π One-command installation script for n8n with Docker, Nginx, and SSL certificates.
- Overview
- Supported Operating Systems
- Prerequisites
- Installation Steps
- Usage
- What This Script Does
- Firewall Configuration
- DNS Configuration
- Troubleshooting
- Management Commands
- Security Notes
This script provides a complete automated installation of n8n (workflow automation tool) with:
- β Docker containerization
- β Nginx reverse proxy
- β SSL certificate (Let's Encrypt)
- β Automatic HTTPS redirect
- β Production-ready configuration
- Ubuntu 24.04 LTS (Recommended)
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Note: This script is specifically designed for Ubuntu and has been tested on fresh Ubuntu instances.
- Use a new, clean Ubuntu server for best results
- Minimum 1GB RAM, 1 CPU core
- At least 10GB storage space
- You must own a domain name (e.g.,
yourdomain.com) - Can be a root domain (
joey.com) or subdomain (hello.joey.com) - Domain must be pointed to your server's IP address
- Root access or user with sudo privileges
- Internet connection for downloading packages
- Ports 80 and 443 must be accessible from the internet
- Valid email address for SSL certificate registration
sudo suapt update && apt upgrade -yBefore running the script, ensure your domain points to your server:
For Root Domain (e.g., joey.com):
- Go to your domain registrar (GoDaddy, Cloudflare, etc.)
- Create an A record:
@βyour-server-ip - Wait for DNS propagation (5-60 minutes)
- Test DNS:
nslookup joey.com
For Subdomain (e.g., hello.joey.com):
- Go to your domain registrar (GoDaddy, Cloudflare, etc.)
- Create an A record:
helloβyour-server-ip - Wait for DNS propagation (5-60 minutes)
- Test DNS:
nslookup hello.joey.com
Ensure ports 80 and 443 are open:
# Enable firewall
ufw enable
# Allow HTTP and HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 22/tcp
# Check status
ufw status# Download the script
wget https://raw.githubusercontent.com/iam-joey/n8n-script/main/script.sh
# Make it executable
chmod +x script.sh
# Run the installation
./script.sh --domain="yourdomain.com" --email="your-email@gmail.com"./script.sh --domain="yourdomain.com" --email="your-email@gmail.com"./script.sh --helpRoot Domain:
./script.sh --domain="joey.com" --email="admin@joey.com"Subdomain:
./script.sh --domain="n8n.joey.com" --email="admin@joey.com"
./script.sh --domain="hello.joey.com" --email="admin@joey.com"
./script.sh --domain="automation.joey.com" --email="admin@joey.com"- β Checks root/sudo privileges
- β Installs Docker and Docker Compose
- β Installs Nginx web server
- β Installs Certbot for SSL certificates
- β Configures all services
- β Validates domain and email format
- β Checks for existing n8n containers
- β Verifies DNS configuration
- β Pulls and deploys n8n container
- β Configures n8n with your domain
- β Tests local accessibility
- β Configures Nginx reverse proxy
- β Generates SSL certificate
- β Enables HTTPS with auto-redirect
- β Tests public accessibility
- β Sets up automatic SSL renewal
ufw enable
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPSIf using AWS EC2, configure Security Groups:
- HTTP (80): Source
0.0.0.0/0 - HTTPS (443): Source
0.0.0.0/0 - SSH (22): Source
your-ip/32
# Allow HTTP traffic
gcloud compute firewall-rules create allow-http --allow tcp:80 --source-ranges 0.0.0.0/0
# Allow HTTPS traffic
gcloud compute firewall-rules create allow-https --allow tcp:443 --source-ranges 0.0.0.0/0Create an A record in your domain's DNS settings:
| Type | Name | Value | TTL |
|---|---|---|---|
| A | @ | your-server-ip | 300 |
| A | www | your-server-ip | 300 |
Create an A record for the subdomain:
| Type | Name | Value | TTL |
|---|---|---|---|
| A | hello | your-server-ip | 300 |
Alternative: CNAME Record for Subdomain
| Type | Name | Value | TTL |
|---|---|---|---|
| CNAME | hello | joey.com | 300 |
| Method | Pros | Cons | Best For |
|---|---|---|---|
| A Record | Direct IP pointing, faster resolution | Need to update if IP changes | Most common, reliable |
| CNAME Record | Follows main domain changes automatically | Extra DNS lookup step | When IP might change frequently |
n8n.yourdomain.com- Clear purpose identificationautomation.yourdomain.com- Descriptive namingworkflows.yourdomain.com- Business-focused namingapp.yourdomain.com- Generic application naming
For Root Domain:
# Check if domain resolves to your server
nslookup joey.com
dig joey.com
# Should return your server's IP addressFor Subdomain:
# Check if subdomain resolves to your server
nslookup hello.joey.com
dig hello.joey.com
# Should return your server's IP address (A record) or main domain (CNAME)Error: Timeout during connect (likely firewall problem)
Solution:
- Ensure ports 80/443 are open in firewall
- Check cloud provider security groups
- Verify DNS is properly configured
Error: permission denied while trying to connect to the Docker daemon
Solution:
# Add user to docker group
usermod -aG docker $USER
# Logout and login again, or run:
newgrp dockerError: Failed to resolve domain
Solution:
- Wait for DNS propagation (up to 60 minutes)
- Check DNS configuration at your registrar
- Use
nslookupto verify DNS resolution
Error: An n8n container already exists
Solution:
# Stop and remove existing container
docker stop n8n
docker rm n8n
# Run script again
./script.sh --domain="yourdomain.com" --email="your-email@gmail.com"# Check n8n status
docker ps --filter name=n8n
# View n8n logs
docker logs n8n
# Restart n8n
docker restart n8n
# Stop n8n
docker stop n8n
# Start n8n
docker start n8n# Check SSL certificate status
certbot certificates
# Renew SSL certificate manually
certbot renew
# Test SSL renewal
certbot renew --dry-run# Check nginx status
systemctl status nginx
# Restart nginx
systemctl restart nginx
# Test nginx configuration
nginx -t
# View nginx error logs
tail -f /var/log/nginx/error.log- β SSL certificates auto-renew every 90 days
- β HTTP traffic automatically redirects to HTTPS
- β Strong SSL configuration with modern ciphers
- β
N8N data stored in
~/.n8ndirectory - β Automatic backups recommended
- β Regular security updates advised
- β Only essential ports (22, 80, 443) should be open
- β SSH access should be restricted to your IP
- β Regular security audits recommended
If you encounter issues:
- Check the Troubleshooting section
- Review the script logs carefully
- Ensure all prerequisites are met
- Verify firewall and DNS configuration
This script is provided as-is for educational and production use. Please review and test in a development environment before production deployment.
π Happy Automating with N8N!