Installation & Configuration

n8n can be installed in various ways. For enterprise use, we recommend Docker — reproducible, scalable, and easy to maintain.

Docker Setup

Quick Start with Docker

docker run -d \
  --name n8n \
  -p 5678:5678 \
  -v n8n_data:/home/node/.n8n \
  n8nio/n8n:latest

n8n is now accessible at http://localhost:5678. But this isn't enough for production.

Production Setup with Docker Compose

version: '3.8'
services:
  n8n:
    image: n8nio/n8n:latest
    restart: always
    ports:
      - "5678:5678"
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=admin
      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=${DB_PASSWORD}
      - N8N_ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - WEBHOOK_URL=https://n8n.your-domain.com/
    volumes:
      - n8n_data:/home/node/.n8n
    depends_on:
      - postgres

  postgres:
    image: postgres:16-alpine
    restart: always
    environment:
      - POSTGRES_DB=n8n
      - POSTGRES_USER=n8n
      - POSTGRES_PASSWORD=${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  n8n_data:
  postgres_data:

Important Environment Variables

Variable	Description	Recommendation
`N8N_ENCRYPTION_KEY`	Encryption for stored credentials	Required — generate and store securely
`DB_TYPE`	Database backend (`sqlite` or `postgresdb`)	PostgreSQL for production
`WEBHOOK_URL`	Public URL for incoming webhooks	Configure with HTTPS
`N8N_BASIC_AUTH_ACTIVE`	Basic auth for the web interface	Always enable
`EXECUTIONS_DATA_PRUNE`	Automatic cleanup of old executions	`true` — prevents database growth
`EXECUTIONS_DATA_MAX_AGE`	Maximum age of execution data (hours)	`168` (7 days)

Database Backend

SQLite (Default)

Suitable for development and small teams
No additional infrastructure needed
Not recommended for production with multiple users or high volume

PostgreSQL (Recommended)

Scales with your organization
Supports concurrent access
Enables backups and replication
Required for queue mode (multiple workers)

Production Deployment with SSL

Use a reverse proxy like Nginx or Traefik for SSL termination:

server {
    listen 443 ssl;
    server_name n8n.your-domain.com;

    ssl_certificate /etc/letsencrypt/live/n8n.your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/n8n.your-domain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:5678;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Practical tip: Generate the N8N_ENCRYPTION_KEY with openssl rand -hex 32 and store it securely. Without this key, stored credentials cannot be decrypted — losing it means re-entering all credentials.