feat: add open-source files, fix critical bugs, rewrite README with Duplicate Space button

- fix: huggingface_hub version was non-existent (==0.34.4), unpinned to latest
- fix: N8N_SECURE_COOKIE defaulted to true, breaking login behind HF TLS proxy (now false)
- fix: WebSocket upgrade handler now forwards Upgrade/Connection headers correctly
- fix: removed deprecated local_dir_use_symlinks param from n8n-sync.py
- fix: chmod 700 on /home/node/.n8n to satisfy n8n permission check
- feat: N8N_VERSION build ARG for optional n8n version pinning via HF Space Variable
- feat: N8N_BASIC_AUTH_ACTIVE=true by default with warning if password not set
- feat: full README rewrite with Duplicate Space button, secrets table, architecture docs
- chore: add CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, CHANGELOG.md
- chore: add .env.example with all variables documented
- chore: add .gitignore

.env.example

@@ -0,0 +1,95 @@
+# =============================================================================
+# Hugging8n — Environment Variables Reference
+# Copy to .env and fill in your values before running locally.
+# On HuggingFace Spaces, add Secrets and Variables in Settings → Variables and secrets.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# REQUIRED — Basic Auth (set these as Secrets on HF Spaces)
+# -----------------------------------------------------------------------------
+
+# Username for n8n basic auth login
+N8N_BASIC_AUTH_USER=admin
+
+# Password for n8n basic auth login. REQUIRED to protect your instance.
+# Generate a strong password: openssl rand -base64 24
+N8N_BASIC_AUTH_PASSWORD=
+
+# -----------------------------------------------------------------------------
+# RECOMMENDED — Persistent Backup (set these as Secrets on HF Spaces)
+# -----------------------------------------------------------------------------
+
+# Your Hugging Face write token (to create/update the backup dataset)
+# Get one at: https://huggingface.co/settings/tokens
+HF_TOKEN=
+
+# Your Hugging Face username (owner of the backup dataset)
+# If not set, inferred from SPACE_AUTHOR_NAME automatically on HF Spaces
+HF_USERNAME=
+
+# Name of the private dataset repo used for backup (auto-created on first run)
+BACKUP_DATASET_NAME=hugging8n-backup
+
+# How often to sync the backup, in seconds
+SYNC_INTERVAL=180
+
+# -----------------------------------------------------------------------------
+# OPTIONAL — n8n Configuration
+# -----------------------------------------------------------------------------
+
+# Timezone for n8n schedule triggers (e.g. Asia/Dhaka, Europe/London, US/Eastern)
+GENERIC_TIMEZONE=UTC
+
+# n8n encryption key — protects stored credentials. Persisted in backup.
+# Generate with: openssl rand -hex 32
+# WARNING: if you lose this key and your backup, all credentials are lost.
+N8N_ENCRYPTION_KEY=
+
+# Override the auto-detected Space hostname (leave blank on HF Spaces)
+SPACE_HOST_OVERRIDE=
+
+# -----------------------------------------------------------------------------
+# OPTIONAL — Keep-Alive
+# -----------------------------------------------------------------------------
+
+# UptimeRobot Main API key for creating an external keep-alive monitor
+# Get one at: https://uptimerobot.com → My Settings → API Settings → Main API Key
+# This is NOT needed as a HF Space Secret — it's only used by setup-uptimerobot.sh
+UPTIMEROBOT_API_KEY=
+
+# Custom monitor name (defaults to "Hugging8n <space-host>")
+UPTIMEROBOT_MONITOR_NAME=
+
+# UptimeRobot ping interval in minutes (default: 5)
+UPTIMEROBOT_INTERVAL=5
+
+# Comma-separated UptimeRobot alert contact IDs (optional)
+UPTIMEROBOT_ALERT_CONTACTS=
+
+# -----------------------------------------------------------------------------
+# ADVANCED — n8n Internals (usually leave as defaults)
+# -----------------------------------------------------------------------------
+
+# Disable n8n basic auth (not recommended — leaves your instance unprotected)
+# N8N_BASIC_AUTH_ACTIVE=false
+
+# Internal n8n port (default: 5678)
+N8N_PORT=5678
+
+# Public proxy port exposed by HF Spaces (default: 7861)
+PUBLIC_PORT=7861
+
+# Disable n8n telemetry (default: false)
+N8N_DIAGNOSTICS_ENABLED=false
+
+# Disable n8n personalization prompts (default: false)
+N8N_PERSONALIZATION_ENABLED=false
+
+# -----------------------------------------------------------------------------
+# BUILD-TIME VARIABLE (HF Spaces: add as Variable, not Secret)
+# -----------------------------------------------------------------------------
+
+# Pin a specific n8n version for reproducibility (default: latest)
+# Example: 1.90.0
+# On HF Spaces, add this as a Variable (not Secret) so it's passed as a build arg.
+N8N_VERSION=latest

.gitignore

@@ -0,0 +1,33 @@
+# Environment
+.env
+.env.local
+.env.*.local
+
+# n8n local data
+.n8n/
+
+# Python
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
+.Python
+*.egg-info/
+dist/
+build/
+.venv/
+venv/
+
+# Node
+node_modules/
+npm-debug.log*
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Editor
+.vscode/
+.idea/
+*.swp
+*.swo

CHANGELOG.md

@@ -0,0 +1,29 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [1.0.0] - 2026-04-22
+
+### 🎉 Initial Release
+
+#### Features
+
+- **Self-hosted n8n** — runs the latest n8n on HuggingFace Spaces Docker with zero external database requirements (uses SQLite)
+- **Persistent backup** — automatically backs up `/home/node/.n8n` (workflows, credentials, SQLite DB, encryption key) to a private HF Dataset via `huggingface_hub`
+- **Safe SQLite backup** — uses `sqlite3 .backup` for a consistent hot-copy of the live database
+- **Auto-restore on startup** — restores the full n8n state from the dataset before starting n8n
+- **Graceful shutdown** — runs a final backup pass on `SIGTERM` / `SIGINT` before exiting
+- **Health endpoint** — `/health` on port 7861 returns sync status and service info
+- **Proxy server** — lightweight Node.js reverse proxy forwards HTTP and WebSocket traffic from port 7861 to n8n on port 5678
+- **UptimeRobot integration** — `setup-uptimerobot.sh` creates an external keep-alive monitor for the `/health` endpoint
+- **Basic auth** — n8n basic auth enabled by default; set `N8N_BASIC_AUTH_USER` and `N8N_BASIC_AUTH_PASSWORD` to secure your instance
+- **Timezone support** — set `GENERIC_TIMEZONE` for schedule trigger accuracy
+- **Optional n8n version pinning** — pass `N8N_VERSION` as a HF Space Variable to pin a specific n8n release
+
+#### Architecture
+
+- `Dockerfile` — builds on `node:22-slim`, installs n8n and Python sync dependencies
+- `start.sh` — validates config, restores backup, starts sync loop, proxy, and n8n
+- `n8n-sync.py` — manages backup/restore using `huggingface_hub`
+- `health-server.js` — lightweight HTTP + WebSocket reverse proxy with `/health` and `/status` endpoints
+- `setup-uptimerobot.sh` — optional one-shot script to create an UptimeRobot monitor

CODE_OF_CONDUCT.md

@@ -0,0 +1,27 @@
+# Code of Conduct
+
+## Our Pledge
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+**Positive behavior includes:**
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+
+**Unacceptable behavior includes:**
+- Trolling, insulting, or derogatory comments
+- Public or private harassment
+- Publishing others' private information without permission
+- Other conduct which could reasonably be considered inappropriate
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting the maintainer. All complaints will be reviewed and investigated.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.0.

CONTRIBUTING.md

@@ -0,0 +1,48 @@
+# Contributing to Hugging8n
+
+Thanks for your interest in contributing! ♾️
+
+## How to Contribute
+
+### Bug Reports
+- Open an issue with a clear description
+- Include your HF Space logs if possible
+- Mention the n8n version you're using (check Space logs on startup)
+
+### Feature Requests
+- Open an issue with the `enhancement` label
+- Describe the use case — why is this needed?
+
+### Pull Requests
+1. Fork the repo
+2. Create a feature branch: `git checkout -b feature/my-feature`
+3. Make your changes
+4. Test locally with Docker: `docker build -t hugging8n . && docker run -p 7861:7861 --env-file .env hugging8n`
+5. Commit with a clear message
+6. Push and open a PR
+
+### Code Style
+- Shell scripts: use `set -e`, quote variables, comment non-obvious logic
+- Keep it simple — this project should stay easy to understand
+- No unnecessary dependencies
+
+### Testing
+- Test with and without `HF_TOKEN` (backup enabled and disabled)
+- Test with and without `N8N_BASIC_AUTH_ACTIVE`
+- Verify the `/health` endpoint responds correctly
+- Verify n8n loads in the browser via the proxy
+
+## Development Setup
+
+```bash
+cp .env.example .env
+# Fill in your values
+docker build -t hugging8n .
+docker run -p 7861:7861 --env-file .env hugging8n
+```
+
+Then open `http://localhost:7861` — you should see the n8n UI.
+
+## Questions?
+
+Open an issue or start a discussion. We're friendly! 🤝

Dockerfile

@@ -1,5 +1,7 @@
 FROM node:22-slim
 
+ARG N8N_VERSION=latest
+
 ENV DEBIAN_FRONTEND=noninteractive \
     N8N_PORT=5678 \
     HF_HUB_DISABLE_PROGRESS_BARS=1 \
@@ -14,11 +16,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-pip \
     sqlite3 \
     tini \
-    && pip3 install --no-cache-dir --break-system-packages huggingface_hub==0.34.4 \
-    && npm install -g n8n@latest \
+    && pip3 install --no-cache-dir --break-system-packages huggingface_hub \
+    && npm install -g n8n@${N8N_VERSION} \
     && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir -p /home/node/app /home/node/.n8n && \
+    chmod 700 /home/node/.n8n && \
     chown -R node:node /home/node
 
 WORKDIR /home/node/app

README.md

@@ -5,53 +5,215 @@ colorFrom: blue
 colorTo: indigo
 sdk: docker
 app_port: 7861
-pinned: false
+pinned: true
 license: mit
 ---
 
-# Hugging8n
+<!-- Badges -->
+[![GitHub Stars](https://img.shields.io/github/stars/somratpro/hugging8n?style=flat-square)](https://github.com/somratpro/Hugging8N)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](https://opensource.org/licenses/MIT)
+[![HF Space](https://img.shields.io/badge/🤗%20HuggingFace-Space-blue?style=flat-square)](https://huggingface.co/spaces/somratpro/Hugging8n)
+[![n8n](https://img.shields.io/badge/n8n-workflow%20automation-orange?style=flat-square)](https://n8n.io)
 
-Run a self-hosted n8n instance on Hugging Face Spaces without external database services.
+**Self-hosted n8n workflow automation — free, no server needed.** Hugging8n runs [n8n](https://n8n.io) on HuggingFace Spaces Docker, giving you a full-featured workflow automation platform with 400+ integrations. Your workflows, credentials, and settings are automatically backed up to a private HuggingFace Dataset so nothing is lost on restart.
 
-This Space uses:
+## Table of Contents
 
-- `n8n` running locally on port `5678`
-- a small proxy/health server on port `7861` for HF Spaces
-- periodic backup of `/home/node/.n8n` to a private Hugging Face Dataset
+- [✨ Features](#-features)
+- [🚀 Quick Start](#-quick-start)
+- [🔐 Authentication](#-authentication)
+- [💾 Persistent Backup](#-persistent-backup)
+- [💓 Staying Alive](#-staying-alive)
+- [🏗️ Architecture](#-architecture)
+- [💻 Local Development](#-local-development)
+- [🐛 Troubleshooting](#-troubleshooting)
+- [🤝 Contributing](#-contributing)
+- [📄 License](#-license)
 
-## Required secret
+## ✨ Features
 
-- `HF_TOKEN`: Hugging Face token with write access to create/update a private dataset backup
+- ⚡ **Zero Config:** Duplicate this Space, set your credentials, and n8n is running in minutes.
+- 🔌 **400+ Integrations:** Connect any service — HTTP, webhooks, databases, Slack, Gmail, GitHub, and more.
+- 💾 **Persistent Backup:** Workflows, credentials, and the SQLite database back up automatically to a private HF Dataset. Restored on every startup so nothing is lost.
+- 🔐 **Basic Auth:** n8n is protected by basic auth out of the box — just set your username and password.
+- 🐳 **Docker Native:** Runs on the free HF Spaces tier (2 vCPU, 16GB RAM) with SQLite — no external database needed.
+- ⏰ **External Keep-Alive:** Optional UptimeRobot integration to prevent free Space sleep.
+- 🌐 **Health Endpoint:** `/health` returns service and sync status for monitoring.
+- 🏠 **100% HF-Native:** Runs entirely on HuggingFace's free infrastructure.
 
-## Recommended variables
+## 🚀 Quick Start
 
-- `BACKUP_DATASET_NAME`: backup dataset name. Default: `hugging8n-backup`
-- `SYNC_INTERVAL`: backup interval in seconds. Default: `180`
-- `GENERIC_TIMEZONE`: timezone for schedule triggers. Example: `Asia/Dhaka`
-- `N8N_ENCRYPTION_KEY`: optional explicit encryption key. If omitted, n8n stores it inside `.n8n` and the backup preserves it
-- `N8N_BASIC_AUTH_ACTIVE`: set to `true` if you want built-in basic auth
-- `N8N_BASIC_AUTH_USER`: basic auth username
-- `N8N_BASIC_AUTH_PASSWORD`: basic auth password
+### Step 1: Duplicate this Space
 
-## Optional variables
+[![Duplicate this Space](https://huggingface.co/datasets/huggingface/badges/resolve/main/duplicate-this-space-xl.svg)](https://huggingface.co/spaces/somratpro/Hugging8n?duplicate=true)
 
-- `HF_USERNAME`: owner of the backup dataset. By default this is inferred from `SPACE_AUTHOR_NAME`
-- `SPACE_HOST_OVERRIDE`: set this only if you want to override the detected Space hostname
-- `N8N_DIAGNOSTICS_ENABLED=false`
-- `N8N_PERSONALIZATION_ENABLED=false`
+Click the button above to duplicate the template into your own account.
 
-## How persistence works
+### Step 2: Add Your Secrets
 
-On startup, the Space restores `/home/node/.n8n` from a private dataset repo.
+Navigate to your new Space's **Settings**, scroll to the **Variables and secrets** section, and add the following under **Secrets**:
 
-While running, it watches for changes and uploads the updated `.n8n` directory back to the dataset. This preserves:
+#### Required — Authentication
 
-- workflows
-- credentials
-- users
-- SQLite database
-- encryption key
+| Secret | Description |
+| :--- | :--- |
+| `N8N_BASIC_AUTH_PASSWORD` | Password to log in to your n8n instance. Set this to protect your workflows. |
 
-## Keep-alive
+#### Required — Persistent Backup *(Highly Recommended)*
 
-If you already solved the sleep problem in your HF setup, use that. If not, `setup-uptimerobot.sh` can create an external monitor for `https://<your-space>.hf.space/health`.
+| Secret | Description |
+| :--- | :--- |
+| `HF_TOKEN` | HuggingFace token with write access. Get one at [hf.co/settings/tokens](https://huggingface.co/settings/tokens). |
+
+> [!TIP]
+> Without `HF_TOKEN`, n8n will still run, but workflows and credentials will be **lost every time the Space restarts**. It is strongly recommended to set this.
+
+#### Optional — Configuration
+
+| Variable / Secret | Default | Description |
+| :--- | :--- | :--- |
+| `N8N_BASIC_AUTH_USER` | `admin` | Username for n8n login |
+| `HF_USERNAME` | *(auto-detected)* | Your HF username, for naming the backup dataset |
+| `BACKUP_DATASET_NAME` | `hugging8n-backup` | Name of the private dataset repo for backup |
+| `SYNC_INTERVAL` | `180` | How often to back up, in seconds |
+| `GENERIC_TIMEZONE` | `UTC` | Timezone for schedule triggers (e.g. `Asia/Dhaka`) |
+| `N8N_ENCRYPTION_KEY` | *(auto-generated)* | Encryption key for stored credentials. Set explicitly so it survives Space rebuilds. |
+
+#### Build-Time Variable (add as Variable, not Secret)
+
+| Variable | Default | Description |
+| :--- | :--- | :--- |
+| `N8N_VERSION` | `latest` | Pin a specific n8n version (e.g. `1.90.0`) for reproducibility |
+
+> [!IMPORTANT]
+> On HuggingFace Spaces, `N8N_VERSION` must be added as a **Variable** (not a Secret) so it is passed as a Docker build arg during image build.
+
+### Step 3: Deploy & Run
+
+That's it! The Space will build and start automatically. Watch progress in the **Logs** tab. First build takes a few minutes as n8n installs.
+
+### Step 4: Log In
+
+Once the Space is running, open it and log in with:
+- **Username:** the value of `N8N_BASIC_AUTH_USER` (default: `admin`)
+- **Password:** the value of `N8N_BASIC_AUTH_PASSWORD`
+
+> [!WARNING]
+> If you did not set `N8N_BASIC_AUTH_PASSWORD`, your n8n instance is **unprotected**. Anyone with the Space URL can access your workflows and credentials. Set this secret immediately.
+
+## 🔐 Authentication
+
+Hugging8n uses n8n's built-in basic auth to protect your instance. It is enabled by default.
+
+| Variable | Default | Description |
+| :--- | :--- | :--- |
+| `N8N_BASIC_AUTH_ACTIVE` | `true` | Set to `false` to disable basic auth (not recommended) |
+| `N8N_BASIC_AUTH_USER` | `admin` | Login username |
+| `N8N_BASIC_AUTH_PASSWORD` | *(none)* | Login password — **must be set** |
+
+## 💾 Persistent Backup
+
+Hugging8n automatically backs up your entire n8n data directory (`/home/node/.n8n`) to a **private** HuggingFace Dataset.
+
+**What is backed up:**
+- All workflows
+- All credentials (encrypted)
+- SQLite database (hot-copy via `sqlite3 .backup`)
+- n8n encryption key
+- User data
+
+**How it works:**
+1. On startup: restore from dataset (if it exists)
+2. Every `SYNC_INTERVAL` seconds: detect changes and upload
+3. On shutdown (`SIGTERM`): run a final backup before exiting
+
+| Variable | Default | Description |
+| :--- | :--- | :--- |
+| `HF_TOKEN` | — | HF write token |
+| `HF_USERNAME` | *(auto)* | Dataset owner username |
+| `BACKUP_DATASET_NAME` | `hugging8n-backup` | Dataset repo name |
+| `SYNC_INTERVAL` | `180` | Backup interval in seconds |
+
+> [!TIP]
+> Set `N8N_ENCRYPTION_KEY` explicitly. If n8n auto-generates it and the Space is rebuilt (not just restarted), the key will be different and your backed-up credentials will be unreadable.
+
+## 💓 Staying Alive *(Recommended on Free HF Spaces)*
+
+Free HF Spaces sleep after periods of inactivity. Set up an external UptimeRobot monitor to keep yours awake.
+
+1. Create a free account at [uptimerobot.com](https://uptimerobot.com)
+2. Get your **Main API Key** from My Settings → API Settings
+3. Run the helper script:
+   ```bash
+   UPTIMEROBOT_API_KEY=your-key ./setup-uptimerobot.sh your-space.hf.space
+   ```
+4. UptimeRobot will ping `/health` every 5 minutes from outside HF, keeping the Space awake.
+
+> [!NOTE]
+> This works for **public** Spaces only. Private Spaces cannot be pinged by external monitors.
+
+## 🏗️ Architecture
+
+```
+Hugging8n/
+├── Dockerfile           # Builds on node:22-slim, installs n8n + Python sync
+├── start.sh             # Startup orchestrator: restore → sync loop → proxy → n8n
+├── n8n-sync.py          # Backup/restore via huggingface_hub
+├── health-server.js     # HTTP + WebSocket reverse proxy (port 7861 → 5678)
+├── setup-uptimerobot.sh # One-shot UptimeRobot monitor creation
+├── .env.example         # All environment variable documentation
+└── README.md            # This file
+```
+
+**Startup sequence:**
+1. Read environment variables and set n8n config
+2. Warn if `N8N_BASIC_AUTH_PASSWORD` is not set
+3. Restore backup from HF Dataset (if `HF_TOKEN` is set)
+4. Start backup sync loop in background
+5. Start health/proxy server on port 7861
+6. Start n8n on port 5678
+7. On `SIGTERM` / `SIGINT`: final backup + clean exit
+
+## 💻 Local Development
+
+```bash
+git clone https://github.com/somratpro/Hugging8N.git
+cd Hugging8N
+cp .env.example .env
+# Fill in N8N_BASIC_AUTH_PASSWORD and optionally HF_TOKEN
+```
+
+**With Docker:**
+
+```bash
+docker build -t hugging8n .
+docker run -p 7861:7861 --env-file .env hugging8n
+```
+
+Then open `http://localhost:7861`.
+
+**Pin an n8n version:**
+
+```bash
+docker build --build-arg N8N_VERSION=1.90.0 -t hugging8n .
+```
+
+## 🐛 Troubleshooting
+
+- **Can't log in:** Make sure `N8N_BASIC_AUTH_PASSWORD` is set in Secrets. Default username is `admin`.
+- **Workflows lost after restart:** Set `HF_TOKEN` and `HF_USERNAME` so the backup dataset is created and restored.
+- **n8n editor shows "disconnected":** The WebSocket proxy may not have connected yet — wait a few seconds and refresh. Check Space logs for errors.
+- **Space keeps sleeping:** Use `setup-uptimerobot.sh` to set up an external keep-alive monitor.
+- **Credentials unreadable after rebuild:** Make sure `N8N_ENCRYPTION_KEY` is set explicitly as a Secret. If it was auto-generated, it changes on rebuild.
+- **Build fails:** If you pinned `N8N_VERSION`, verify the version exists at [npmjs.com/package/n8n](https://www.npmjs.com/package/n8n?activeTab=versions).
+- **Backup failing:** Check Space logs for `Sync failed`. Verify `HF_TOKEN` has write access and `HF_USERNAME` is correct.
+
+## 🤝 Contributing
+
+Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## 📄 License
+
+MIT — see [LICENSE](LICENSE) for details.
+
+*Made with ❤️ by [@somratpro](https://github.com/somratpro)*

SECURITY.md

@@ -0,0 +1,29 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT open a public issue**
+2. Email the maintainer or open a private security advisory on GitHub
+3. Include steps to reproduce if possible
+
+We'll respond within 48 hours and work on a fix.
+
+## Security Best Practices
+
+When deploying Hugging8n:
+
+- **Enable basic auth** — set `N8N_BASIC_AUTH_USER` and `N8N_BASIC_AUTH_PASSWORD` to protect your n8n instance from unauthorized access
+- **Use a strong password** — generate with `openssl rand -base64 24`
+- **Set your Space to Private** — prevents unauthorized access to your n8n instance from the web
+- **Keep your HF token scoped** — use fine-grained tokens with minimum permissions (read/write to your backup dataset only)
+- **Set a strong `N8N_ENCRYPTION_KEY`** — protects your stored credentials; if lost, credentials cannot be recovered
+- **Don't commit `.env` files** — the `.gitignore` already excludes them
+- **Review n8n credentials** — periodically audit credentials stored in n8n
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 1.0.x   | ✅        |

health-server.js

@@ -75,21 +75,33 @@ const server = http.createServer((req, res) => {
 
 server.on("upgrade", (req, socket, head) => {
   const upstream = net.connect(TARGET_PORT, TARGET_HOST, () => {
-    socket.write(
+    const headers = {
+      ...req.headers,
+      host: `${TARGET_HOST}:${TARGET_PORT}`,
+      "x-forwarded-for": req.socket.remoteAddress || "",
+      "x-forwarded-host": req.headers.host || "",
+      "x-forwarded-proto": req.headers["x-forwarded-proto"] || "https",
+      upgrade: req.headers.upgrade || "websocket",
+      connection: "Upgrade",
+    };
+
+    const headerLines = Object.entries(headers)
+      .map(([key, value]) => `${key}: ${value}`)
+      .join("\r\n");
+
+    upstream.write(
       `${req.method} ${req.url} HTTP/${req.httpVersion}\r\n` +
-        Object.entries(buildHeaders(req))
-          .map(([key, value]) => `${key}: ${value}`)
-          .join("\r\n") +
+        headerLines +
         "\r\n\r\n",
     );
+
     if (head && head.length) upstream.write(head);
     upstream.pipe(socket);
     socket.pipe(upstream);
   });
 
-  upstream.on("error", () => {
-    socket.destroy();
-  });
+  upstream.on("error", () => socket.destroy());
+  socket.on("error", () => upstream.destroy());
 });
 
 server.listen(PUBLIC_PORT, "0.0.0.0", () => {

n8n-sync.py

@@ -122,7 +122,6 @@ def restore() -> bool:
                 repo_type="dataset",
                 token=HF_TOKEN,
                 local_dir=tmpdir,
-                local_dir_use_symlinks=False,
             )
 
             tmp_path = Path(tmpdir)

start.sh

@@ -20,7 +20,9 @@ export N8N_PORT
 export N8N_PROTOCOL="${N8N_PROTOCOL:-https}"
 export N8N_PROXY_HOPS="${N8N_PROXY_HOPS:-1}"
 export N8N_LISTEN_ADDRESS="${N8N_LISTEN_ADDRESS:-0.0.0.0}"
-export N8N_SECURE_COOKIE="${N8N_SECURE_COOKIE:-true}"
+# Must be false: HF Spaces terminates TLS at its edge; n8n sees plain HTTP internally.
+# Secure cookies require HTTPS end-to-end and will break login on HF Spaces.
+export N8N_SECURE_COOKIE="${N8N_SECURE_COOKIE:-false}"
 export N8N_DIAGNOSTICS_ENABLED="${N8N_DIAGNOSTICS_ENABLED:-false}"
 export N8N_PERSONALIZATION_ENABLED="${N8N_PERSONALIZATION_ENABLED:-false}"
 export N8N_USER_FOLDER="$N8N_HOME"
@@ -28,6 +30,17 @@ export N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS="${N8N_ENFORCE_SETTINGS_FILE_PERMIS
 export GENERIC_TIMEZONE="${GENERIC_TIMEZONE:-${TZ:-UTC}}"
 export TZ="${TZ:-$GENERIC_TIMEZONE}"
 
+# Basic auth — enabled by default to protect your n8n instance
+export N8N_BASIC_AUTH_ACTIVE="${N8N_BASIC_AUTH_ACTIVE:-true}"
+if [ "${N8N_BASIC_AUTH_ACTIVE}" = "true" ]; then
+  export N8N_BASIC_AUTH_USER="${N8N_BASIC_AUTH_USER:-admin}"
+  export N8N_BASIC_AUTH_PASSWORD="${N8N_BASIC_AUTH_PASSWORD:-}"
+  if [ -z "${N8N_BASIC_AUTH_PASSWORD:-}" ]; then
+    echo "⚠️  WARNING: N8N_BASIC_AUTH_ACTIVE=true but N8N_BASIC_AUTH_PASSWORD is not set."
+    echo "   Your n8n instance is NOT protected. Set N8N_BASIC_AUTH_PASSWORD in Secrets."
+  fi
+fi
+
 echo ""
 echo "  ╔════════════════════════════════════╗"
 echo "  ║            Hugging8n              ║"