跳转至

To securely "limit" Hermes Agent (HA) inside a Docker container but still allow it to communicate with n8n and Ollama, the best practice is to use a Custom Docker Network.

Instead of letting containers float around on your main network, you create a private virtual network just for them. Inside this private network, containers can talk to each other using their names (like http://n8n:5678) without exposing traffic to the outside.

Here is the exact setup to limit HA and connect it perfectly to n8n:

Step 1: Create a Private Docker Network

Open your terminal and create a private bridge network. Let's call it ai-net:

docker network create ai-net

Step 2: Start n8n on the Private Network

Run your n8n container, but this time attach it to the ai-net network:

docker run -d \ --name my-n8n \ --network ai-net \ -p 5678:5678 \ -v ~/.n8n:/home/node/.n8n \ docker.n8n.io/n8nio/n8n

Step 3: Start Hermes Agent with Limits

Now, start your Hermes Agent container. We will attach it to the same ai-net, give it access to your host (so it can see Ollama), and optionally add Resource Limits (like --memory or --cpus) so a rogue process inside the container can't consume all your Mac's resources.

docker run -d \ --name my-hermes-agent \ --network ai-net \ --memory="4g" \ --cpus="2" \ --add-host=host.docker.internal:host-gateway \ -v ~/.hermes:/opt/data \ nousresearch/hermes-agent

(Here we limited HA to 4GB of Docker RAM and 2 CPU cores, keeping it strictly contained).

Step 4: How they connect to each other now

Because both containers are locked inside ai-net, Docker provides automatic internal DNS. This makes configuring them incredibly easy:

  1. HA connecting to Ollama (The Brain): In your Hermes Agent config.json, the LLM URL remains: http://host.docker.internal:11434/v1 (This bridges the container to your Mac's host).

  2. HA connecting to n8n (The Factory): When defining the n8n tool for Hermes Agent (as we did in Phase 2 earlier), you no longer use host.docker.internal. Instead, HA can talk directly to the n8n container by its name! The base URL becomes: http://my-n8n:5678/api/v1/workflows

  3. n8n connecting to HA: If n8n ever needs to send data back to Hermes, it can use: http://my-hermes-agent:PORT

Why this is the ultimate setup: Your 70B LLM is running safely on the metal of your Mac to get maximum speed. Your Hermes Agent is locked in a lightweight, resource-limited Docker sandbox. Your n8n container is safely storing data in a volume. And they communicate over a private internal Docker network that never touches the public internet.

Detail for Step 4

To configure exactly how Hermes Agent (HA) and n8n talk to each other over your private Docker network, here are the exact files and interfaces you need to use for Points 2 and 3.

For Point 2: HA connecting to n8n (Editing the File)

You need to edit the configuration files inside your mounted Hermes volume on your Mac.

  1. The Exact File: Open ~/.hermes/config.json (or ~/.hermes/tools.json depending on how your specific version of the Hermes Agent structures its files).
  2. How to open it: You can open this easily in VS Code by typing code ~/.hermes/config.json in your Mac's terminal.
  3. What to change: You need to find the section where your custom tools or API endpoints are defined, and ensure the URL points to the Docker container name (my-n8n) instead of localhost. It will look like this:

{ "name": "create_n8n_workflow", "execution": { "type": "http_request", "method": "POST", "url": "http://my-n8n:5678/api/v1/workflows", "headers": { "X-N8N-API-KEY": "YOUR_N8N_API_KEY" } } }

Note: Because you mapped ~/.hermes as a volume, saving this file on your Mac instantly updates it inside the Docker container.

For Point 3: n8n connecting to HA (Using the Web Interface)

For n8n, you do not edit any text files. n8n stores its data in an internal database inside the ~/.n8n volume. Instead, you configure this entirely through the n8n visual web interface.

  1. The Exact Interface: Open your web browser on your Mac and go to http://localhost:5678.
  2. How to configure it: Open the workflow you want to edit.
  3. What to change:
    • Click the + button to add a new node.
    • Search for and add an "HTTP Request" node.
    • In the node settings on the right side of your screen, set the Method (e.g., POST).
    • For the URL field, type: http://my-hermes-agent:PORT/your-endpoint (replace PORT and endpoint with whatever port Hermes Agent uses to listen for incoming webhooks).

Summary: You edit a JSON file on your Mac to teach Hermes how to reach n8n, and you use the n8n Web Browser UI to teach n8n how to reach Hermes. Because they are on the same Docker network (ai-net), those container names (my-n8n and my-hermes-agent) act as valid web addresses!