Guide

Hosting n8n cleanly: self-hosted, Docker and going to production

By Fabien Cavanna, Going for Growth · June 29, 2026 · 9 min read

In shortTo host n8n self-hosted, the simplest approach is Docker on a VPS, with a domain name, a reverse proxy and HTTPS. The Community edition (no license key) is free and is enough for most use cases. For a reliable production instance, add an external database (PostgreSQL) for persistence, regular backups, and a minimum of security (authentication, well-managed secrets). If you do not want to manage a server, n8n Cloud is an alternative billed per execution.

Self-hosted or n8n Cloud?

Before installing anything, the first decision is to choose between self-hosting (self-hosted) and the managed offering n8n Cloud. Both run the same workflows; the difference is who manages the infrastructure and the cost model.

Self-hosted means running n8n on your own server. Without a license key, you use the Community edition, which is free. You only pay for your infrastructure (a VPS costs on the order of a few euros per month) and you take on the maintenance: updates, backups, security, availability. It is the right choice if you want to control your data, avoid usage-based billing, or fine-tune the configuration.

n8n Cloud removes all infrastructure management: n8n hosts, updates and backs up for you. Billing is per execution: a full workflow run counts as one execution, regardless of how many steps it contains. There is no longer a permanent free Cloud plan (a free trial exists, and self-hosted Community remains free). Pricing changes over time: check the n8n.io/pricing page for current rates.

To be honest: if you are starting out and you do not want to manage a server, Cloud is faster to get going. If you know how to administer a Linux machine, or if data confidentiality and cost control matter most, self-hosted is more advantageous. Note as well that certain advanced features (SSO, environments, external secrets management, multi-main scaling, Git versioning) are reserved for paid editions, whether you are self-hosted or on Cloud.

What do you need to host n8n self-hosted?

To host n8n self-hosted, three elements are enough: a Linux VPS reachable from the internet, Docker (or Node.js 20.19 to 24.x), and a domain name pointing to the server's IP.

  • A server or VPS running Linux, reachable from the internet. A small instance (1 to 2 vCPU, 2 GB of RAM) covers modest usage; plan for more RAM if your workflows handle large volumes or make heavy use of AI models.
  • Docker, recommended by n8n, or otherwise Node.js via npm. If you go through npm, use a Node.js version in the range 20.19 to 24.x.
  • A domain name (for example n8n.yourdomain.com) pointing to the server's IP address. It is used to expose the interface cleanly and to enable HTTPS. Essential, in particular so that webhooks and certain OAuth integrations work with a stable, encrypted URL.

Docker is advised because it isolates the application, simplifies updates and makes the installation reproducible. npm remains a valid option if you prefer not to use containers.

How do you install n8n step by step?

Installing n8n takes seven steps: choose the hosting, prepare the server, launch n8n, add an HTTPS reverse proxy, configure the variables and the external database, set up backups and updates, check security. The exact commands depend on your distribution and your reverse proxy; what matters is the order and the logic of the steps.

  1. Choose the hosting. Go for self-hosted with Docker (recommended by n8n) if you manage a server, or for n8n Cloud if you do not want to administer infrastructure. The rest assumes self-hosted.
  2. Prepare the server. Provision a Linux VPS, update the system, create a dedicated user, and install Docker (or Node.js version 20.19 to 24.x if you choose npm). Point your domain name to the server's IP.
  3. Launch n8n. With Docker, start the official n8nio/n8n container while mounting a persistent volume for the data. With npm, install n8n globally then run the n8n command. Without a license key, you are on the Community edition.
  4. Add a reverse proxy and HTTPS. Place a reverse proxy (Caddy, Nginx or Traefik) in front of n8n to expose the interface on your domain over HTTPS, with a certificate (Let's Encrypt for example).
  5. Configure environment variables and an external database. Set the public URL, the timezone, the encryption key, and connect an external PostgreSQL database for persistence rather than the default SQLite database.
  6. Set up backups and updates. Back up the database and the persisted data regularly, and define a procedure to update the n8n image or package.
  7. Check security and access. Enable authentication, restrict open ports, store secrets outside the configuration repository, and verify that only the reverse proxy exposes n8n to the outside.

Once the instance is online, you can create your first workflows and automations. To build a conversational agent based on a language model, see the guide building an AI agent with n8n.

How do you move an n8n instance to production?

Five points make an n8n instance clean for production: reverse proxy and HTTPS, environment variables (including the encryption key), external PostgreSQL database, backups, and updates. An instance launched locally is not a production instance.

Reverse proxy and HTTPS. Never expose n8n directly over HTTP on the internet. A reverse proxy (Caddy, Nginx, Traefik) handles the TLS certificate, the encryption and, if needed, an additional authentication layer. It is also what gives a stable URL, required for webhooks and OAuth callbacks.

Environment variables. n8n is configured essentially through environment variables: public URL, timezone, database parameters, and above all the encryption key used for stored credentials. This key must be fixed and kept: losing it makes the saved credentials unreadable.

External database. In production, connect n8n to an external PostgreSQL database rather than the default SQLite database. PostgreSQL handles load better, backs up cleanly and survives the recreation of the container. SQLite remains handy for testing, but it is poorly suited to sustained use.

Backups. Back up the database regularly (your workflows, encrypted credentials, execution histories) and the encryption key. Without that key, restoring a database is not enough to recover the credentials.

Updates. n8n evolves quickly. Plan an update routine (new Docker image or new npm package), ideally tested on a pre-production instance, having backed up beforehand.

Reliability and scaling

Beyond the installation, a production instance must stay reliable over time.

Verified backups. A backup only has value if it restores. Periodically test a full restore (database + encryption key + persisted data) on a disposable instance.

Monitoring. Watch the instance's availability, CPU/RAM usage, disk space and failed executions. On a modest machine, RAM and disk (execution histories that accumulate) are the first limits to be reached.

Scaling. To absorb a high volume of executions, n8n offers a so-called queue mode that distributes the work across several worker processes, with a queue (Redis). It is the main lever to scale horizontally. Be careful, though: multi-main scaling and certain capabilities tied to high availability are among the features reserved for paid editions. For single-operator or SMB use, a well-sized instance is most often enough; moving to queue mode and multi-main is justified when volume truly calls for it.

If your need is mainly reliability without managing infrastructure, n8n Cloud takes the advantage back: backups and availability are handled for you, at the cost of per-execution billing.

Basic security

An n8n instance handles credentials to your services (APIs, databases, messaging): securing it is not optional.

  • Authentication. Never expose the interface without authentication. Enable n8n's user accounts and, if possible, add protection at the reverse proxy level.
  • Secrets. Keep the encryption key and sensitive variables out of your Git repository and out of versioned files. Use a protected environment file (restrictive permissions) or a secrets manager.
  • Network access. Limit open ports to the strict minimum (HTTPS via the reverse proxy). Do not expose n8n's internal port or the database's port directly on the internet.
  • Security updates. Keep the system, Docker and n8n up to date to benefit from patches.

n8n is distributed under the Sustainable Use License (fair-code model, source code available), which is not a classic OSI open source license. It allows self-hosting and internal use, while reserving certain features for paid editions. To go further on using n8n in an automation approach, see our page AI automation.

Frequently asked questions

Is self-hosted n8n free?
Yes. When self-hosting, without a license key, you use n8n's Community edition, which is free. You only pay for your infrastructure (a VPS, on the order of a few euros per month) and the maintenance time. Certain advanced features (SSO, environments, external secrets, multi-main scaling, Git versioning) remain reserved for paid editions, however.
Docker or npm to install n8n?
Docker is the method recommended by n8n: it isolates the application, simplifies updates and makes the installation reproducible. npm remains a valid option if you prefer not to use containers; in that case, use Node.js in the range 20.19 to 24.x. For most cases, Docker is the easiest choice to maintain.
Self-hosted or Cloud, which one to choose?
Choose self-hosted if you know how to administer a Linux server and you want to control your data and your costs (you only pay for the infrastructure). Choose n8n Cloud if you do not want to manage any infrastructure: n8n hosts, updates and backs up for you, with per-execution billing. Check n8n.io/pricing for current rates.
How do you secure an n8n instance?
At a minimum: expose the interface only over HTTPS via a reverse proxy, enable authentication, keep the encryption key and the secrets out of versioned files, limit open ports to the strict minimum (no direct exposure of n8n's internal port or the database), and keep the system, Docker and n8n up to date for security patches.

Further reading

An AI agent built and maintained for you, in production?

Describe your process and I will tell you honestly whether it can be automated. A first 30-minute call, free and with no commitment.

Book a free 30-min call