n8n Self-Hosted 2026: Docker Setup + Security Guide
n8n

n8n Self-Hosted 2026: Docker Setup + Security Guide

8 min read

Self-hosting n8n on a $5-20/month VPS gives you unlimited workflows and executions with zero per-task fees — vs Zapier’s $19.99/month per task or Make.com’s credit-limited tier. Setup takes 30-60 minutes with Docker Compose + Caddy reverse proxy. Best for technical teams running 5,000+ executions/month or businesses with data privacy requirements (healthcare, legal, finance). Use Cloud ($20/month) instead if you have no DevOps capacity.

n8n is an open-source workflow automation platform that you can self-host for free. No per-execution fees, no monthly platform costs — just the price of a VPS (typically $5-30/month). It connects to 400+ services, supports full JavaScript, and gives you complete control over your data.

TL;DR

  • The platform is free to self-host — your only cost is a VPS ($5-30/month)
  • Setup takes 30-60 minutes with Docker Compose
  • Supports 400+ integrations plus custom HTTP requests to any API
  • Self-hosted means full data control — nothing leaves your server
  • Use n8n Cloud ($20+/month) if you want zero server management
  • Best for teams that want power and flexibility without per-execution pricing

This guide covers everything you need: from initial Docker setup to security hardening, with real workflow examples you can adapt for your business.

“n8n is a fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.” — n8n.io official site

“Self-hosting gives you full control over your data and workflows. Run unlimited executions on your own infrastructure.” — n8n Self-Hosting Documentation

Why Self-Host?

“n8n is a fair-code licensed workflow automation tool that lets you self-host, modify, and deploy as you see fit.” — n8n.io official documentation

Self-hosted n8n by the numbers

  • Hetzner CX11 VPS: $5/month (2 vCPU, 4GB RAM)
  • DigitalOcean droplet: $6/month (1 vCPU, 1GB RAM)
  • AWS EC2 t3.small: $15/month (2 vCPU, 2GB RAM)
  • n8n Cloud Starter equivalent: $20/month
  • n8n Cloud Pro equivalent: $50/month
  • Savings vs Cloud (annual): $180-$540/year
  • ROI break-even: 1-3 months for any business with 5+ active workflows
  • CPU usage idle: 1-3% on a 2-vCPU VPS
  • CPU usage during workflow execution: 15-40% spike
  • Memory usage idle: ~200MB
  • Memory usage with 10 active workflows: ~400-600MB
  • Disk space for 1 year of execution logs: ~5-10GB
  • Backup size (daily compressed): ~100-500MB
  • Docker image size: ~500MB

The Cost Argument

Let us compare running 5,000 workflow executions per month:

PlatformMonthly CostAnnual Cost
Zapier (Professional)$49-69$588-828
Make (Pro)$16-35$192-420
Managed Cloud (Starter)$20$240
Self-Hosted$5-20 (VPS only)$60-240

At 10,000+ executions/month, the savings with self-hosting become even more dramatic because there are no per-execution charges. For a full side-by-side of pricing tiers, execution limits, and where each tool shines, see the n8n vs Make vs Zapier 2026 comparison.

The Data Control Argument

When you self-host the platform, your data never leaves your infrastructure. Every workflow execution, every API credential, every piece of customer data stays on your server. For businesses in healthcare, legal, finance, or any industry with data privacy requirements, this is not a nice-to-have — it is a necessity.

The Flexibility Argument

The self-hosted setup has no artificial limitations:

  • Unlimited workflows
  • Unlimited executions
  • Unlimited users
  • Full JavaScript/Python code nodes
  • Custom npm packages
  • Direct database access
  • Native MCP server integration — for AI-agent automations (e.g. Safari MCP for browser control via your existing logins; just be aware most MCP browser tools silently fail on rich-text editors like LinkedIn and Notion without editor-specific workarounds)

Prerequisites

Before starting, you need:

  • A VPS (Virtual Private Server) — Hetzner, DigitalOcean, Contabo, or any provider
    • Minimum: 2 vCPUs, 2 GB RAM, 20 GB SSD (~$5-10/month)
    • Recommended: 2 vCPUs, 4 GB RAM, 40 GB SSD (~$10-20/month)
  • A domain name pointed to your server’s IP address (for HTTPS)
  • Basic terminal/SSH knowledge — you need to be comfortable running commands
  • Docker and Docker Compose installed on the server

Step 1: Server Setup and Docker Installation

SSH into your server and install Docker:

# Update system packages
sudo apt update && sudo apt upgrade -y

# Install Docker
curl -fsSL https://get.docker.com | sh

# Add your user to the docker group
sudo usermod -aG docker $USER

# Install Docker Compose plugin
sudo apt install docker-compose-plugin -y

# Verify installation
docker --version
docker compose version

Step 2: Docker Compose Configuration

Create a directory for the install and set up the configuration:

mkdir -p /opt/n8n && cd /opt/n8n

Create the docker-compose.yml file:

version: "3.8"

services:
  n8n:
    image: n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    ports:
      - "5678:5678"
    environment:
      # Basic configuration
      - N8N_HOST=n8n.yourdomain.com
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://n8n.yourdomain.com/

      # Security
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=admin
      - N8N_BASIC_AUTH_PASSWORD=your-strong-password-here

      # Database (SQLite by default, PostgreSQL recommended for production)
      - DB_TYPE=sqlite

      # Timezone
      - GENERIC_TIMEZONE=UTC
      - TZ=UTC

      # Execution settings
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=168  # 7 days

    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:
    driver: local

Start n8n:

docker compose up -d

The container is now running on port 5678. But before accessing it, you need HTTPS.

Step 3: Reverse Proxy with Caddy (Automatic HTTPS)

Caddy is the simplest way to get automatic HTTPS with Let’s Encrypt certificates. Add it to your Docker Compose or install it separately:

sudo apt install -y caddy

Create or edit /etc/caddy/Caddyfile:

n8n.yourdomain.com {
    reverse_proxy localhost:5678 {
        flush_interval -1
    }
}
sudo systemctl restart caddy

Caddy automatically obtains and renews SSL certificates. Your instance is now available at https://n8n.yourdomain.com.

Alternative: If you prefer Nginx, use it as a reverse proxy with Let’s Encrypt certbot for SSL. Caddy is simpler for this use case.

SQLite works for testing, but PostgreSQL is recommended for production workloads. Update your docker-compose.yml:

version: "3.8"

services:
  postgres:
    image: postgres:16
    container_name: n8n-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=n8n
      - POSTGRES_PASSWORD=your-db-password-here
      - POSTGRES_DB=n8n
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U n8n"]
      interval: 10s
      timeout: 5s
      retries: 5

  n8n:
    image: n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    ports:
      - "5678:5678"
    environment:
      - N8N_HOST=n8n.yourdomain.com
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://n8n.yourdomain.com/

      # PostgreSQL
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=your-db-password-here

      # Security
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=admin
      - N8N_BASIC_AUTH_PASSWORD=your-strong-password-here

      # Timezone
      - GENERIC_TIMEZONE=UTC
      - TZ=UTC

      # Execution settings
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=168

    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:
    driver: local
  postgres_data:
    driver: local

Step 5: Security Hardening

Self-hosting means you are responsible for security. Here are the essentials:

Firewall

# Allow only SSH, HTTP, and HTTPS
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# Block direct access to n8n port (only via reverse proxy)
sudo ufw deny 5678/tcp

Environment Variables Security

Never hardcode passwords in docker-compose.yml for production. Use a .env file:

# /opt/n8n/.env
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=your-very-strong-password
DB_POSTGRESDB_PASSWORD=your-db-password
N8N_ENCRYPTION_KEY=a-random-32-character-string

Then reference in docker-compose.yml:

environment:
  - N8N_BASIC_AUTH_PASSWORD=${N8N_BASIC_AUTH_PASSWORD}
  - DB_POSTGRESDB_PASSWORD=${DB_POSTGRESDB_PASSWORD}
  - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}

Automatic Backups

Create a simple backup script:

#!/bin/bash
# /opt/n8n/backup.sh
BACKUP_DIR="/opt/n8n/backups"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Export n8n workflows
docker exec n8n n8n export:workflow --all --output="/home/node/.n8n/backups/workflows_${DATE}.json"

# Backup PostgreSQL
docker exec n8n-postgres pg_dump -U n8n n8n > "${BACKUP_DIR}/db_${DATE}.sql"

# Keep only last 7 days
find $BACKUP_DIR -type f -mtime +7 -delete

echo "Backup completed: ${DATE}"

Schedule it with cron:

# Run backup daily at 3 AM
0 3 * * * /opt/n8n/backup.sh

Automatic Updates

#!/bin/bash
# /opt/n8n/update.sh
cd /opt/n8n

# Pull latest image
docker compose pull

# Restart with new image
docker compose up -d

echo "n8n updated to latest version"

Step 6: Queue Mode for High-Volume Setups

If you run 100+ workflow executions per day, Queue Mode improves reliability by using Redis to manage a job queue:

services:
  redis:
    image: redis:7-alpine
    container_name: n8n-redis
    restart: unless-stopped
    volumes:
      - redis_data:/data

  n8n:
    # ... (previous config)
    environment:
      # ... (previous env vars)
      - EXECUTIONS_MODE=queue
      - QUEUE_BULL_REDIS_HOST=redis
      - QUEUE_BULL_REDIS_PORT=6379

  n8n-worker:
    image: n8nio/n8n:latest
    container_name: n8n-worker
    restart: unless-stopped
    command: worker
    environment:
      # Same DB and Redis config as main n8n
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=${DB_POSTGRESDB_PASSWORD}
      - EXECUTIONS_MODE=queue
      - QUEUE_BULL_REDIS_HOST=redis
      - QUEUE_BULL_REDIS_PORT=6379
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  redis_data:
    driver: local

Q2 2026 Update: What Changed for Self-Hosted Deployments

Three Q2 2026 changes that affect self-hosted deployments:

  1. Version 1.115 shipped native Memory Tools (April 2026) — Vector store, Redis, and PostgreSQL memory are now first-class Tools inside the AI Agent node. Previously you wrote custom Code nodes to wire up persistent conversation memory; now it’s a checkbox. Build time for stateful agents (intent routing, multi-turn customer support) dropped from 3-5 weeks to 1-2 weeks. Release notes.
  2. LLM API costs collapsed 40-60%Claude Haiku 4.5, GPT-4o-mini, and Gemini Flash now price at $0.001-$0.005 per 1K tokens. A self-hosted instance running 200 AI-Agent conversations/day (≈800 LLM calls) dropped from $400-1,200/month to $80-200/month. This re-opens automations that were “too expensive at SMB scale” three months ago.
  3. WhatsApp Calling API GA + new nodes (March 2026) — official-API customers can now build voice-first flows: intake → AI-Agent → Calling API → calendar booking. Previously this required a 6-month custom engineering project; now it’s a 1-2 week workflow.

Rule of thumb, May 2026: if you self-host this platform and have not re-evaluated which workflows pull in the AI Agent node since February, you are leaving money on the table. The AI side of the cost equation moved more than the infrastructure side did.

Real-World Workflow Examples

1. Lead Capture to CRM + WhatsApp Notification

Trigger: Webhook from website contact form

Flow:

  1. Webhook receives form data (name, email, phone, message)
  2. Create contact in CRM (HubSpot / Airtable / Pipedrive)
  3. Send WhatsApp confirmation to the lead (see our WhatsApp bot for business guide for the API setup)
  4. Notify sales team on Slack/WhatsApp
  5. Add to email nurture sequence

This workflow replaces 5-10 minutes of manual work per lead and ensures no lead is ever missed.

2. Appointment Reminders

Trigger: Scheduled (runs every hour)

Flow:

  1. Query calendar/booking system for appointments in the next 24 hours
  2. Filter appointments that have not received a reminder yet
  3. Send WhatsApp reminder to each customer
  4. Mark reminders as sent in the database
  5. If customer replies “cancel,” automatically update the booking

Reduces no-shows significantly without any manual effort.

3. Invoice Automation

Trigger: Deal status changes to “Won” in CRM

Flow:

  1. Fetch deal details from CRM
  2. Generate invoice using accounting software API
  3. Send invoice to customer via email
  4. Send payment reminder after 7 days if unpaid
  5. Update CRM with payment status

4. Customer Support Triage

Trigger: New message received via WhatsApp/email

Flow:

  1. Receive customer message
  2. Use AI (OpenAI/Claude) to classify: billing, technical, general inquiry — this is a basic pattern; for autonomous multi-step reasoning see AI agents for business
  3. Check knowledge base for automatic answer
  4. If answer found with high confidence — send automated reply
  5. If not — route to appropriate team member in Chatwoot (see Chatwoot vs Intercom comparison for why we pick Chatwoot; 5% off Cloud with code UJR5GXWK)
  6. Log everything in CRM

Common Configuration Tips

Environment Variables Worth Setting

# Increase webhook timeout for slow APIs
N8N_DEFAULT_TIMEOUT=300

# Better error logging
N8N_LOG_LEVEL=info

# Allow larger payloads (for file processing)
N8N_PAYLOAD_SIZE_MAX=64

# Custom user folder (for multiple instances)
N8N_USER_FOLDER=/home/node/.n8n

# Disable usage telemetry (optional, privacy)
N8N_DIAGNOSTICS_ENABLED=false

Useful n8n CLI Commands

# Export all workflows
docker exec n8n n8n export:workflow --all --output=/home/node/.n8n/export.json

# Import workflows
docker exec n8n n8n import:workflow --input=/home/node/.n8n/export.json

# Reset admin password
docker exec n8n n8n user-management:reset

# Check n8n version
docker exec n8n n8n --version

When to Use the Managed Cloud Instead

Self-hosting is not for everyone. Choose n8n Cloud when:

  • No DevOps resources: You do not have anyone who can manage a Linux server
  • Compliance needs: You need SOC 2 or similar certifications that Cloud provides
  • Quick start: You want to be up and running in 5 minutes, not 60
  • Guaranteed uptime: Your business cannot tolerate any downtime for maintenance
  • Support: You want official support from the vendor team

The managed Cloud option starts at $20/month and includes managed hosting, automatic updates, SSL, and support. It is the same software with the same capabilities — just someone else manages the infrastructure.

Maintenance Checklist

Once your instance is running, keep it healthy:

  • Weekly: Check execution logs for failed workflows, review error notifications
  • Monthly: Update to the latest version, review and clean up unused workflows
  • Quarterly: Test backups by restoring to a test environment, review server security, update SSL if not auto-renewed
  • As needed: Scale server resources if execution times increase

April 2026 Update: New Features Worth Knowing

Three platform changes since this guide was written that improve the self-hosted experience:

  1. Version 1.70+ ships native Gemini 3 nodes — previously required HTTP Request nodes with manual prompt formatting. The native node handles streaming, tool use, and multi-modal inputs cleanly.
  2. Queue Mode stability improved in 1.70 — fewer “workflow stuck” states on long-running executions. If you’ve had to restart workers periodically, upgrading should reduce that.
  3. Task Runners GA — isolated Python/JavaScript execution environments that address the security concern of running untrusted code in the main process. Recommended for any public-facing workflow that accepts user input.

Rule of thumb, April 2026: keep your install within 2 minor versions of the latest release. The vendor team ships breaking changes slowly but consistently — falling 6+ versions behind makes future upgrades painful.

Getting Started

Going self-hosted with this platform gives you a powerful automation engine at a fraction of the cost of SaaS alternatives. The initial setup takes 30-60 minutes, and once running, it requires minimal maintenance.

If you are technical enough to follow this guide, you can manage everything yourself. If you want someone to handle the setup and build your workflows, that is where we come in.

We set up and maintain workflow automation instances for businesses — including server configuration, security hardening, workflow development, and ongoing support. One-time setup, no monthly platform fees.

Get a free consultation or message us on WhatsApp to discuss your automation setup. See our business automation service page and pricing tiers for delivery details.

Losing leads because no one's answering?

A WhatsApp bot answers, schedules, and captures leads 24/7 — from $1,000 one-time. Free consultation →

Get a Custom Quote

Prefer to chat? WhatsApp me · full pricing · our projects

Achiya - Business automation and bot specialist

Achiya Cohen

Business Automation Expert · Building bots since 2023

Built 50+ automation systems for businesses — WhatsApp bots, CRM integrations, and automated workflows that save hours of work every day. Specializing in n8n, Make, and WhatsApp Business API.

Contact · LinkedIn
WhatsApp Bot Service Business Automation Pricing

Ready to automate your business?

50+ businesses already save 15 hours/week. Tell me about yours — I'll show you exactly what we can automate.

Get a Custom Quote

Prefer WhatsApp? Message me →

Response within hours · No commitment

Share this article:

Back to Blog

Frequently Asked Questions

Is n8n really free?
Yes. The platform is open-source and free to self-host. You can run unlimited workflows with unlimited executions at no license cost. The only expense is your server hosting — typically $5-30/month for a VPS. A paid Cloud version (from $20/month) is also available if you prefer managed hosting.
What server specs do I need for n8n self-hosted?
For small to medium workloads (up to 50 workflows, a few thousand executions per day), a VPS with 2 vCPUs, 4 GB RAM, and 40 GB SSD is sufficient. This typically costs $10-20/month from providers like Hetzner, DigitalOcean, or Contabo. For heavy workloads, consider 4 vCPUs and 8 GB RAM.
How does n8n compare to Zapier and Make?
The open-source platform is free to self-host with no per-execution limits. Zapier is easier to use but charges per task ($19.99+/month). Make offers a good middle ground ($10.59+/month) but is credit-limited. The self-hosted route gives you the most control but requires technical knowledge.
Is n8n secure for business data?
When properly configured, the self-hosted setup is very secure — all data stays on your server, nothing passes through third parties. You control encryption, access, and backups. This makes it ideal for businesses with data privacy requirements. The key is proper setup: HTTPS, strong authentication, firewall rules, and regular updates.
Can I use n8n without coding knowledge?
The visual workflow editor does not require coding for basic automations. However, for advanced logic, data transformation, and debugging, basic JavaScript knowledge helps significantly. The community and documentation are excellent resources for learning.
What is Queue Mode in n8n?
Queue Mode uses Redis to manage workflow executions as a job queue. Instead of processing everything in the main process, work is distributed to separate worker processes. This improves reliability and performance for high-volume setups (100+ executions per day). It requires Redis but is straightforward to add with Docker.
When should I use n8n Cloud instead of self-hosting?
Use the managed Cloud option when you do not have technical staff to manage a server, need guaranteed uptime with professional support, prefer zero maintenance, or are just getting started and want to evaluate the platform before committing to infrastructure.