Back to Blog
Tutorials5 min read

How to Securely Connect Self-Hosted n8n Behind Nginx

A step-by-step guide to configuring your reverse proxy and firewall settings to allow AutoNod to monitor your docker-based instances.

D

DevOps Engineer

May 02, 2026

📑 Table of Contents
How to Securely Connect Self-Hosted n8n Behind Nginx

Why Nginx?

Running self-hosted n8n is highly cost-effective and provides complete data ownership. However, exposing the raw n8n container port (usually 5678) directly to the web is a massive security risk. Using Nginx as a reverse proxy adds an essential security layer, manages SSL certificates, handles WebSockets correctly, and enables rate limiting.

Docker Compose Configuration

Make sure your n8n container runs within a Docker network alongside Nginx. Here is a simple docker-compose.yml snippet:

version: '3.8'
services:
  n8n:
    image: n8nio/n8n:latest
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - N8N_HOST=n8n.yourdomain.com
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://n8n.yourdomain.com/
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:

Nginx Reverse Proxy Block

Add the following configuration file under /etc/nginx/sites-available/n8n.conf. Pay close attention to the WebSocket headers which are required for the n8n UI to work properly:

server {
    server_name n8n.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:5678;
        proxy_set_header Connection '';
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;

        # WebSocket support
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Let's Encrypt SSL

Secure your connection by obtaining a Let's Encrypt certificate. Certbot makes this automated and quick:

sudo apt update
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d n8n.yourdomain.com

Securing with IP Restrictions

To securely connect your self-hosted instance to AutoNod, you can restrict access to n8n's API routes (specifically under /api/v1/) to only trust AutoNod monitoring IPs. Add this rule to your Nginx location block:

# Restrict API routes to AutoNod monitoring engine
location /api/v1/ {
    allow 34.120.11.23; # Example AutoNod IP
    allow 127.0.0.1;
    deny all;
    proxy_pass http://127.0.0.1:5678;
    # (Include other proxy headers as above)
}

By routing your instance through Nginx and whitelisting monitoring IPs, you get real-time tracking from AutoNod without exposing your entire automation dashboard to public access.

Stop Babysitting Your Workflows

AutoNod monitors your n8n workflows 24/7, detects failures in under 5 seconds, and auto-repairs transient errors — so you don't have to.

Start Free — No Credit CardSee All Features

Related Articles

Monitoring

Your n8n Workflows Are Failing Right Now — Here's How to Know

Monitoring

n8n Error Monitoring: The Complete Guide for Production

Alerts

How to Set Up n8n Alerts for Slack, Email & Discord