Skip to content

Deployment Overview of n8n on Server

Prerequisites and Basic Requirements

The deployment requires a server running Ubuntu 22.04 (Jammy) with root privileges. The system must have internet access to pull Docker images and resolve domain names. The following ports must be available on the server:

  • Port 80 for HTTP traffic and TLS challenges.
  • Port 443 for HTTPS traffic.
  • Port 5678 for the n8n application (bound to localhost only).

A valid domain name is required for the final_domain variable to configure SSL certificates and routing rules.

File and Directory Structure

The deployment utilizes specific directories for configuration files, data persistence, and SSL certificates. The structure is organized as follows:

  • /root/n8n-compose-file/: Contains the Docker Compose configuration file (compose.yml).
  • /root/letsencrypt/: Stores ACME certificates and the acme.json file for Traefik.
  • /root/.n8n/: Persists n8n workflow data, credentials, and settings.
  • /root/local-files/: Stores local files accessible by the n8n container.
  • /data/: A general data directory created during setup.

Application Installation Process

The application is deployed using Docker Compose. The installation process involves the following steps:

  1. Install Docker Engine version 5:28.5.2-1~ubuntu.22.04~jammy for both docker-ce and docker-ce-cli packages.
  2. Hold the Docker packages to prevent automatic upgrades via dpkg_selections.
  3. Generate the compose.yml file in /root/n8n-compose-file/.
  4. Execute the docker compose up -d command within the /root/n8n-compose-file directory to start the services.
  5. Wait for the n8n service to initialize.

The n8n container runs the docker.n8n.io/n8nio/n8n:latest image.

Docker Containers and Their Deployment

The deployment utilizes two primary containers managed by Docker Compose:

  • Traefik: Acts as the reverse proxy and load balancer.

    • Image: traefik
    • Restart Policy: always
    • Entrypoints: web (port 80) and websecure (port 443).
    • Configuration: Enables Docker provider, forces HTTP to HTTPS redirection, and configures TLS challenges for automatic certificate management.
    • Volumes: Mounts /root/letsencrypt for certificate storage and /var/run/docker.sock for Docker API access.

  • n8n: The workflow automation application.

    • Image: docker.n8n.io/n8nio/n8n:latest
    • Restart Policy: always
    • User: Runs as root.
    • Ports: Exposes port 5678 only on 127.0.0.1.
    • Environment Variables:
      • N8N_HOST: Set to the configured domain.
      • N8N_PORT: Set to 5678.
      • N8N_PROTOCOL: Set to https.
      • NODE_ENV: Set to production.
      • WEBHOOK_URL: Set to https://<domain>/.
      • GENERIC_TIMEZONE: Set to Europe/Amsterdam.
    • Volumes: Mounts /root/.n8n for data persistence and /root/local-files for file access.

Proxy Servers

Traefik serves as the reverse proxy for the n8n application. It handles SSL termination and routing based on host headers.

  • Routing Rules: Traffic is routed to the n8n service if the Host header matches the configured final_domain or an optional temp_domain.
  • SSL/TLS: Traefik uses the mytlschallenge resolver to automatically obtain and renew TLS certificates via the ACME TLS-ALPN-01 challenge.
  • Security Headers: The deployment enforces several security headers via Traefik middlewares:
    • SSLRedirect: Forces HTTPS.
    • STSSeconds: Sets Strict-Transport-Security to 315360000 seconds.
    • browserXSSFilter: Enables XSS protection.
    • contentTypeNosniff: Prevents MIME type sniffing.
    • forceSTSHeader: Ensures the STS header is present.
    • SSLHost: Sets the host for SSL validation.
    • STSIncludeSubdomains: Includes subdomains in HSTS.
    • STSPreload: Adds the preload directive to HSTS.

Permission Settings

The deployment script sets specific permissions for the created directories:

  • /data/ and /root/n8n-compose-file/ are created with 0750 permissions, owned by root:root.
  • The compose.yml file is generated with 0644 permissions, owned by root:root.
  • The n8n container runs with the root user, allowing it to write to the mounted volumes at /root/.n8n and /root/local-files.

Starting, Stopping, and Updating

Service management is handled via Docker Compose commands executed in the /root/n8n-compose-file directory.

  • Start: docker compose up -d
  • Stop: docker compose down
  • Update: To update the application, pull the latest image and restart the containers: 
    docker compose pull
docker compose up -d

The Docker packages are held to prevent unintended version changes, ensuring the system remains on the specified version unless manually updated.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×