Some people love the simplicity of Caddy, but for many production environments Nginx is still the workhorse of reverse proxies. It’s fast, reliable, and has decades of real-world use cases. If you’re planning to run n8n in production and you want full control of your HTTPS and proxy settings, Nginx with Let’s Encrypt is a tried-and-true combination.
This guide shows how to configure Nginx as a reverse proxy for n8n, enable HTTPS with Let’s Encrypt, and tune a few settings so webhook traffic and large payloads don’t break in production.
Prerequisites
- A VPS with Ubuntu 24.04 (2 vCPU / 4GB RAM recommended).
- n8n running in Docker (see how to install n8n on Ubuntu 24.04 with Docker and Caddy for a base install).
- A domain name pointed at your VPS IP.
- Root or sudo access via SSH.
Step 1: Install Nginx and Certbot
sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx
Check if Nginx is running:
systemctl status nginx
You should see it active. If another process is already using port 80 or 443, stop it before continuing.
Step 2: Configure Nginx as a reverse proxy
Create a new Nginx site config at /etc/nginx/sites-available/n8n:
server {
listen 80;
server_name automation.example.com;
location / {
proxy_pass http://localhost:5678/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
client_max_body_size 50M;
}
}
Enable it:
sudo ln -s /etc/nginx/sites-available/n8n /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
At this point Nginx will forward traffic to your n8n container on port 5678.
Step 3: Issue a Let’s Encrypt certificate
Run:
sudo certbot --nginx -d automation.example.com
Certbot will automatically configure SSL in your Nginx site file. Test HTTPS in your browser at https://automation.example.com.
Certificates renew automatically via certbot.timer. You can check with:
systemctl list-timers | grep certbot
Step 4: Update n8n environment variables
In your docker-compose.yml or .env file, set:
N8N_HOST=automation.example.com
N8N_PORT=5678
N8N_PROTOCOL=https
WEBHOOK_URL=https://automation.example.com/
N8N_PROXY_HOPS=1
Restart the container:
docker compose down && docker compose up -d
The N8N_PROXY_HOPS setting makes n8n trust the proxy headers from Nginx. Without it, webhook URLs often break behind reverse proxies.
Step 5: Tune proxy and client limits
For production workloads, tweak the following:
- Timeouts: Increase
proxy_read_timeoutandproxy_send_timeoutto handle long-running workflows. - Payload size: Set
client_max_body_sizeto at least 50M if you deal with large JSON or file uploads. - Websockets: Keep the
UpgradeandConnectionheaders in place so the n8n editor runs smoothly.
These small adjustments prevent common issues where webhooks fail or workflows stop mid-execution.
Step 6: Secure and monitor
Lock down your VPS firewall to allow only SSH, HTTP, and HTTPS:
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
Monitor the health of your n8n instance and webhooks with tools like Uptime Kuma or go deeper with Prometheus and Grafana.
Don’t forget to back up your Postgres database and test restores regularly. See the backups and disaster recovery guide for practical steps.
FAQ
Do I need Nginx if I already use Docker?
Not always. You can expose n8n directly or use a Caddy container. Nginx is a good choice if you want fine-grained control or already run other web apps on the same server.
Can I run multiple apps behind the same Nginx?
Yes, Nginx is designed for this. You can configure multiple server blocks for different domains or paths.
How does Nginx compare to Caddy?
Caddy automates SSL and is easier for beginners. Nginx gives you more flexibility and is widely adopted in production environments.
What happens if Let’s Encrypt fails to renew?
Certbot tries automatically. If renewal fails, you’ll get email notifications from Let’s Encrypt. Always test with:
sudo certbot renew --dry-run
Running n8n behind Nginx with Let’s Encrypt gives you a production-grade setup with maximum control. It takes a bit more work than Caddy but pays off if you’re hosting multiple apps or need advanced proxy features.