Cloudron Forum

@Teiluj said in N8N Security: Would this obfuscate the n8n frontend, at least partially? Yes, but security via obscurity is useless. @jorrg said in N8N Security: So the only thing that I presume would change that if some automated scraper comes passing by my IP asking: "Do you run N8N?" my server would answer: "Please log in with your cloudron details" instead of "Sure I am running this N8N version" If your IP is scraped it will not even reply with N8N but would return Cloudron. They would need to know the subdomain of your N8N Cloudron app, which is also possible from e.g. the SSL/TLS certificate if wildcard is not used. Example for cloudron.io https://www.merklemap.com/search?query=cloudron.io&page=0 Anything that is publicly accessible in the World Wide Web is subjected to access attempts. And again, if N8N would use the custom OIDC plugin, the brute force would just move to a new target, the OIDC login. We are planning to add per app IP-Whitelisting. With that, apps could be gated behind e.g.: the Cloudron VPN app. This would be a reliable way to block public access.

Great you found a solution before I even got to read the thread And thanks for sharing it in detail here for others also!

Oh great catch then. If you want maybe create an issue at https://github.com/Stirling-Tools/Stirling-PDF/issues

We use https://github.com/panva/node-oidc-provider internally and that is supposed to support PKCE. Not sure yet how to use it to test what this needs. Until that is working, the options are a keycloak instance or a small backend which gives the SPA some kind of session while handling the oidc login bits.

Marking this topic as solved since no more input was given from user @jorrg