Secure n8n Setup: Docker Local, Cloudflare Tunnel Public Access

Unlock the power of automated workflows by learning how to set up n8n, a versatile open-source workflow automation tool. This comprehensive guide will walk you through the process of establishing n8n on your local machine, whether you use Mac, Windows, or Ubuntu. Furthermore, we will demonstrate how to make your n8n instance publicly accessible and secure using Docker and Cloudflare Tunnel, enabling remote access to your powerful automation hub.

Setting Up n8n Locally with Docker

To begin with, we will focus on getting n8n running on your local computer. Using Docker for your n8n setup offers numerous advantages, ensuring a clean, isolated, and highly reproducible environment.

Why Docker for n8n?

Docker is an excellent choice for n8n local setup because it packages n8n and all its dependencies into a neat, portable container. Consequently, you avoid conflicts with other software on your system. This isolation means n8n runs consistently, regardless of your operating system. Moreover, Docker makes updating or migrating your n8n instance remarkably straightforward, ensuring a smooth Docker n8n experience.

Prerequisites: Get Docker Ready

Before you can install n8n Docker, you must have Docker installed on your system. Here’s how to prepare:

• For Mac and Windows users: Download and install Docker Desktop from the official Docker website. This package includes Docker Engine, Docker CLI, Docker Compose, and Kubernetes. Follow the on-screen instructions for installation, and ensure Docker Desktop is running before proceeding.
• For Ubuntu users: You will typically install Docker Engine and Docker Compose separately. Open your terminal and run the following commands to install Docker:

  sudo apt update
sudo apt install apt-transport-https ca-certificates curl gnupg lsb-release -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io -y

  Next, install Docker Compose:

  sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Installing n8n with Docker Compose

With Docker ready, you can now set up n8n. First, create a new folder for your n8n project, for example, n8n-project. Navigate into this folder using your terminal. Inside, create a file named docker-compose.yml. Populate this file with the following content:

version: '3.8'

services:
  n8n:
    image: n8n.io/n8n # Specifies the n8n Docker image
    restart: always # Ensures n8n restarts if it crashes or the server reboots
    ports:
      - "5678:5678" # Maps the container's port 5678 to your machine's port 5678
    environment:
      - N8N_HOST=${N8N_HOST:-localhost} # Sets the n8n host. Change this when going public.
      - N8N_PORT=5678 # Sets the port n8n listens on inside the container
      - N8N_PROTOCOL=http # Uses HTTP for internal communication
      - WEBHOOK_URL=${WEBHOOK_URL:-http://localhost:5678/} # Essential for webhooks to work correctly
      - N8N_BASIC_AUTH_ACTIVE=true # Activates basic authentication for added security
      - N8N_BASIC_AUTH_USER=your_username # Replace with your desired username
      - N8N_BASIC_AUTH_PASSWORD=your_password # Replace with a strong password
      - TZ=America/New_York # Set your timezone for accurate scheduling (e.g., Europe/Berlin)
    volumes:
      - ~/.n8n:/home/node/.n8n # Persists your n8n data (workflows, credentials) outside the container
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--timeout=3", "http://localhost:5678/"]
      interval: 30s
      timeout: 10s
      retries: 3

Explanation of the docker-compose.yml file:

• image: n8n.io/n8n: This line specifies that Docker should pull the official n8n image.
• restart: always: This crucial setting ensures n8n automatically restarts if the container stops or your machine reboots, maintaining continuous availability for your n8n workflow automation.
• ports: "5678:5678": This maps the internal port 5678 of the n8n container to port 5678 on your host machine, allowing you to access n8n.
• environment:: Here, you configure n8n’s behavior. We set essential variables like N8N_HOST, N8N_PORT, and crucially, WEBHOOK_URL. Remember to change your_username and your_password for the basic authentication for enhanced security.
• volumes: ~/.n8n:/home/node/.n8n: This line is vital for data persistence. It mounts a directory on your host machine (~/.n8n, which resolves to your home directory’s .n8n folder) to the container’s data directory. Consequently, all your workflows, credentials, and settings will be saved permanently, even if you remove or recreate the n8n container.

Starting Your n8n Instance

After creating the docker-compose.yml file, open your terminal, navigate to the folder where you saved the file, and run the following command:

docker-compose up -d

The -d flag runs the n8n container in “detached” mode, meaning it will run in the background. It will download the n8n image (if not already present) and then start the n8n service. This might take a few moments the first time.

Accessing n8n Locally

Once the command completes, your n8n instance should be up and running. To access it, open your web browser and navigate to: http://localhost:5678. You should see the n8n user interface. If you enabled basic authentication, you will be prompted for the username and password you set in the docker-compose.yml file. Congratulations, you have successfully set up n8n locally!

Making n8n Public with Cloudflare Tunnel

Now that your n8n instance is running locally, the next step is to make it accessible from anywhere in the world securely, without opening ports on your router. This is where Cloudflare Tunnel comes into play, offering a robust solution for secure n8n access.

Why Cloudflare Tunnel?

Cloudflare Tunnel, powered by cloudflared, provides a secure and efficient way to expose your locally running applications to the internet. Crucially, it creates an outbound-only connection from your local machine to Cloudflare’s network, eliminating the need for complex firewall rules or port forwarding. This method enhances security significantly, as no inbound ports are left open on your network. Furthermore, Cloudflare’s global network adds a layer of DDoS protection and performance optimization to your n8n public link.

Prerequisites: Cloudflare Account and Domain

To use Cloudflare Tunnel, you will need a Cloudflare account and a registered domain name. If you don’t have one, you can register a domain with any registrar and then add it to your Cloudflare account, ensuring its DNS is managed by Cloudflare. This is a fundamental step to expose local n8n securely.

Installing Cloudflare Tunnel (Cloudflared)

Cloudflare Tunnel uses a lightweight daemon called cloudflared. Install it on the machine where your n8n instance is running (the same machine you just used for Docker):

• For Mac users (Homebrew):

  brew install cloudflare/cloudflared/cloudflared

• For Windows users:

  Download the installer from the Cloudflare documentation or use Chocolatey:

  choco install cloudflared

• For Ubuntu users:

  curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb

After installation, you need to authenticate cloudflared with your Cloudflare account. Run this command:

cloudflared tunnel login

This command will open a browser window, prompting you to log in to your Cloudflare account and select the domain you wish to use. Once authorized, a certificate file (cert.pem) will be saved, allowing cloudflared to create tunnels.

Configuring Your Cloudflare Tunnel

Next, you will create a tunnel. Choose a name for your tunnel, for example, n8n-tunnel, and run:

cloudflared tunnel create n8n-tunnel

This command will output a Tunnel ID and create a YAML configuration file (e.g., ~/.cloudflared/n8n-tunnel.json on Linux/Mac, or in the same directory as cloudflared.exe on Windows). This file contains the credentials for your tunnel.

Now, create a new YAML configuration file for the tunnel in the same directory where your docker-compose.yml file resides. Name it config.yml (or any other name, just remember it). Replace your_tunnel_id with the ID you received:

tunnel: your_tunnel_id
credentials-file: /root/.cloudflared/your_tunnel_id.json # Adjust path based on your OS and where cloudflared saves credentials

ingress:
  - hostname: n8n.yourdomain.com # Replace with your chosen subdomain and domain
    service: http://localhost:5678 # Points to your local n8n instance
    originRequest:
      noTLSVerify: true # Use if n8n is not running with HTTPS locally
  - service: http_status:404 # Catches any other requests not matching the hostname

Important: Adjust the credentials-file path to where cloudflared tunnel login saved the credential file (e.g., ~/.cloudflared/<TUNNEL-ID>.json on Linux/Mac, or in the .cloudflared folder within your user profile on Windows, or even the current directory if you moved it). Also, replace n8n.yourdomain.com with the actual subdomain and domain you want to use for your n8n public link.

Finally, you need to tell Cloudflare DNS to point to your tunnel. Run the following command:

cloudflared tunnel route dns n8n-tunnel n8n.yourdomain.com

This command creates a CNAME record in your Cloudflare DNS that points n8n.yourdomain.com to your Cloudflare Tunnel, making your Cloudflare Tunnel n8n setup complete on the DNS side.

Running the Cloudflare Tunnel

With the tunnel configured, you can now start it. Navigate to the directory containing your config.yml file in your terminal and execute:

cloudflared tunnel run n8n-tunnel -f config.yml

This command will start the tunnel, connecting your local n8n instance to the Cloudflare network. You will see log messages indicating the tunnel is active and healthy. Keep this terminal window open, or consider running it as a service for production environments (beyond the scope of this guide).

Note: Update your WEBHOOK_URL in the docker-compose.yml file to your public Cloudflare Tunnel URL (e.g., https://n8n.yourdomain.com/) and restart your n8n container (`docker-compose down && docker-compose up -d`) to ensure webhooks function correctly with your public link.

Testing Your Public n8n Link

After successfully starting the Cloudflare Tunnel, open your web browser and navigate to the public URL you configured (e.g., https://n8n.yourdomain.com). You should now be able to access your n8n instance from anywhere with an internet connection. This securely exposed n8n on your local machine is ready for use!

In summary, setting up n8n on your local machine is straightforward with Docker, providing a robust and isolated environment. Furthermore, utilizing Cloudflare Tunnel allows you to securely expose your self-hosted n8n instance to the public internet without the complexities of network configuration. Consequently, you gain the flexibility of a powerful workflow automation tool accessible from anywhere, ensuring your automated tasks run smoothly and securely. Now, you can truly harness n8n’s potential.