Hosting your own n8n instance gives you complete control over your workflow execution data, avoids strict limits on active workflows, and allows you to call internal microservices or databases without exposing them to the internet. Self-hosting via Docker is the recommended approach for stable and scalable operations.

In this tutorial, we will walk you through a step-by-step production deployment using Docker Compose, an Nginx Reverse Proxy, and automatic SSL certificate renewals using Certbot (Let's Encrypt).

Prerequisites

Before beginning, ensure you have the following:

  • A virtual private server (VPS) running Ubuntu 22.04 LTS or newer.
  • A domain name (e.g., n8n.yourdomain.com) with an A Record pointing to your VPS public IP address.
  • Docker and Docker Compose installed on your server.
  • Standard network ports 80 (HTTP) and 443 (HTTPS) open on your firewall.

Step 1: Set Up Project Directory

SSH into your server and create a structured directory to hold your docker-compose file and persistent n8n volume data:

mkdir -p ~/n8n-setup/data
cd ~/n8n-setup

Step 2: Create the Environment File

We will configure n8n parameters through an .env file. Create the file using nano or your preferred editor:

nano .env

Paste the following environment variables, replacing values with your actual domain and security credentials:

# Domain details
DOMAIN_NAME=n8n.yourdomain.com
SUBDOMAIN=n8n

# Security
N8N_ENCRYPTION_KEY=super-secret-encryption-key-here
JWT_SECRET=another-super-secure-random-jwt-key

# Timezone & User Configuration
GENERIC_TIMEZONE=Asia/Kolkata
TZ=Asia/Kolkata

# Database configuration (using SQLite default, upgrade to Postgres for heavy workloads)
N8N_PORT=5678

⚠️ Important Security Note: Always generate a strong random string for your N8N_ENCRYPTION_KEY and JWT_SECRET. These encrypt credentials saved in your workflows. Do not leave them as placeholders!

Step 3: Write the Docker Compose File

Create a docker-compose.yml file to manage n8n and Nginx containers. We will also include a custom volume mapping so n8n data is safely persisted on the host server filesystem.

nano docker-compose.yml

Paste the following service configuration inside the file:

version: '3.8'

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n:latest
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_PORT=5678
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
      - JWT_SECRET=${JWT_SECRET}
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${TZ}
      - WEBHOOK_URL=https://${DOMAIN_NAME}/
    volumes:
      - ./data:/home/node/.n8n

Step 4: Configure Nginx Reverse Proxy

Instead of exposing port 5678 directly to the web, we use Nginx as a reverse proxy. This is more secure and handles SSL handshakes efficiently.

Install Nginx on your host system if it isn't already:

sudo apt update
sudo apt install nginx -y

Create a new server block configuration for your n8n instance:

sudo nano /etc/nginx/sites-available/n8n

Paste the following config block, updating server name to your domain:

server {
    listen 80;
    server_name n8n.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:5678;
        proxy_set_header Connection '';
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }
}

Enable the site configuration by creating a symlink to the enabled folder, test Nginx configuration syntax, and restart Nginx:

sudo ln -s /etc/nginx/sites-available/n8n /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Step 5: Obtain Let's Encrypt SSL Certificate

To enable secure HTTPS access, we use Certbot. It automatically requests an SSL certificate and configures Nginx redirection rules.

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d n8n.yourdomain.com

Follow the interactive command-line prompts, enter your email address for renewal notifications, and opt to auto-redirect HTTP traffic to secure HTTPS.

Step 6: Launch n8n Container

With Nginx, ports, and SSL configured, launch your n8n docker service in detached daemon mode:

docker-compose up -d

Verify that the containers are healthy and running:

docker-compose ps

You can now navigate to your domain (https://n8n.yourdomain.com) in a browser. You will be greeted by the n8n initial owner account setup screen where you can create your admin username and password.

Conclusion

Your n8n instance is now securely self-hosted on your cloud server! Your workflows will run automatically in the background, and all webhooks are ready to accept HTTPS payloads securely. For production instances with heavy workloads, consider updating SQLite to a separate PostgreSQL docker container.