Self-host n8n for workflow automation
n8n is an open-source, fair-code workflow automation tool that lets you connect apps, trigger actions, and build complex pipelines — without writing code. Self-hosting puts you in control: no per-workflow pricing, no execution limits, and your credentials stay on your own server. Paired with an AI agent like Hermes or OpenClaw, n8n becomes a powerful orchestration layer.
Common n8n use cases
- Sync data between CRM, spreadsheets, and databases
- Trigger AI agent tasks from Slack messages or webhook events
- Automate email responses, form submissions, and Notion updates
- Build CI/CD notification pipelines and incident alerts
Step 1 — Install Docker
n8n has an official Docker image maintained by the n8n team. Install Docker Engine on Ubuntu:
sudo apt update
sudo apt install -y ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io
# Allow your user to run Docker without sudo
sudo usermod -aG docker $USER
newgrp dockerStep 2 — Run n8n with Docker
Use a named Docker volume so your workflows and credentials survive container restarts and upgrades:
docker run -d \
--name n8n \
--restart unless-stopped \
-p 127.0.0.1:5678:5678 \
-e N8N_HOST=n8n.yourdomain.com \
-e WEBHOOK_URL=https://n8n.yourdomain.com/ \
-e N8N_BASIC_AUTH_ACTIVE=true \
-e N8N_BASIC_AUTH_USER=admin \
-e N8N_BASIC_AUTH_PASSWORD=your_strong_password \
-e N8N_ENCRYPTION_KEY=a_random_32_char_string_here \
-v n8n_data:/home/node/.n8n \
n8nio/n8n127.0.0.1:5678 means n8n only accepts connections from localhost — the reverse proxy in the next step handles external traffic. Never expose port 5678 directly to the internet.Step 3 — HTTPS with Caddy
Caddy automatically provisions and renews TLS certificates. Install it and create a Caddyfile:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install caddyStep 4 — Open the firewall
sudo ufw allow 80/tcp comment 'HTTP (Caddy)'
sudo ufw allow 443/tcp comment 'HTTPS (Caddy)'
# Do NOT open 5678 externally — Caddy handles it
sudo ufw reloadVisit https://n8n.yourdomain.com — you should see the n8n login screen. Use the basic auth credentials you set in the Docker run command.
Step 5 — Updates and backups
Updating n8n
docker pull n8nio/n8n
docker stop n8n && docker rm n8n
# Re-run the docker run command from Step 2 (same volume, new image)
docker run -d ... n8nio/n8nBack up your workflows
The n8n_data named volume holds all workflows, credentials, and settings. Back it up daily:
# Add to crontab: crontab -e
0 2 * * * docker run --rm -v n8n_data:/data -v /var/backups:/backup alpine \
tar -czf /backup/n8n-$(date +%F).tar.gz /dataPrefer not to manage it yourself?
AgentOcean VPS plans give you a hardened base server with Docker pre-installed — ready for n8n or any other self-hosted app.