This repository provides a ready-to-use deployment of n8n with Caddy as a reverse proxy and automatic HTTPS certificates.
Deployment is automated through GitHub Actions and executed on a remote server.
- n8n workflow automation platform
- Caddy reverse proxy with automatic TLS via Let’s Encrypt
- GitHub Actions pipeline for zero-downtime deployment
- Secure environment with encryption key and basic auth support
-
n8n
- Image:
n8nio/n8n:latest - Exposed on port
5678 - Persistent volume:
n8n_data:/home/node/.n8n - Configured with environment variables from
.env
- Image:
-
caddy
- Image:
caddy:latest - Exposed on ports
80and443 - Uses
Caddyfilefor reverse proxy configuration - Handles HTTPS certificates automatically
- Persistent volumes:
caddy_data,caddy_config
- Image:
n8n_datacaddy_datacaddy_config
Caddy is configured to:
- Serve ${DOMAIN} on HTTPS
- Automatically issue and renew TLS certificates via Let’s Encrypt
- Proxy traffic securely to the
n8ncontainer at port5678
The following variables are required:
DOMAIN=yourdomain.com
LE_EMAIL=you@example.com
N8N_ENCRYPTION_KEY=your_encryption_key
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=strongpasswordYou can use this repository directly or fork it to your own GitHub account. If you plan to customize the stack, forking is recommended so you can push to your own main branch.
Add the following repository Secrets in GitHub:
- Open your repo → Settings → Secrets and variables → Actions → New repository secret.
- Create these secrets:
Required for SSH:
SSH_HOST— server IP or hostnameSSH_USER— SSH username (with permissions to run Docker)SSH_PASSWORD— SSH password for that user
Required for n8n/Caddy:
DOMAIN— your domain (e.g.automation.example.com)LE_EMAIL— email for Let’s EncryptN8N_ENCRYPTION_KEY— strong random string (used to encrypt credentials in n8n)N8N_BASIC_AUTH_ACTIVE—trueorfalseN8N_BASIC_AUTH_USER— login for Basic AuthN8N_BASIC_AUTH_PASSWORD— password for Basic Auth
Names must match exactly as above — the workflow reads them via
${{ secrets.NAME }}.
- A Linux host reachable via SSH (ports 22, 80, 443 open).
- User from
SSH_USERcan run Docker (either indockergroup or viasudo). - DNS A/AAAA record for
DOMAINpoints to your server’s IP.
The workflow runs on push to main. To deploy:
- Commit your changes.
- Push to
main:git push origin main
- Go to Actions → Deploy n8n to watch the run.
If you want a manual “Run workflow” button, add this to the top of .github/workflows/deploy.yml:
on:
push:
branches: ["main"]
workflow_dispatch: {}Then open Actions → Deploy n8n → Run workflow.
Ensure the server has:
- Docker installed
- Docker Compose plugin (
docker compose) or legacy binary (docker-compose) - Open ports 80 and 443
After deployment:
- Access n8n via: https://yourdomain.com/
- Login with Basic Auth credentials (
N8N_BASIC_AUTH_USER/N8N_BASIC_AUTH_PASSWORD) - All workflows and credentials are stored in
n8n_datavolume
To redeploy:
git push origin mainThis will trigger the GitHub Actions workflow and update the remote stack.
This repository is provided as-is for deploying n8n with Docker and Caddy.