Post

Self-Hosted n8n with Docker and Cloudflare Tunnel: A Secure Workflow Automation Solution

Posted Updated
4 min read
Self-Hosted n8n with Docker and Cloudflare Tunnel: A Secure Workflow Automation Solution

Workflow automation has become essential for modern development and operations teams. n8n, a powerful open-source workflow automation tool, provides an excellent alternative to commercial solutions like Zapier. In this tutorial, we’ll walk through setting up n8n using Docker Compose and securing it with Cloudflare Tunnel for external access.

Why n8n?

n8n stands out in the workflow automation space for several reasons:

  • Open Source: Full control over your automation workflows
  • Self-Hosted: Keep sensitive data within your infrastructure
  • Visual Workflow Builder: Intuitive drag-and-drop interface
  • Extensive Integrations: Hundreds of pre-built nodes for popular services
  • Custom Code Support: JavaScript and Python execution for complex logic

Prerequisites

Before we begin, ensure you have:

  • Docker and Docker Compose installed on the target system (I’m using a Raspberry Pi 4)
  • A Cloudflare account with a domain configured
  • Basic understanding of Docker containers

Setting Up Cloudflare Tunnel

First, we need to create a Cloudflare Tunnel to securely expose our n8n instance.

Creating the Tunnel

  1. Log into your Cloudflare dashboard
  2. Navigate to Zero Trust > Access > Tunnels
  3. Click Create a tunnel
  4. Choose Cloudflared as the connector type
  5. Name your tunnel (e.g., “n8n-automation”)
  6. Copy the tunnel token - we’ll need this for our environment configuration

Configuring the Tunnel Route

After creating your tunnel, you need to configure the route:

  1. In the tunnel configuration, add a Public Hostname
  2. Set the following values:
    • Subdomain: n8n (or your preferred subdomain)
    • Domain: Your domain (e.g., mydomain.com)
    • Service Type: HTTP
    • URL: n8n:5678

This configuration tells Cloudflare to route traffic from your public domain to the n8n container on port 5678.

Configuring DNS

In your Cloudflare DNS settings, create a CNAME record:

  • Name: n8n (or your preferred subdomain)
  • Target: Your tunnel ID (provided in the Cloudflare dashboard)
  • Proxy status: Proxied (orange cloud)

Docker Compose Configuration

Our setup uses a minimal but effective Docker Compose configuration that includes both n8n and the Cloudflare tunnel connector.

Environment Variables

Create a .env file in your project directory with the following configuration:

1
2
3
4
5
6
7
8

N8N_HOST="n8n.mydomain.com"
N8N_PORT="5678"
N8N_PROTOCOL="https"
NODE_ENV="production"
WEBHOOK_URL="https://n8n.mydomain.com"
GENERIC_TIMEZONE="America/Montreal"
N8N_RUNNERS_ENABLED="true"
TUNNEL_TOKEN="your_cloudflare_tunnel_token_here"

Key configuration notes:

  • N8N_HOST: Your domain where n8n will be accessible
  • N8N_PROTOCOL: Set to “https” for production security
  • WEBHOOK_URL: External URL for webhook endpoints
  • N8N_RUNNERS_ENABLED: Enables task runners for better performance
  • TUNNEL_TOKEN: Your Cloudflare tunnel token

Docker Compose File

Create a docker-compose.yml file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

services:
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    env_file: .env

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: unless-stopped
    ports:
      - "5678"
    env_file: .env
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:

Understanding the Configuration

Cloudflare Tunnel Service

The cf-tunnel service runs the Cloudflare daemon that maintains a secure connection to Cloudflare’s edge network. The --no-autoupdate flag prevents automatic updates that could disrupt service.

n8n Service

The n8n service configuration includes:

  • Port Mapping: Internal port 5678 for the web interface
  • Persistent Storage: The n8n_data volume stores workflows, credentials, and settings
  • Local Files: The ./local-files directory allows workflows to access local files
  • Environment Configuration: All settings loaded from the .env file

Deployment Steps

  1. Create the project directory: 
    1
2

    mkdir n8n-automation
cd n8n-automation
  2. Create the configuration files:
    • Add the .env file with your specific settings
    • Add the docker-compose.yml file
    • Create the local files directory: mkdir local-files
  3. Start the services: 
    1

    docker-compose up -d
  4. Verify deployment: 
    1

    docker-compose logs -f

Initial n8n Setup

Once your services are running:

  1. Navigate to your configured domain (e.g., https://n8n.mydomain.com)
  2. Complete the initial user setup
  3. When prompted, request the free registration key and add it to your instance
  4. Configure your first workflow

Security Considerations

This setup provides several security benefits:

  • Encrypted Traffic: All communication is encrypted via Cloudflare’s TLS
  • No Port Forwarding: No need to open ports on your firewall
  • DDoS Protection: Cloudflare’s network provides built-in protection
  • Access Control: Can be extended with Cloudflare Access for additional authentication

Additional Security Measures

Consider implementing:

  • Cloudflare Access: Add authentication before reaching n8n
  • IP Restrictions: Limit access to specific IP ranges
  • Regular Backups: Backup the n8n_data volume regularly

Maintenance and Updates

Updating n8n

To update to the latest n8n version:

1
2

docker-compose pull n8n
docker-compose up -d n8n

Backup Strategy

Create regular backups of your n8n data:

1

docker run --rm -v n8n-automation_n8n_data:/data -v $(pwd):/backup alpine tar czf /backup/n8n-backup-$(date +%Y%m%d).tar.gz -C /data .

Troubleshooting

Common Issues

Tunnel Connection Problems:

  • Verify your tunnel token is correct
  • Check Cloudflare dashboard for tunnel status
  • Review cloudflared logs: docker-compose logs cf-tunnel

n8n Access Issues:

  • Ensure DNS is properly configured
  • Verify the N8N_HOST matches your domain
  • Check n8n logs: docker-compose logs n8n

Workflow Execution Problems:

  • Verify WEBHOOK_URL is accessible externally
  • Check timezone configuration for scheduled workflows
  • Ensure proper volume permissions for file operations

Conclusion

This setup provides a robust, secure foundation for workflow automation using n8n. The combination of Docker Compose for orchestration and Cloudflare Tunnel for secure access eliminates many traditional deployment complexities while maintaining security best practices.

The configuration is production-ready and can scale with your automation needs. Whether you’re automating development workflows, integrating business systems, or creating custom notification pipelines, this n8n setup provides the reliability and security required for critical automation tasks.

Remember to regularly backup your workflows and keep your Docker images updated to maintain security and access to the latest features.

Automation
Automation n8n Docker Cloudflare Tutorial

© 2025 pycvala.de. Some rights reserved.

Using the Chirpy theme for Jekyll .

Privacy Policy - Cookie Policy - Terms and Conditions