Self-Hosting SSL-Enabled N8N on Google Cloud Platform

This guide provides step-by-step instructions to self-host N8N, a free and open-source workflow automation tool, on a Linux server using Docker Compose, SSL with a custom domain name and comprehensive backup and maintenance procedures.

Why Self-Host N8N for Your Business?

#

Self-hosting N8N offers significant advantages for growing businesses that need robust workflow automation:

Cost savings at scale: While N8N Pro starts at $20/month, it’s severely limited to only 5 active workflows. Most businesses quickly outgrow this limitation and need dozens or hundreds of workflows. Enterprise plans can cost thousands per month. Self-hosting eliminates these per-workflow costs entirely.

Complete control: Own your automation infrastructure without vendor lock-in. Customize integrations, maintain data sovereignty and ensure business continuity regardless of external service changes.

Unlimited scalability: Run as many workflows as your infrastructure can handle. No artificial limits on executions, data retention, or connected services.

Security & compliance: Keep sensitive business data within your own infrastructure, meeting strict compliance requirements for industries like healthcare, finance and government.

Based on:

• N8N Official Documentation
• Video tutorial: https://youtu.be/UHHkehy3SQk?si=kHdhsCRm73ukLbg5

Step 0: Create GCP Instance

#

Create a new GCP instance with the following specifications:

• Region: us-east1 (free tier available)
• Machine type: e2-micro
• Firewall rules:
  • HTTP traffic - On
  • HTTPS traffic - On
  • Allow Load Balancer Health checks - On
• Storage:
  • 30GB (free tier limit)
  • Type: Standard persistent disk
• Operating system: Ubuntu 20.04 LTS

Step 1: Install Docker

#

1. Update the package index:

   sudo apt update
   

2. Install Docker:

   sudo apt install docker.io
   

3. Install ca-certificates:

   sudo apt-get install ca-certificates curl gnupg lsb-release
   

4. Create directory:

   sudo mkdir -p /etc/apt/keyrings
   

5. Update the package index:

   sudo apt-get update
   

6. Start Docker:

   sudo systemctl start docker
   

7. Enable Docker to start at boot:

   sudo systemctl enable docker
   

8. Install Docker Compose:

   sudo curl -SL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
   

9. Make the docker-compose command executable:

   sudo chmod +x /usr/local/bin/docker-compose
   

10. Verify Docker Compose installation:

    sudo docker-compose --version
    

Step 2: Install N8N

#

1. Create a docker-compose.yaml file for N8N:

   sudo nano docker-compose.yaml
   

2. Add the following content to the file:

   Note: The version attribute is obsolete and will be ignored, you can remove it to avoid potential confusion.

   Keep DB small: in order to keep sqldb DB small there are EXECUTIONS_DATA_* and DB_SQLITE_VACUUM_ON_STARTUP set in the yaml file below.

   version: "3.8"
   
   services:
     traefik:
       image: "traefik"
       restart: always
       command:
         - "--api=true"
         - "--api.insecure=true"
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
         - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
         - "--entrypoints.websecure.address=:443"
         - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
         - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
         - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
       ports:
         - "80:80"
         - "443:443"
       volumes:
         - traefik_data:/letsencrypt
         - /var/run/docker.sock:/var/run/docker.sock:ro
   
     n8n:
       image: docker.n8n.io/n8nio/n8n
       restart: always
       ports:
         - "127.0.0.1:5678:5678"
       labels:
         - traefik.enable=true
         - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
         - traefik.http.routers.n8n.tls=true
         - traefik.http.routers.n8n.entrypoints=web,websecure
         - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
         - traefik.http.middlewares.n8n.headers.SSLRedirect=true
         - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
         - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
         - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
         - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
         - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
         - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
         - traefik.http.middlewares.n8n.headers.STSPreload=true
         - traefik.http.routers.n8n.middlewares=n8n@docker
       environment:
         - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
         - N8N_PORT=5678
         - N8N_PROTOCOL=https
         - NODE_ENV=production
         - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
         - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
         - EXECUTIONS_DATA_PRUNE=true
         - EXECUTIONS_DATA_MAX_AGE=168
         - EXECUTIONS_DATA_PRUNE_MAX_COUNT=50000
         - DB_SQLITE_VACUUM_ON_STARTUP=true
       volumes:
         - n8n_data:/home/node/.n8n
   
   volumes:
     traefik_data:
       external: true
     n8n_data:
       external: true
   

3. Create a .env file for N8N:

   sudo nano .env
   

4. Add the following content to the file:

   # The top level domain to serve from
   DOMAIN_NAME=yourdomain.com
   
   # The subdomain to serve from
   SUBDOMAIN=n8n
   
   # DOMAIN_NAME and SUBDOMAIN combined decide where n8n will be reachable from
   # above example would result in: https://n8n.yourdomain.com
   
   # Optional timezone to set which gets used by Cron-Node by default
   # If not set New York time will be used
   GENERIC_TIMEZONE=Europe/Berlin
   
   # The email address to use for the SSL certificate creation
   SSL_EMAIL=your-email@yourdomain.com
   

5. Create volumes for Traefik and N8N:

   sudo docker volume create traefik_data
   sudo docker volume create n8n_data
   

6. Setup DNS A record:

   • Add an A record to your DNS provider:
     • Name: n8n
     • Type: A
     • Value: your-server-ip-address
     • TTL: 60

7. Start the containers:

   sudo docker-compose up
   

Connecting to Your GCP Instance

#

To connect to your GCP VM instance where N8N is running, use the following command:

gcloud compute ssh USERNAME@INSTANCE_NAME --zone ZONE --project PROJECT_ID

Example:

gcloud compute ssh your_username@n8n-instance --zone us-east1-d --project your-project-id

Once connected, you can manage your N8N deployment.

Updating N8N - Quick Method

#

As we run N8N using a Docker Compose file, follow these steps to update N8N:

1. Pull latest version (if error first execute down and pull next):

   sudo docker-compose pull
   

2. Stop and remove older version:

   sudo docker-compose down
   

3. Start the container:

   sudo docker-compose up -d
   

Comprehensive N8N Backup and Update Procedure

#

Before updating N8N, it’s a good practice to backup your current configuration and download important files. Follow these steps:

1. Backup your N8N data

#

sudo docker run --rm -v n8n_data:/source -v $(pwd):/backup alpine tar -czf /backup/n8n_data_backup.tar.gz -C /source .

2. Download backup and configuration files

#

Download the backup and .env file to your local machine (replace placeholders with your actual values):

# Download N8N data backup
gcloud compute scp USERNAME@INSTANCE_NAME:/home/USERNAME/n8n_data_backup.tar.gz ~/local/backup/directory/ --zone ZONE --project PROJECT_ID

# Download environment configuration
gcloud compute scp USERNAME@INSTANCE_NAME:/home/USERNAME/.env ~/local/backup/directory/ --zone ZONE --project PROJECT_ID

Example:

gcloud compute scp john_doe@n8n-server:/home/john_doe/n8n_data_backup.tar.gz ~/Code/n8n-workflows/ --zone us-east1-d --project my-n8n-project
gcloud compute scp john_doe@n8n-server:/home/john_doe/.env ~/Code/n8n-workflows/ --zone us-east1-d --project my-n8n-project

3. Update N8N

#

After backing up, follow these steps to update N8N:

docker-compose pull
docker-compose down
docker-compose up -d

4. Git workflow for configuration management

#

To ensure your changes are tracked and versioned, use the following Git commands:

# Stage all changes
git add .

# Commit changes with descriptive message
git commit -m "Backup N8N configuration and update to latest version"

# Push to remote repository
git push origin main

5. Check for differences and status

#

To check for differences between your local files and the remote repository:

Check current status:

git status

This command shows:

• Modified files not yet staged for commit
• Files staged for commit but not committed
• Untracked files

View changes in detail:

git diff

Shows line-by-line changes in files that have not been staged.

View staged changes:

git diff --staged

Shows changes that have been staged but not committed.

Compare with remote:

git fetch
git diff origin/main

Shows differences between your local branch and the remote branch.

6. View commit history

#

To see the commit history:

git log --oneline --graph --decorate --all

7. Commit and push workflow

#

Complete workflow for managing changes:

# Stage all changes
git add .

# Stage specific files only
git add <filename>

# Commit changes with a message
git commit -m "Your descriptive commit message"

# Push changes to remote repository
git push origin main

# Alternative: Stage and commit tracked files in one command
git commit -am "Your descriptive commit message"

These commands will:

• Stage your changes (prepare them for commit)
• Create a commit with your changes and a descriptive message
• Push your commits to the remote repository

Advanced Git Commands for Repository Management

#

Compare and sync operations

#

Check current status:

git status

View changes in detail:

git diff

View staged changes:

git diff --staged

Compare with remote:

git fetch
git diff origin/main

View commit history:

git log --oneline --graph --decorate --all

Complete change management workflow

#

# Check what's changed
git status
git diff

# Stage changes
git add .  # or git add <specific-file>

# Commit with descriptive message
git commit -m "Update N8N configuration - $(date +%Y-%m-%d)"

# Push to remote
git push origin main

Monitoring and Troubleshooting

#

Check service status

#

# View running containers
docker-compose ps

# Check logs for all services
docker-compose logs

# Check specific service logs
docker-compose logs n8n
docker-compose logs traefik

# Follow logs in real-time
docker-compose logs -f n8n

System monitoring

#

# Check disk usage
df -h

# Check Docker disk usage
docker system df

# Check memory usage
free -h

# Check running processes
top

Backup verification

#

# List available backups
ls -la *backup*.tar.gz

# Verify backup integrity
tar -tzf n8n_data_backup.tar.gz | head -10

Security Best Practices

#

1. Regular Backups: Automate daily backups of N8N data and configurations
2. Version Control: Track all configuration changes with Git
3. Update Management: Regular updates with proper backup procedures
4. Access Control: Secure your GCP instance with proper firewall rules
5. SSL Certificates: Monitor certificate renewal and validity
6. Monitoring: Set up alerting for service availability and performance

This comprehensive approach ensures your N8N deployment is maintainable, trackable and recoverable while providing systematic backup and update procedures.

Need Help Setting Up Your N8N Instance?

#

Setting up a production-ready N8N deployment with proper SSL, monitoring and backup procedures requires DevOps expertise. If you need professional assistance with:

• Complete N8N setup and configuration
• GCP infrastructure optimization
• SSL certificate automation
• Backup and disaster recovery planning
• Custom workflow development
• Performance monitoring and scaling