n8n Self-Hosting Setup Guide (DigitalOcean)

You need a self-hosted n8n instance that won't crash during peak workflow runs and won't expose your client data to third-party cloud services. This guide walks you through deploying n8n on DigitalOcean with proper SSL, process management, and security hardening.

Total setup time: 45-60 minutes. Monthly cost: $12-24 depending on your droplet size.

Required:

• DigitalOcean account with payment method added
• Domain name pointed to DigitalOcean nameservers (or ability to create A records)
• SSH key pair generated on your local machine
• Terminal access (Terminal on Mac, PowerShell on Windows, or any SSH client)

Recommended:

• 1Password or similar for storing server credentials
• Basic understanding of command-line navigation (cd, ls, nano)

1. Log into DigitalOcean and click the green "Create" button in the top right
2. Select "Droplets" from the dropdown menu
3. Configure your droplet with these exact settings:

Image Selection:

• Choose "Ubuntu 22.04 (LTS) x64" under the Distributions tab
• Do not use Ubuntu 20.04 or older versions

Droplet Size:

• Select "Basic" plan type
• Choose "Regular" CPU option
• Pick the $12/month tier (2 GB RAM, 1 CPU, 50 GB SSD)
• The $6/month option will cause memory issues under load

Datacenter Region:

• Select the region closest to your primary users
• For US-based firms: New York 1 or San Francisco 3
• For international: London, Frankfurt, or Singapore

Authentication:

• Select "SSH keys" (not password)
• Click "New SSH Key" if you haven't added yours yet
• Paste your public key content (found in ~/.ssh/id_rsa.pub on your local machine)
• Name it something identifiable like "MacBook-Pro-2024"

Additional Options:

• Enable "IPv6"
• Enable "Monitoring" (free)
• Skip "Droplet Backups" for now (adds 20% to cost)

Hostname:

• Set a clear hostname like "n8n-production" or "automation-server"

4. Click "Create Droplet" and wait 60 seconds for provisioning

5. Copy the IP address shown in your Droplets list (format: 164.90.xxx.xxx)

Before connecting, set up DNS so you can access n8n via a proper domain.

1. Log into your domain registrar (Namecheap, GoDaddy, Cloudflare, etc.)
2. Navigate to DNS settings for your domain
3. Create an A record:

   • Host: automation (or whatever subdomain you want)
   • Value: Your droplet IP address
   • TTL: 300 (5 minutes)
4. Save the record

DNS propagation takes 5-30 minutes. Continue with the next steps while you wait.

1. Open your terminal and connect to the server:

ssh root@YOUR_DROPLET_IP

Replace YOUR_DROPLET_IP with the actual IP address from Step 1.

2. You'll see a message asking to verify the host fingerprint. Type yes and press Enter.

3. Update the system packages:

apt update && apt upgrade -y

This takes 2-3 minutes. Let it complete fully.

4. Create a non-root user for running n8n:

adduser n8nuser

Set a strong password when prompted. Press Enter through the other fields (Full Name, etc.).

5. Add the new user to the sudo group:

usermod -aG sudo n8nuser

6. Copy SSH access to the new user:

rsync --archive --chown=n8nuser:n8nuser ~/.ssh /home/n8nuser

7. Switch to the new user:

su - n8nuser

You're now operating as n8nuser instead of root. This is safer for day-to-day operations.

n8n requires Node.js 18.x or higher. Ubuntu's default repositories have outdated versions, so we'll use NodeSource.

1. Install Node.js 20.x (current LTS):

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs

2. Verify the installation:

node --version
npm --version

You should see v20.x.x for Node and 10.x.x for npm.

3. Install build tools needed for some n8n dependencies:

sudo apt install -y build-essential python3

1. Install n8n as a global npm package:

sudo npm install -g n8n

This takes 3-5 minutes and installs n8n system-wide.

2. Verify n8n is installed:

n8n --version

You should see the current version number (1.x.x or higher).

n8n uses environment variables for configuration. We'll create a dedicated config file.

1. Create a directory for n8n data:

mkdir -p ~/.n8n

2. Create an environment file:

nano ~/.n8n/n8n.env

3. Paste this configuration (replace placeholders with your actual values):

# Basic Configuration
N8N_HOST=0.0.0.0
N8N_PORT=5678
N8N_PROTOCOL=https
WEBHOOK_URL=https://automation.yourdomain.com/

# Security
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=YourSecurePassword123!

# Database (SQLite for single-server setups)
DB_TYPE=sqlite
DB_SQLITE_DATABASE=/home/n8nuser/.n8n/database.sqlite

# Timezone
GENERIC_TIMEZONE=America/New_York

# Execution
EXECUTIONS_DATA_SAVE_ON_ERROR=all
EXECUTIONS_DATA_SAVE_ON_SUCCESS=all
EXECUTIONS_DATA_SAVE_MANUAL_EXECUTIONS=true

Replace automation.yourdomain.com with your actual domain from Step 2.

4. Save the file (Ctrl+X, then Y, then Enter)

Running n8n directly in the terminal means it stops when you disconnect. We'll use systemd to keep it running permanently.

1. Create a systemd service file:

sudo nano /etc/systemd/system/n8n.service

2. Paste this configuration:

[Unit]
Description=n8n workflow automation
After=network.target

[Service]
Type=simple
User=n8nuser
EnvironmentFile=/home/n8nuser/.n8n/n8n.env
ExecStart=/usr/bin/n8n start
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

3. Save the file (Ctrl+X, then Y, then Enter)

4. Reload systemd and start n8n:

sudo systemctl daemon-reload
sudo systemctl enable n8n
sudo systemctl start n8n

5. Check that n8n is running:

sudo systemctl status n8n

You should see "active (running)" in green. Press Q to exit the status view.

NGINX sits in front of n8n to handle SSL certificates and provide better performance.

1. Install NGINX:

sudo apt install -y nginx

2. Remove the default NGINX configuration:

sudo rm /etc/nginx/sites-enabled/default

3. Create a new configuration file for n8n:

sudo nano /etc/nginx/sites-available/n8n

4. Paste this configuration (replace automation.yourdomain.com with your domain):

server {
    listen 80;
    server_name automation.yourdomain.com;

    location / {
        proxy_pass http://localhost:5678;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        
        # Increase timeouts for long-running workflows
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
    }
}

5. Save the file (Ctrl+X, then Y, then Enter)

6. Enable the configuration:

sudo ln -s /etc/nginx/sites-available/n8n /etc/nginx/sites-enabled/

7. Test the NGINX configuration:

sudo nginx -t

You should see "syntax is ok" and "test is successful".

8. Restart NGINX:

sudo systemctl restart nginx

Let's Encrypt provides free SSL certificates. Certbot automates the entire process.

1. Install Certbot and the NGINX plugin:

sudo apt install -y certbot python3-certbot-nginx

2. Run Certbot to obtain and install the certificate:

sudo certbot --nginx -d automation.yourdomain.com

3. When prompted:

   • Enter your email address (for renewal notifications)
   • Type Y to agree to terms of service
   • Type N to decline marketing emails (optional)
   • Certbot will automatically modify your NGINX config and restart the service
4. Verify SSL is working by visiting https://automation.yourdomain.com in your browser

You should see the n8n login screen with a valid SSL certificate (padlock icon in the address bar).

5. Set up automatic certificate renewal:

sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer

Certbot will now automatically renew your certificate before it expires.

Lock down your server to only allow necessary traffic.

1. Install UFW (Uncomplicated Firewall):

sudo apt install -y ufw

2. Set default policies:

sudo ufw default deny incoming
sudo ufw default allow outgoing

3. Allow SSH, HTTP, and HTTPS:

sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

4. Enable the firewall:

sudo ufw enable

Type y when prompted.

5. Verify firewall status:

sudo ufw status

You should see rules for ports 22, 80, and 443.

1. Open your browser and navigate to https://automation.yourdomain.com

2. Log in with the credentials you set in Step 6:

   • Username: admin
   • Password: YourSecurePassword123!
3. Complete the initial setup wizard:

   • Set your owner account email and password (different from basic auth)
   • Choose whether to allow telemetry (your choice)
   • Skip the "Connect to n8n cloud" option
4. Create your first workflow to test the installation:

   • Click "Add workflow"
   • Add a "Schedule Trigger" node (runs on a schedule)
   • Add an "HTTP Request" node
   • Configure it to GET https://api.github.com/zen
   • Connect the nodes and click "Execute Workflow"

If you see a random Zen quote in the output, your n8n instance is fully operational.

View n8n logs:

sudo journalctl -u n8n -f

Restart n8n:

sudo systemctl restart n8n

Update n8n to the latest version:

sudo npm update -g n8n
sudo systemctl restart n8n

Check disk space:

df -h

Backup your n8n database:

cp ~/.n8n/database.sqlite ~/n8n-backup-$(date +%Y%m%d).sqlite

Run that backup command weekly and download the file to your local machine via SFTP.

n8n won't start: Check the logs with sudo journalctl -u n8n -n 50 to see error messages.

Can't access via domain: Verify DNS propagation with dig automation.yourdomain.com. If it doesn't show your server IP, DNS hasn't propagated yet.

SSL certificate fails: Make sure your domain's A record points to the correct IP and that ports 80 and 443 are open in your firewall.

Workflows time out: Increase the timeout values in the NGINX configuration (Step 8) and restart NGINX.

Your n8n instance is now production-ready. Set up your first real workflow, configure webhook endpoints for external services, and start automating your firm's repetitive tasks.