fix(n8n): pin docker bridge MTU to 1280 to avoid timeouts on lower-MTU hosts

zaewc · zaewc · commit 38dbbab809e4 · 2026-05-21T12:08:16.000+09:00
diff --git a/infra/n8n/docker-compose.yml b/infra/n8n/docker-compose.yml
@@ -3,11 +3,9 @@
 #
 # Default deployment (MVP, no domain):
 #   - n8n bound to 127.0.0.1:5678 on the host (not reachable from the internet).
-#   - Access the UI via SSH tunnel from your workstation:
-#       ssh -L 5678:127.0.0.1:5678 ubuntu@ssh.gsmsv.site -p 27113
-#     then open http://localhost:5678 in your browser.
-#   - GitHub webhooks cannot reach this yet (no public HTTPS). Enable the Caddy
-#     service below once a domain points at this host.
+#   - Public HTTPS exposure via Tailscale Funnel (see infra/n8n/README.md).
+#     Funnel proxies to http://127.0.0.1:5678 on the host, so the loopback
+#     binding above is sufficient.
 
 services:
   n8n:
@@ -26,32 +24,17 @@ services:
       retries: 5
       start_period: 30s
 
-  # Enable when a domain is pointed at this host.
-  # 1) Point DNS A record (e.g. n8n.example.com) at this server.
-  # 2) Open firewall ports 80 and 443.
-  # 3) Copy Caddyfile.example to Caddyfile and set your real domain.
-  # 4) In .env switch N8N_HOST / N8N_PROTOCOL / WEBHOOK_URL to your HTTPS URL.
-  # 5) Remove the "127.0.0.1:" prefix from the n8n ports binding above so Caddy
-  #    (in the same compose network) can reach n8n at http://n8n:5678 — actually
-  #    inter-container traffic does not need the host port at all, so prefer:
-  #       ports: []        # remove host binding entirely
-  # 6) docker compose up -d caddy
-  #
-  # caddy:
-  #   image: caddy:2-alpine
-  #   container_name: n8n-caddy
-  #   restart: unless-stopped
-  #   ports:
-  #     - "80:80"
-  #     - "443:443"
-  #   volumes:
-  #     - ./Caddyfile:/etc/caddy/Caddyfile:ro
-  #     - caddy_data:/data
-  #     - caddy_config:/config
-  #   depends_on:
-  #     - n8n
+networks:
+  # MTU pinned to 1280 because (a) the school NAT's eth0 only carries 1400 byte
+  # frames and (b) Tailscale's tailscale0 interface is 1280. Without this,
+  # Docker's default 1500-byte bridge fragments large outbound POSTs (e.g.
+  # n8n -> api.github.com workflow_dispatch) and they get silently dropped,
+  # surfacing as "connection timed out" / "connection closed unexpectedly" in
+  # the n8n HTTP Request node.
+  default:
+    driver: bridge
+    driver_opts:
+      com.docker.network.driver.mtu: "1280"
 
 volumes:
   n8n_data:
-  # caddy_data:
-  # caddy_config:
