Skip to content

Deployment Overview of n8n on Server

Prerequisites and Basic Requirements

  • Operating System: Ubuntu 22.04 (Jammy)

  • Privileges: Root access is required to manage Docker and system directories.

  • Domain: A fully qualified domain name (FQDN) is required for SSL termination and routing.

  • Ports:

  • Port 80 (HTTP) for initial SSL negotiation.

  • Port 443 (HTTPS) for secure application access.

  • Port 5678 (Internal) for the n8n service communication.

FQDN of the Final Panel

The application is accessible via the hostkey.in domain using the following format: n8n<Server ID>.hostkey.in

The service is exposed externally on port 443 via Traefik proxy.

File and Directory Structure

The deployment utilizes the following directory structure on the server:

  • /root/n8n-compose-file/: Contains the Docker Compose configuration file (compose.yml).

  • /root/letsencrypt/: Stores SSL certificates and the ACME configuration file (acme.json).

  • /root/.n8n/: Persists the n8n application data, workflows, and credentials.

  • /root/local-files/: Stores local file uploads associated with n8n workflows.

  • /data/: A general data directory created during setup.

Application Installation Process

The n8n application is deployed using Docker Compose. The deployment process includes:

  • Installation of the Docker Engine (specifically version 5:28.5.2-1~ubuntu.22.04~jammy on Ubuntu 22.04).

  • Creation of the necessary directory structure.

  • Generation and execution of the compose.yml file to launch services.

The specific image used for the n8n service is: docker.n8n.io/n8nio/n8n:latest

Docker Containers and Their Deployment

Two primary containers are deployed via Docker Compose:

  1. Traefik:

    • Image: traefik

    • Purpose: Reverse proxy, SSL termination, and routing.

    • Configuration: Enabled Docker provider to auto-discover n8n via labels. Configured to redirect all HTTP traffic to HTTPS.

  2. n8n:

    • Image: docker.n8n.io/n8nio/n8n:latest

    • Purpose: Executes the n8n workflow automation engine.

    • User: Runs as root.

    • Networking: Exposes port 5678 only on the localhost interface (127.0.0.1), requiring the Traefik proxy for external access.

The deployment is managed by running docker compose up -d within the /root/n8n-compose-file directory.

Proxy Servers

Traefik acts as the reverse proxy for the application with the following configuration:

  • Entrypoints:

  • web: Listens on port 80 and redirects to websecure.

  • websecure: Listens on port 443 for HTTPS traffic.

  • SSL/TLS:

  • Automatic certificate management via Let's Encrypt (ACME TLS Challenge).

  • Certificates are stored in /letsencrypt/acme.json within the Traefik container volume.

  • Email used for Let's Encrypt notifications: [email protected].

  • Middleware:

  • Enforces SSL redirection.

  • Applies strict security headers (STS, XSS Filter, Content-Type Nosniff).

  • Sets the SSLHost and includes subdomains/preload in the STS header.

  • Routing Rules:

  • Routes traffic to the n8n service based on the Host header matching the final domain.

  • Maps the external request to the internal n8n port 5678.

Databases

  • Connection Method: n8n uses SQLite as the default database engine, stored within the application's persistent volume.

  • Storage Location: Database files are located inside the volume mounted at /root/.n8n.

Access Rights and Security

  • File Permissions:

  • The directory /root/n8n-compose-file and /data are owned by root:root with permissions 0750.

  • The compose.yml file has permissions 0644.

  • Firewall and Ports:

  • External access is restricted to ports 80 and 443 via Traefik.

  • The n8n container port 5678 is bound strictly to 127.0.0.1, preventing direct external access.

  • Security Headers:

  • HTTP Strict Transport Security (HSTS) is enabled with a 10-year max-age.

  • Cross-site scripting (XSS) filtering is active.

  • Content-Type sniffing is disabled.

Location of Configuration Files and Data

  • Docker Compose File: /root/n8n-compose-file/compose.yml

  • n8n Data: /root/.n8n (Mounts to /root/.n8n inside the container).

  • Local Files: /root/local-files (Mounts to /files inside the container).

  • SSL Certificates: /root/letsencrypt (Mounts to /letsencrypt inside the Traefik container).

Available Ports for Connection

Port Protocol Description Visibility
80 HTTP Initial redirection to HTTPS External (via Traefik)
443 HTTPS Secure access to n8n UI and Webhooks External (via Traefik)
5678 TCP n8n Service Port Internal only (127.0.0.1)

Starting, Stopping, and Updating

Service management is performed using Docker Compose commands from the configuration directory:

  • Start or Restart Services: 

    cd /root/n8n-compose-file
docker compose up -d

  • Stop Services: 

    cd /root/n8n-compose-file
docker compose down

  • Update n8n Image: To pull the latest latest tag and restart the container: 

    cd /root/n8n-compose-file
docker compose pull
docker compose up -d

  • View Logs: 

    cd /root/n8n-compose-file
docker compose logs -f

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×