This is the setup we actually run: n8n behind a reverse proxy with automatic HTTPS, backed by Postgres, on a plain Ubuntu VPS. Works the same on Hetzner, Contabo, DigitalOcean, or Vultr — pick one with the calculator first (4 vCPU / 8 GB is a comfortable production size).
1. Prepare the server
Spin up an Ubuntu 24.04 VPS, point an A record (e.g. n8n.yourdomain.com) at its IP,
then install Docker:
curl -fsSL https://get.docker.com | sh
2. docker-compose.yml
services:
postgres:
image: postgres:16
restart: always
environment:
POSTGRES_USER: n8n
POSTGRES_PASSWORD: change_me
POSTGRES_DB: n8n
volumes:
- pg:/var/lib/postgresql/data
n8n:
image: docker.n8n.io/n8nio/n8n:latest
restart: always
environment:
DB_TYPE: postgresdb
DB_POSTGRESDB_HOST: postgres
DB_POSTGRESDB_USER: n8n
DB_POSTGRESDB_PASSWORD: change_me
N8N_HOST: n8n.yourdomain.com
N8N_PROTOCOL: https
WEBHOOK_URL: https://n8n.yourdomain.com/
N8N_ENCRYPTION_KEY: generate_a_long_random_string
depends_on: [postgres]
volumes:
- n8n:/home/node/.n8n
caddy:
image: caddy:2
restart: always
ports: ["80:80", "443:443"]
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy:/data
volumes: { pg: {}, n8n: {}, caddy: {} }
3. Caddyfile (automatic HTTPS)
n8n.yourdomain.com {
reverse_proxy n8n:5678
}
4. Launch
docker compose up -d
Caddy fetches a Let’s Encrypt certificate automatically. Open
https://n8n.yourdomain.com, create your owner account, and you’re live.
Hardening checklist
- Change every
change_meand set a realN8N_ENCRYPTION_KEY. - Enable a firewall: allow only
22,80,443. - Back up the
pgandn8nvolumes (n8n stores credentials encrypted with your key). - For heavy workflows, switch on queue mode and add RAM.
Want to run a local model next to n8n? See Ollama VPS requirements, or size the combined box with the calculator.