ros/n8n-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18e231efa5241a7f91779af000757311bc417638
n8n-mcp/.env.example
czlonkowski a0f09fba28 fix: resolve HTTP server URL handling and security issues (#41, #42) 
- Add intelligent URL detection supporting BASE_URL, PUBLIC_URL, and proxy headers
- Fix hardcoded localhost URLs in server console output
- Add hostname validation to prevent host header injection attacks
- Restrict URL schemes to http/https only (block javascript:, file://, etc.)
- Remove sensitive environment data from API responses
- Add GET endpoints (/, /mcp) for better API discovery
- Fix version inconsistency between server implementations
- Update HTTP bridge to use HOST/PORT environment variables
- Add comprehensive test scripts for URL configuration and security

This resolves issues #41 and #42 by making the HTTP server properly handle
deployment behind reverse proxies and adds critical security validations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-15 16:46:30 +02:00

88 lines
2.6 KiB
Plaintext
Raw Blame History

# n8n Documentation MCP Server Configuration
# ====================
# COMMON CONFIGURATION
# ====================
# Database Configuration
# For local development: ./data/nodes.db
# For Docker: /app/data/nodes.db
NODE_DB_PATH=./data/nodes.db
# Logging Level (debug, info, warn, error)
MCP_LOG_LEVEL=info
# Node Environment (development, production)
NODE_ENV=development
# Rebuild database on startup (true/false)
REBUILD_ON_START=false
# =========================
# LOCAL MODE CONFIGURATION
# =========================
# Used when running: npm run start:v2 or npm run dev:v2
# Local MCP Server Configuration
MCP_SERVER_PORT=3000
MCP_SERVER_HOST=localhost
# MCP_AUTH_TOKEN=optional-for-local-development
# =========================
# SIMPLE HTTP MODE
# =========================
# Used for private single-user deployments
# Server mode: stdio (local) or http (remote)
MCP_MODE=stdio
# Use fixed HTTP implementation (recommended for stability)
# Set to true to bypass StreamableHTTPServerTransport issues
USE_FIXED_HTTP=true
# HTTP Server Configuration (only used when MCP_MODE=http)
PORT=3000
HOST=0.0.0.0
# Base URL Configuration (optional)
# Set this when running behind a proxy or when the server is accessed via a different URL
# than what it binds to. If not set, URLs will be auto-detected from proxy headers (if TRUST_PROXY is set)
# or constructed from HOST and PORT.
# Examples:
# BASE_URL=https://n8n-mcp.example.com
# BASE_URL=https://your-domain.com:8443
# PUBLIC_URL=https://n8n-mcp.mydomain.com (alternative to BASE_URL)
# Authentication token for HTTP mode (REQUIRED)
# Generate with: openssl rand -base64 32
AUTH_TOKEN=your-secure-token-here
# CORS origin for HTTP mode (optional)
# Default: * (allow all origins)
# For production, set to your specific domain
# CORS_ORIGIN=https://your-client-domain.com
# Trust proxy configuration for correct IP logging (0=disabled, 1=trust first proxy)
# Set to 1 when running behind a reverse proxy (Nginx, Traefik, etc.)
# Set to the number of proxy hops if behind multiple proxies
# Default: 0 (disabled)
# TRUST_PROXY=0
# =========================
# N8N API CONFIGURATION
# =========================
# Optional: Enable n8n management tools by providing API credentials
# These tools allow creating, updating, and executing workflows
# n8n instance API URL (without /api/v1 suffix)
# Example: https://your-n8n-instance.com
# N8N_API_URL=
# n8n API Key (get from Settings > API in your n8n instance)
# N8N_API_KEY=
# n8n API request timeout in milliseconds (default: 30000)
# N8N_API_TIMEOUT=30000
# Maximum number of API request retries (default: 3)
# N8N_API_MAX_RETRIES=3
Reference in New Issue View Git Blame Copy Permalink