These are the bare bones, just tell me what to do set of instructions. See the previous article for a detailed explanation each step.

What you’ll need:

  • A machine to host n8n. This can be a spare PC or Raspberry Pi.
  • A free Cloudflare account.
  • A web domain that lives on Cloudflare’s nameservers. You can purchase a new one from Cloudflare or move a domain you already own to the Cloudflare nameservers.

Step 1 - Install Docker:#

Here’s the official documentation on how to install Docker: https://docs.docker.com/engine/install/

Step 2 - Create the Docker Network:#

We can test out the Docker install by creating the Docker network we’ll use later.

docker network create tunnel

Step 3 - Create the Tunnel in Cloudflare:#

Cloudflare makes it easy to set up a tunnel, install an app to manage it, and define access policies. A built-in wizard walks you through everything step by step. To access this:

  1. Log into your Cloudflare account.
  2. Click on Zero Trust in the menu on the left side of the page. You’ll need to set up an organization the first time you do this. Just choose a name and proceed.
  3. Click the “Get started” tab at the top of the page.
  4. Click on the “Get started” button next to “Securely access private web apps without an agent”.
  5. Follow the steps which guides you through the process. When it asks you for a service route use http://n8n:5678

Step 4 - Create the Cloudflared Docker Compose File:#

  1. Create a directory to hold the compose file: 
    mkdir ~/tunnel-compose
  2. Create the docker compose file: 
    nano ~/tunnel-compose/docker-compose.yml
  3. Paste in the lines below.
  4. Enter Ctrl+x , type in “y” to confirm, press enter to accept the file name.
services:
  cloudflared:
    image: cloudflare/cloudflared:latest
    cap_drop:
      - ALL
    read_only: true
    security_opt:
      - no-new-privileges:true
    container_name: cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=${TUNNEL_TOKEN}
    networks:
      - tunnel

networks:
  tunnel:
    external: true

Step 5 - Create the .env file for Cloudflared#

  1. In the terminal, enter: 
    nano ~/tunnel-compose/.env
  2. Paste in the lines below. Set the TUNNEL_TOKEN value equal to the token for your tunnel .
  3. Enter Ctrl+x , type in “y” to confirm, press enter to accept the file name.
# Tunnel Token
TUNNEL_TOKEN=<YOUR TUNNEL TOKEN>

If you didn’t save the tunnel token when you set it up, you can retrieve it:

  1. Log into your Cloudflare account.
  2. Click Zero Trust in the side menu.
  3. Under Networks, click on Tunnels.
  4. Click the name of your tunnel and then the Edit button on the right side of the page.
  5. Click the Docker button in the middle of the page to show the “docker run” command. The tunnel token is at the end.

Step 6 - Create the Docker Compose file for n8n:#

  1. Create the docker volume for n8n application data: 
    docker volume create n8n_data
  2. Create a directory to hold the compose file: 
    mkdir ~/n8n-compose
  3. Create a directory for user files. This will allow n8n workflows to read and write files to the host file system. 
    mkdir ~/n8n-compose/local-files
  4. Create the docker compose file: 
    nano ~/n8n-compose/docker-compose.yml
  5. Paste in the lines below.
  6. Enter Ctrl+x , type in “y” to confirm, press enter to accept the file name.
services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    container_name: n8n
    restart: unless-stopped
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_SECURE_COOKIE=false
      - N8N_PROXY_HOPS=1
      - N8N_RUNNERS_ENABLED=true
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files
    networks:
      - tunnel

networks:
  tunnel:
    external: true

volumes:
  n8n_data:

Step 7 - Create the .env file for n8n#

  1. In the terminal, enter: 
    nano ~/n8n-compose/.env
  2. Paste in the lines below, changing the values to match your environment. The domain and subdomain names are those you set up when creating the Cloudflare application / tunnel.
  3. Enter Ctrl+x , type in “y” to confirm, press enter to accept the file name.
# DOMAIN_NAME and SUBDOMAIN together determine where n8n will be reachable from
# The top level domain to serve from
DOMAIN_NAME=yourdomain.com

# The subdomain to serve from
SUBDOMAIN=n8n

# Optional timezone to set which gets used by Cron and other scheduling nodes
# New York is the default value if not set
GENERIC_TIMEZONE=America/Detroit
Line Purpose
DOMAIN_NAME=yourdomain.com Domain defined in the Cloudflare Tunnel definition
SUBDOMAIN=n8n The subdomain defined in the Cloudflare Tunnel definition
GENERIC_TIMEZONE=America/Detroit The timezone to use in the service for schedule triggers

Step 8 - Start the n8n container#

  1. In the terminal cd to the n8n compose directory: 
    cd ~/n8n-compose
  2. Create and start the n8n container: 
    docker compose up -d
  3. After the container is started, view the logs to look for any errors: 
    docker compose logs n8n

Step 9 - Start the Cloudflared container#

  1. In the terminal cd to the Cloudflared compose directory: 
    cd ~/tunnel-compose
  2. Create and start the Cloudflared container: 
    docker compose up -d
  3. After the container is started, view the logs to look for any errors: 
    docker compose logs cloudflared

Step 10 - Access the n8n editor#

In your browser, go to https://<subdomain.domain>. For example, if you set the tunnel up with subdomain = n8n and domain = example.com, visit https://n8n.example.com. You’ll land on the Cloudflare login page, and once you sign in, the n8n editor will appear. The first time you access it, you’ll be asked to create a username and password. And that’s it. You now have safe, authenticated access to your self-hosted n8n instance from anywhere on the public internet.