Անցնել պարունակությանը

n8n Server Deployment Overview

Prerequisites

The following system parameters are required for the application to function correctly:

  • Operating System: Ubuntu (recommended).

  • Access Rights: Superuser (root) privileges to install system packages and manage Docker.

  • Domain: A configured domain name matching the panel template.

  • Ports:

    • 80/tcp — HTTP (for redirection to HTTPS and Certbot validation).

    • 443/tcp — HTTPS (primary application access).

    • 5678/tcp — internal application port (accessible only locally via 127.0.0.1).

FQDN of the final panel on hostkey.in domain

Parameter Value
Prefix n8n
Domain hostkey.in
Full Template n8n{Server_ID_from_Invapi}.hostkey.in

File and Directory Structure

All primary data and configurations are distributed across the following paths:

  • /data/nginx/user_conf.d/ — Nginx user configurations.

  • /data/nginx/letsencrypt/.well-known/acme-challenge/ — Directory for SSL certificate validation.

  • /root/n8n-compose-file/ — Working directory containing the compose.yml file.

  • /data/n8n — Primary n8n application data.

  • /data/n8n/files — User files uploaded to n8n.

Application Installation Process

The application is deployed using Docker and Docker Compose. The official image docker.n8n.io/n8nio/n8n:latest is used.

The process includes:

  1. Preparation of system dependencies (fixing dpkg errors, installing curl and dnsutils).

  2. Installation of Docker.

  3. Creation of required directories with appropriate permissions.

  4. Generation of Nginx and Docker Compose configuration files.

  5. Starting containers via docker compose up -d.

Access Rights and Security

  • Firewall (UFW): The system is configured with rules allowing incoming traffic on ports 80 and 443/tcp.

  • Users:

    • n8n data directories (/data/n8n) are owned by the user with UID 1000 and GID 1000.

    • Nginx configuration files are owned by the root user.

  • Access Restriction: The n8n application listens on port 5678 only on the 127.0.0.1 interface, which prevents direct access from the external network bypassing the proxy server.

Docker Containers and Execution

The system utilizes two main containers:

  1. nginx:

    • Image: jonasal/nginx-certbot:latest.

    • Network Mode: host.

    • Purpose: Traffic proxying, SSL certificate management via Certbot.

  2. n8n:

    • Image: docker.n8n.io/n8nio/n8n:latest.

    • Operation Mode: Production.

Application Update Instructions

The update is performed by running pull and restarting the containers. To update, execute the command in the directory containing the configuration file:

docker compose pull && docker compose up -d

Permissions Settings

Path Owner (UID/GID) Permissions
/data root:root 0755
/data/n8n 1000:1000 0755
/data/n8n/files 1000:1000 0755

Configuration Files and Data Location

  • Docker Compose Configuration: /root/n8n-compose-file/compose.yml.

  • Nginx Certbot Environment Variables: /data/nginx/nginx-certbot.env.

  • SSL Certificates: Stored in Docker Volume nginx_secrets (inside the container at path /etc/letsencrypt).

Available Connection Ports

Port Protocol Purpose Accessibility
80 TCP HTTP Public
443 TCP HTTPS Public
5678 TCP n8n Internal Local only (127.0.0.1)

Starting and Stopping the Application

Container management is performed via docker compose in the /root/n8n-compose-file directory:

  • Start: 

    docker compose up -d

  • Stop: 

    docker compose down

Proxy Servers

nginx combined with certbot is used as the proxy server.

  • SSL: Automatic acquisition and renewal of certificates via Let's Encrypt. The renewal check interval is set to 8d.

  • Configuration: Nginx is configured for automatic redirection from HTTP (port 80) to HTTPS (port 443). Header forwarding is configured for the correct operation of webhooks and WebSockets (Upgrade, Connection).

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×