How to install N8N

AI agents in 2025 remain one of the most promising approaches for solving complex tasks using large language models. These agents are autonomous and capable of selecting various tools on their own to accomplish assigned tasks. This approach enables achieving results with less human involvement and higher quality. It also opens up opportunities for discovering more original and effective ways of dealing with problems.

Instead of just formulating a task, you instruct the neural network to solve it independently, based on the resources allocated to it. However, for this scheme to work, there needs to be a mechanism that connects neural network interfaces with various tools, whether its web search or a vector database for storing intermediate results.

n8n is an automation platform that supports integration with various neural networks and public services. Users can visually design how data will be processed and what final result needs to be achieved. Unlike classic no-code solutions, n8n allows arbitrary code to be included at any stage of the process, which is especially useful when built-in functionality is not sufficient.

The result is a system that combines the simplicity of no-code with the flexibility of traditional programming. However, to fully understand it, you'll still need to spend some time exploring and reviewing workflow examples for better comprehension. In this article, we’ll walk you through how to deploy n8n on LeaderGPU servers.

Preparing the server

Update the system

Update the package list and upgrade all installed packages:

sudo apt update && sudo apt -y upgrade

Automatically install the recommended NVIDIA® driver (proprietary) or use our step-by-step guide Install NVIDIA® drivers in Linux:

sudo ubuntu-drivers autoinstall

Now reboot the server:

sudo shutdown -r now

Install Docker

You can use the official installation script:

curl -sSL https://get.docker.com/ | sh

Let’s add NVIDIA® container toolkit GPG key and repository for Docker integration:

curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list

Update the package list and install the NVIDIA® container toolkit:

sudo apt update && sudo apt -y install nvidia-container-toolkit

Restart Docker to apply changes and enable installed toolkit:

sudo systemctl restart docker

Install n8n

To allow the system to store data, you need to create a volume before launching the container:

sudo docker volume create n8n_data

Now, let’s launch a container that will open port 5678 for external connections and mount the created n8n_data volume to the directory /home/node/.n8n inside the container:

sudo docker run -d --name n8n -p 5678:5678 -v n8n_data:/home/node/.n8n docker.n8n.io/n8nio/n8n

The first time you launch the application, you might be puzzled by the following error message:

This isn’t exactly an error, it’s more of a warning about how to properly configure the system for access. The issue is that by default, the system doesn’t have a TLS/HTTPS certificate. Without it, the connection won’t be secure. So, you have three options:

1. Connect your own certificate. You can do this by specifying the paths to the certificate files via environment variables, or by configuring a reverse proxy server.
2. Create an SSH tunnel and forward port 5678 to localhost on the computer you’re connecting from. This way, you’ll immediately get a secure personal connection. However, no one else will be able to access the server externally.
3. Bypass the warning. If this is a test server not intended for production use and you don’t care about security, you can disable the warning by setting the N8N_SECURE_COOKIE environment variable to FALSE. This is strongly discouraged as it makes the server vulnerable to potential attacks. Still, it might be acceptable in specific scenarios.

This article will explore each option in detail so you can choose the right one.

Connecting to server

If you don’t yet have an SSL certificate, we recommend ordering one from LeaderSSL. It can be used for any website, online store, or to verify an email’s authenticity.

Using Environment Variables

The simplest way to configure HTTPS is to upload your certificate to the server and specify it via Docker environment variables. Start by creating a directory for the certificate files:

mkdir ~/n8n-certs

You can upload these files (typically cert.crt and privkey.key) to this directory using any method. For more detailed info, see:

• File exchange from Windows
• File exchange from Linux
• File exchange from macOS

Now, let’s launch the container using one full command:

sudo docker run -d \
--name n8n \
-p 5678:5678 \
-v n8n_data:/home/node/.n8n \
-v ~/n8n-certs:/certs \
-e N8N_PROTOCOL=https \
-e N8N_SSL_CERT="/certs/cert.crt" \
-e N8N_SSL_KEY="/certs/privkey.key" \
docker.n8n.io/n8nio/n8n

Here’s a breakdown of each argument:

• sudo docker run -d launches the Docker container in daemon (background) mode
• --name n8n assigns the container the name n8n
• -p 5678:5678 forwards port 5678 to the container
• -v n8n_data:/home/node/.n8n creates and mounts a volume named n8n_data to the hidden directory /home/node/.n8n inside the container
• -v ~/n8n-certs:/certs mounts the certificate directory
• -e N8N_PROTOCOL=https forces N8N to use the HTTPS protocol
• -e N8N_SSL_CERT="/certs/cert.crt" sets the path to the certificate file
• -e N8N_SSL_KEY="/certs/privkey.key" sets the path to the certificate key
• docker.n8n.io/n8nio/n8n container image source

Traefik

A slightly more complex but flexible setup involves using the Traefik reverse proxy server to secure the connection to N8N. The configuration file is based on the official method specified in the documentation. First, install docker-compose tool:

sudo apt -y install docker-compose

We’ll deploy Traefik and N8N together, and they need to be on the same network. Create a network called the web.

sudo docker network create web

Now, create a docker-compose.yml file to define and run both containers:

nano docker-compose.yml

services:
  traefik:
    image: "traefik"
    container_name: "proxy"
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - web

  n8n:
    image: docker.n8n.io/n8nio/n8n
    container_name: "n8n"
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files
    networks:
      - web

volumes:
  n8n_data:
  traefik_data:

networks:
  web:
    name: web

In addition to the docker-compose.yml file, we will create another file named .env. This file will contain variables such as the domain name and email address used to request an SSL certificate from Let's Encrypt. If we ever need to change something, like the domain name, we'll only need to update it in this file and then recreate the container.

nano .env

DOMAIN_NAME=example.com
SUBDOMAIN=n8n
GENERIC_TIMEZONE=Europe/Amsterdam
SSL_EMAIL=user@example.com

Finally, deploy both containers:

sudo docker-compose up -d

Now, N8N is available here: https://n8n.example.com.

Nginx Proxy Manager

Unlike Traefik, which is configured via files, Nginx Proxy Manager offers a user-friendly web-interface. However, it doesn’t detect services dynamically, you must add them manually. Still, it works well for static services like N8N.

Create another docker-compose.yml file in a separate directory with the following content:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: proxy
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - web

  n8n:
    image: docker.n8n.io/n8nio/n8n
    container_name: n8n
    restart: unless-stopped
    environment:
      - N8N_HOST=n8n.example.com
      - N8N_PORT=5678
      - WEBHOOK_URL=https://n8n.example.com/
      - N8N_PROTOCOL=http
    volumes:
      - n8n_data:/home/node/.n8n
    networks:
      - web

volumes:
  n8n_data:

networks:
  web:
    external: true

Deploy with:

sudo docker-compose up -d

Then open web-interface at: http://your_hostname_or_ip:81

• Username: admin@example.com
• Password: changeme

You’ll be prompted to update your credentials. After that, open Hosts → Proxy Hosts → Add Proxy Host, enter your domain name (e.g., n8n.example.com):

Fill up the necessary fields:

• Set Destination/IP to n8n.
• Set Port to 5678.
• Under the SSL tab, choose Request a new SSL certificate with Let’s Encrypt.
• Enter your email and agree to the terms.
• Click on Websockets support.
• Optionally click on Force SSL.

After pressing Save button, the certificate will be requested and installed:

Once done, opening your domain will lead to the N8N interface.

SSH-tunnel

If you don’t need N8N accessibility externally, you can forward port 5678 via SSH. This encrypts all traffic, and N8N will be available at http://localhost:5678/.

Note: This setup won’t work for integrations with external services like messengers that require public HTTPS access.

The easiest way to forward the port is with the popular SSH client PuTTY. Once installed, open SSH → Tunnels and set Source port - 5678 and Destination - localhost:5678. Then click Add.

Go back to Session, enter your server’s IP, and click Open. Once authenticated, the tunnel is active. Open http://localhost:5678 in a browser to access N8N.

Note: The connection only works while the SSH session is active. Closing PuTTY will terminate the tunnel.

Bypass

This method is not recommended for use on public networks. If you launch the container with the N8N_SECURE_COOKIE=false environment variable, the warning will disappear, and you’ll get access via HTTP:

sudo docker run -d --name n8n -p 5678:5678 -e N8N_SECURE_COOKIE=false -v n8n_data:/home/node/.n8n docker.n8n.io/n8nio/n8n

Warning: this exposes the N8N admin panel via unencrypted HTTP, making it vulnerable to MITM (Man-In-The-Middle) attacks and potentially allows an attacker to fully take over your server.

See also:

• Open WebUI: All in one
• Low-code AI app builder Langflow
• How to monitor LangFlow application