Self-hosting

Self-host n8n for workflow automation

n8n is an open-source, fair-code workflow automation tool that lets you connect apps, trigger actions, and build complex pipelines — without writing code. Self-hosting puts you in control: no per-workflow pricing, no execution limits, and your credentials stay on your own server. Paired with an AI agent like Hermes or OpenClaw, n8n becomes a powerful orchestration layer.

Common n8n use cases

  • Sync data between CRM, spreadsheets, and databases
  • Trigger AI agent tasks from Slack messages or webhook events
  • Automate email responses, form submissions, and Notion updates
  • Build CI/CD notification pipelines and incident alerts

Step 1 — Install Docker

n8n has an official Docker image maintained by the n8n team. Install Docker Engine on Ubuntu:

sudo apt update
sudo apt install -y ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io

# Allow your user to run Docker without sudo
sudo usermod -aG docker $USER
newgrp docker

Step 2 — Run n8n with Docker

Use a named Docker volume so your workflows and credentials survive container restarts and upgrades:

docker run -d \
  --name n8n \
  --restart unless-stopped \
  -p 127.0.0.1:5678:5678 \
  -e N8N_HOST=n8n.yourdomain.com \
  -e WEBHOOK_URL=https://n8n.yourdomain.com/ \
  -e N8N_BASIC_AUTH_ACTIVE=true \
  -e N8N_BASIC_AUTH_USER=admin \
  -e N8N_BASIC_AUTH_PASSWORD=your_strong_password \
  -e N8N_ENCRYPTION_KEY=a_random_32_char_string_here \
  -v n8n_data:/home/node/.n8n \
  n8nio/n8n
Security note: Binding to 127.0.0.1:5678 means n8n only accepts connections from localhost — the reverse proxy in the next step handles external traffic. Never expose port 5678 directly to the internet.

Step 3 — HTTPS with Caddy

Caddy automatically provisions and renews TLS certificates. Install it and create a Caddyfile:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install caddy

Step 4 — Open the firewall

sudo ufw allow 80/tcp comment 'HTTP (Caddy)'
sudo ufw allow 443/tcp comment 'HTTPS (Caddy)'
# Do NOT open 5678 externally — Caddy handles it
sudo ufw reload

Visit https://n8n.yourdomain.com — you should see the n8n login screen. Use the basic auth credentials you set in the Docker run command.

Step 5 — Updates and backups

Updating n8n

docker pull n8nio/n8n
docker stop n8n && docker rm n8n
# Re-run the docker run command from Step 2 (same volume, new image)
docker run -d ... n8nio/n8n

Back up your workflows

The n8n_data named volume holds all workflows, credentials, and settings. Back it up daily:

# Add to crontab: crontab -e
0 2 * * * docker run --rm -v n8n_data:/data -v /var/backups:/backup alpine \
  tar -czf /backup/n8n-$(date +%F).tar.gz /data

Prefer not to manage it yourself?

AgentOcean VPS plans give you a hardened base server with Docker pre-installed — ready for n8n or any other self-hosted app.

Related