Step 1
Create a private environment file
Generate unique secrets, restrict the file, and never commit it.
install -d -m 700 /opt/n8n
cd /opt/n8n
umask 077
openssl rand -hex 32Step 2
Define PostgreSQL and n8n
Use persistent named volumes, a private Compose network, health checks, and current pinned image versions. Expose n8n only through the reverse proxy.
Step 3
Set the public URL
Configure N8N_HOST, N8N_PROTOCOL=https, WEBHOOK_URL, and N8N_EDITOR_BASE_URL for the final hostname before creating production webhooks.
Step 4
Start and verify
Start the stack, inspect health and logs, then create the first owner through HTTPS.
docker compose up -d
docker compose ps
docker compose logs --tail=100 n8nStep 5
Back up a restore set
Back up PostgreSQL, the n8n data volume, Compose file, and encryption key off-host. Perform a restore drill before relying on the automation service.
