Back to Blog
Tutorial10 min read2026-07-02

How to Self-Host n8n Workflow Automation

n8n is a powerful open-source Zapier alternative. Learn how to self-host it in queue mode with PostgreSQL and Redis so your workflows survive restarts and scale under load.

Ajay Kumar
Ajay Kumar
Founder & DevOps, PandaStack

n8n is a fair-code workflow automation tool — think Zapier or Make, but self-hosted and far more flexible. You can run it as a single container for personal use, but a production deployment that handles real webhook traffic needs a proper database, persistent encryption keys, and ideally queue mode. This guide covers a robust setup.

Why not just run the single container?

The quickstart docker run n8nio/n8n uses SQLite and stores everything in a local volume. That's fine on your laptop. In a stateless cloud container it breaks two ways: the SQLite database disappears on redeploy, and — more dangerously — the encryption key regenerates, which makes all your saved credentials undecryptable. The two non-negotiables for production are an external database and a fixed encryption key.

Step 1: External database and the encryption key

n8n supports PostgreSQL as an external store. Set these environment variables:

DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=<host>
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=<user>
DB_POSTGRESDB_PASSWORD=<password>

# THE most important variable — pin it once and never change it
N8N_ENCRYPTION_KEY=<a long random string>

Generate the key with openssl rand -hex 32. Store it in your platform's secret manager. If you lose or change it, every stored credential becomes garbage.

Step 2: Core runtime configuration

N8N_HOST=automation.yourdomain.com
N8N_PORT=5678
N8N_PROTOCOL=https
WEBHOOK_URL=https://automation.yourdomain.com/
GENERIC_TIMEZONE=Europe/Berlin

WEBHOOK_URL matters: n8n generates webhook URLs from it. If it's wrong, external services can't call your workflows.

Step 3: Deploy the main instance

n8n publishes an official Docker image, so this is a clean container deploy. On PandaStack:

  1. 1Provision a managed PostgreSQL database.
  2. 2Create a container app using docker.n8n.io/n8nio/n8n as the image.
  3. 3Link the database and set the DB_POSTGRESDB_* variables (or map the injected connection details).
  4. 4Add N8N_ENCRYPTION_KEY and the runtime config.
  5. 5Expose port 5678 (bind to the platform-injected port).

With automatic SSL and a custom domain, your n8n editor is reachable over HTTPS immediately.

Step 4: Enable queue mode (for scale)

In the default (regular) mode, the single n8n process executes workflows inline. Under heavy webhook load or with long-running workflows, that becomes a bottleneck. Queue mode uses Redis to distribute executions across separate worker processes.

The topology:

RoleWhat it does
Main instanceServes the editor UI, receives webhooks, enqueues jobs
Worker(s)Pull jobs from Redis and execute workflows
RedisThe job queue (Bull)
PostgreSQLShared execution + workflow data

Enable it with:

EXECUTIONS_MODE=queue
QUEUE_BULL_REDIS_HOST=<redis-host>
QUEUE_BULL_REDIS_PORT=6379

Then deploy a second container app from the same image with the start command n8n worker. Give it the same database, Redis, and encryption key. Add more worker replicas as load grows — that's the payoff of queue mode.

Step 5: Persisting binary data

Workflows that handle files (PDFs, images) can store binary data. By default it uses the filesystem, which doesn't persist across container restarts. For production, configure S3-compatible storage:

N8N_DEFAULT_BINARY_DATA_MODE=s3
N8N_EXTERNAL_STORAGE_S3_HOST=<s3-endpoint>
N8N_EXTERNAL_STORAGE_S3_BUCKET_NAME=n8n
N8N_EXTERNAL_STORAGE_S3_ACCESS_KEY=<key>
N8N_EXTERNAL_STORAGE_S3_ACCESS_SECRET=<secret>

A self-hosted MinIO instance works here.

Security hardening

  • Enable user management / SSO so the editor isn't open to the world. n8n supports owner accounts and, in enterprise, SSO.
  • Restrict the webhook surface — only expose the paths you need.
  • Keep n8n updated; it moves fast and security fixes land regularly.
  • Set N8N_SECURE_COOKIE=true behind HTTPS.

Honest caveats

n8n is fair-code, not pure open source — there are licensing terms around offering it as a hosted commercial service. For internal/team use, self-hosting is fully supported and free. Read the license before building a SaaS on top of it. Also, queue mode adds operational complexity; only adopt it when single-process mode actually becomes your bottleneck.

Wrapping up

A durable n8n deployment comes down to three things: external PostgreSQL, a pinned N8N_ENCRYPTION_KEY, and — once you outgrow a single process — queue mode backed by Redis. Get those right and n8n becomes a rock-solid automation backbone.

PandaStack gives you managed PostgreSQL and Redis plus first-class Docker image support, so wiring up main + worker + queue is straightforward. The free tier is enough to run a personal n8n instance — start at https://dashboard.pandastack.io.

References

  • n8n self-hosting docs: https://docs.n8n.io/hosting/
  • n8n environment variables: https://docs.n8n.io/hosting/configuration/environment-variables/
  • n8n queue mode (scaling): https://docs.n8n.io/hosting/scaling/queue-mode/
  • n8n external storage (S3): https://docs.n8n.io/hosting/scaling/external-secrets/
  • n8n Sustainable Use License: https://docs.n8n.io/sustainable-use-license/

Ready to deploy?

Start free on PandaStack.

Start free on PandaStack

More in Tutorial

Browse all Tutorial articles →