project)#

如果你尚未创建 Google Cloud 项目,请先执行此操作(并确保你已在项目上启用结算;即使你的 Cloud Run 服务免费运行,你也必须启用结算才能部署)。否则,请导航到你希望部署 n8n 的项目。

🌐 If you have not yet created a Google Cloud project, do this first (and ensure you have billing enabled on the project; even if your Cloud Run service runs for free you must have billing activated to deploy). Otherwise, navigate to the project where you want to deploy n8n.

简易模式(Easy mode)#

这是在 Cloud Run 上部署 n8n 的最快方法。对于此部署,n8n 的数据是保存在内存中的,因此仅建议用于演示目的。每当此 Cloud Run 服务缩减到零或重新部署时,n8n 数据将会丢失。 如果需要生产级部署,请参考下面的持久模式说明。

🌐 This is the fastest way to deploy n8n on Cloud Run. For this deployment, n8n's data is in-memory so this is only recommended for demo purposes. Anytime this Cloud Run service scales to zero or is redeployed, the n8n data will be lost. Refer to the durable mode instructions below if you need a production-grade deployment.

如果你尚未创建 Google Cloud 项目,请先创建(并确保项目已启用计费;即使你的 Cloud Run 服务将免费运行,你也必须启用计费才能部署)。否则,请导航到你要部署 n8n 的项目。

🌐 If you have not yet created a Google Cloud project, do this first (and ensure you have billing enabled on the project; even if your Cloud Run service will run for free you must have billing enabled to activated to deploy). Otherwise, navigate to the project where you want to deploy n8n.

打开 Cloud Shell 终端(在 Google Cloud 控制台中,可以输入“G”然后“S”,或者点击右上角的终端图标)。

🌐 Open the Cloud Shell Terminal (on the Google Cloud console, either type "G" then "S" or click on the terminal icon on the upper right).

会话打开后,你可能需要先运行以下命令登录(并按照提示完成步骤):

🌐 Once your session is open, you may need to run this command first to login (and follow the steps it asks you to complete):

1
gcloud auth login

你还可以显式启用 Cloud Run API(即使你不这样做,部署时也会询问你是否要启用此功能):

🌐 You can also explicitly enable the Cloud Run API (even if you don't do this, it will ask if you want this enabled when you deploy):

1
gcloud services enable run.googleapis.com

部署 n8n:

🌐 To deploy n8n:

1
2
3
4
5
6
7
gcloud run deploy n8n \
    --image=n8nio/n8n \
    --region=us-west1 \
    --allow-unauthenticated \
    --port=5678 \
    --no-cpu-throttling \
    --memory=2Gi

(你可以指定你喜欢的任何区域,而不是“us-west1”)

部署完成后,打开另一个标签页访问服务网址。n8n 可能还在加载,你会看到“n8n 正在启动,请稍候”的提示,但不久之后,你应该会看到 n8n 的登录界面。

🌐 Once the deployment finishes, open another tab to navigate to the Service URL. n8n may still be loading and you will see a "n8n is starting up. Please wait" message, but shortly thereafter you should see the n8n login screen.

可选:如果你希望尽可能长时间保持此 n8n 服务运行以避免数据丢失,你还可以将手动规模设置为 1,以防止其自动缩放到 0。

🌐 Optional: If you want to keep this n8n service running for as long as possible to avoid data loss, you can also set manual scale to 1 to prevent it from autoscaling to 0. 

1
2
3
4
5
6
7
8
gcloud run deploy n8n \
    --image=n8nio/n8n \
    --region=us-west1 \
    --allow-unauthenticated \
    --port=5678 \
    --no-cpu-throttling \
    --memory=2Gi \
    --scaling=1

这并不能完全防止数据丢失,例如每当 Cloud Run 服务重新部署/更新时。如果你想要真正持久的数据,应该参考下面关于如何连接数据库的说明。

🌐 This does not prevent data loss completely, such as whenever the Cloud Run service is re-deployed/updated. If you want truly persistant data, you should refer to the instructions below for how to attach a database.

持久模式(Durable mode)#

以下说明旨在实现 n8n 在 Cloud Run 上更耐用、面向生产的部署。它包括诸如用于持久化的数据库和用于敏感数据的密钥管理器等资源。

🌐 The following instructions are intended for a more durable, production-grade deployment of n8n on Cloud Run. It includes resources such as a database for persistance and secret manager for sensitive data.

如果你想通过 Terraform 部署以下设置,请参考这个 示例,它部署的设置与以下内容相同(不包含 Google Workspace 工具的 OAuth 设置)。

🌐 If you want to deploy the following setup via Terraform, refer to this example which deploys the same setup as the following (without the OAuth setup for Google Workspace tools).

启用 API 并设置环境变量(Enable APIs and set env vars)#

打开云终端(在 Google Cloud 控制台中,可以按“G”然后按“S”,或者点击右上角的终端图标),在终端会话中运行以下命令:

🌐 Open the Cloud Shell Terminal (on the Google Cloud console, either type "G" then "S" or click on the terminal icon on the upper right) and run these commands in the terminal session:

1
2
3
4
5
6
7
## You may need to login first

gcloud auth login

gcloud services enable run.googleapis.com
gcloud services enable sqladmin.googleapis.com
gcloud services enable secretmanager.googleapis.com

你还需要为后续步骤设置一些环境变量:

🌐 You'll also want to set some environment variables for the remainder of these instructions:

1
2
export PROJECT_ID=your-project
export REGION=region-where-you-want-this-deployed

设置 Postgres 数据库(Setup your Postgres database)#

运行以下命令创建 Postgres 数据库实例(需要几分钟才能完成;同时请确保将 root-password 字段更新为你自己的密码):

🌐 Run this command to create the Postgres DB instance (it will take a few minutes to complete; also ensure you update the root-password field with your own desired password):

1
2
3
4
5
6
7
8
9
gcloud sql instances create n8n-db \
    --database-version=POSTGRES_13 \
    --tier=db-f1-micro \
    --region=$REGION \
    --root-password="change-this-password" \
    --storage-size=10GB \
    --availability-type=ZONAL \
    --no-backup \
    --storage-type=HDD

完成后,你可以添加 n8n 将使用的数据库:

🌐 Once complete, you can add the database that n8n will use:

1
gcloud sql databases create n8n --instance=n8n-db

为 n8n 创建数据库用户(当然,需要更改密码值):

🌐 Create the DB user for n8n (change the password value, of course):

1
2
3
gcloud sql users create n8n-user \
    --instance=n8n-db \
    --password="change-this-password"

你可以将为此 n8n 用户设置的密码保存到文件中,以便下一步在 Secret Manager 中保存密码时使用。请务必在之后删除此文件。

🌐 You can save the password you set for this n8n-user to a file for the next step of saving the password in Secret Manager. Be sure to delete this file later.

将敏感数据存储在 Secret Manager 中(Store sensitive data in Secret Manager)#

虽然并非必需,但强烈建议你将敏感数据存储在 Secrets Manager 中。

🌐 While not required, it's absolutely recommended to store your sensitive data in Secrets Manager.

为数据库密码创建一个密钥(将“/your/password/file”替换为你之前为 n8n 用户密码创建的文件):

🌐 Create a secret for the database password (replace "/your/password/file" with the file you created above for the n8n-user password):

1
2
3
gcloud secrets create n8n-db-password \
    --data-file=/your/password/file \
    --replication-policy="automatic"

创建加密密钥(你可以使用自己的密钥,本示例会生成一个随机密钥):

🌐 Create an encryption key (you can use your own, this example generates a random one):

1
openssl rand -base64 -out my-encryption-key 42

为此加密密钥创建一个密钥(如果你提供自己的密钥,请替换“my-encryption-key”):

🌐 Create a secret for this encryption key (replace "my-encryption-key" if you are supplying your own):

1
2
3
gcloud secrets create n8n-encryption-key \
    --data-file=my-encryption-key \
    --replication-policy="automatic"

现在你可以删除 my-encryption-key 和你创建的数据库密码文件。这些值现在已安全地存储在 Secret Manager 中。

🌐 Now you can delete my-encryption-key and the database password files you created. These values are now securely stored in Secret Manager.

创建 Cloud Run 服务帐号(Create a service account for Cloud Run)#

你希望这个 Cloud Run 服务仅限访问它所需的资源。以下命令会创建服务账户,并添加访问密钥和数据库所需的权限:

🌐 You want this Cloud Run service to be restricted to access only the resources it needs. The following commands create the service account and adds the permissions necessary to access secrets and the database:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
gcloud iam service-accounts create n8n-service-account \
    --display-name="n8n Service Account"

gcloud secrets add-iam-policy-binding n8n-db-password \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

gcloud secrets add-iam-policy-binding n8n-encryption-key \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/cloudsql.client"

部署 Cloud Run 服务(Deploy the Cloud Run service)#

现在你可以部署 n8n 服务:

🌐 Now you can deploy your n8n service:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
gcloud run deploy n8n \
    --image=n8nio/n8n:latest \
    --command="/bin/sh" \
    --args="-c,sleep 5;n8n start" \
    --region=$REGION \
    --allow-unauthenticated \
    --port=5678 \
    --memory=2Gi \
    --no-cpu-throttling \
    --set-env-vars="N8N_PORT=5678,N8N_PROTOCOL=https,DB_TYPE=postgresdb,DB_POSTGRESDB_DATABASE=n8n,DB_POSTGRESDB_USER=n8n-user,DB_POSTGRESDB_HOST=/cloudsql/$PROJECT_ID:$REGION:n8n-db,DB_POSTGRESDB_PORT=5432,DB_POSTGRESDB_SCHEMA=public,GENERIC_TIMEZONE=UTC,QUEUE_HEALTH_CHECK_ACTIVE=true" \
    --set-secrets="DB_POSTGRESDB_PASSWORD=n8n-db-password:latest,N8N_ENCRYPTION_KEY=n8n-encryption-key:latest" \
    --add-cloudsql-instances=$PROJECT_ID:$REGION:n8n-db \
    --service-account=n8n-service-account@$PROJECT_ID.iam.gserviceaccount.com

部署完成后,打开另一个标签页并导航到服务网址。你应该会看到 n8n 的登录界面。

🌐 Once the deployment finishes, open another tab to navigate to the Service URL. You should see the n8n login screen.

故障排除(Troubleshooting)#

如果你看到“Cannot GET /”屏幕,这通常表示 n8n 仍在启动中。你可以刷新页面,它最终应该会加载完成。

🌐 If you see a "Cannot GET /" screen this usually indicates that n8n is still starting up. You can refresh the page and it should eventually load.

(可选)将 Google Workspace 服务启用为 n8n 工具((Optional) Enabling Google Workspace services as n8n tools)#

如果你想在 n8n 中使用 Google Workspace 服务(Gmail、日历、云端硬盘等)作为工具,建议你设置 OAuth 以访问这些服务。

🌐 If you want to use Google Workspace services (Gmail, Calendar, Drive, etc.) as tools in n8n, it's recommended to setup OAuth to access these services.

首先确保已启用所需的相应 API:

🌐 First ensure the respective APIs you want are enabled:

1
2
3
4
5
6
7
8
## Enable whichever APIs you need

## Note: If you want Sheets/Docs, it's not enough to just enable Drive; these services each have their own API
gcloud services enable gmail.googleapis.com
gcloud services enable drive.googleapis.com
gcloud services enable sheets.googleapis.com
gcloud services enable docs.googleapis.com
gcloud services enable calendar-json.googleapis.com

使用必要的 OAuth 回调 URL 作为环境变量,在 Cloud Run 上重新部署 n8n:

🌐 Re-deploy n8n on Cloud Run with the necessary OAuth callback URLs as environment variables:

1
2
3
4
5
6
7
export SERVICE_URL="your-n8n-service-URL"

## e.g. https://n8n-12345678.us-west1.run.app

gcloud run services update n8n \
    --region=$REGION \
    --update-env-vars="N8N_HOST=$(echo $SERVICE_URL | sed 's/https:\/\///'),WEBHOOK_URL=$SERVICE_URL,N8N_EDITOR_BASE_URL=$SERVICE_URL"

最后,你必须为这些服务设置 OAuth。访问 https://console.cloud.google.com/auth 并按照以下步骤操作:

🌐 Lastly, you must setup OAuth for these services. Visit https://console.cloud.google.com/auth and follow these steps:

  1. 如果显示此按钮(当你尚未在此云项目中设置 OAuth 时),请点击“开始使用”。
  2. 在“应用信息”中,输入你想要的“应用名称”和“用户支持邮箱”。
  3. 对于“受众”,如果你只打算允许同一 Google Workspace 内的用户访问,请选择“内部”。否则,你可以选择“外部”。
  4. 输入“联系信息”。
  5. 如果你选择了“外部”,那么点击“受众”,并添加你需要授予访问权限的测试用户。
  6. 点击“Clients” > “Create client”,在“Application type”中选择“Web application”,在“Authorized JavaScript origins”中输入你的 n8n 服务 URL,在“Authorized redirect URIs”中输入“/rest/oauth2-credential/callback”,其中 YOUR-N8N-URL 也是 n8n 服务 URL(例如 https://n8n-12345678.us-west1.run.app/rest/oauth2-credential/callback)。确保下载创建的客户端 JSON 文件,因为它包含客户端密钥,而你在控制台中之后将无法再次看到该密钥。
  7. 点击“数据访问”,并添加你希望 n8n 拥有访问权限的范围(例如,要访问 Google 表格,你需要 https://googleapis.com/auth/drive.filehttps://googleapis.com/auth/spreadsheets
  8. 现在你应该能够使用这些工作区服务了。你可以通过登录 n8n 测试它是否可用,添加相应服务的工具,并使用第 6 步中 OAuth 客户端 JSON 文件中的信息添加其凭据。