• REALIQ
  • Posts
  • Self-Host n8n securely with Docker & Cloudflare Tunnel

Self-Host n8n securely with Docker & Cloudflare Tunnel

No port forwording, no reverse proxy and best way to host n8n

Author

Keval Patel
June 06, 2025

If you’ve ever wanted to self-host n8n with your own domain but got stuck trying to expose it to the internet securely or you need a webhook URL without messing with port forwarding or setting up a reverse proxy—Cloudflare Tunnel might be the easiest (and safest) way to go.

In this guide, I’ll walk you through how I set up n8n on my local machine and exposed it using Cloudflare Tunnel. You just need a domain name and some terminal access. There's another way you can do it without a domain name with Ngrok, but it’s more for testing environments than deployment. You can check out my full video tutorial here.

Check out the full step-by-step tutorial on my YouTube channel:

What You’ll Need

🌐 A domain name

Getting a domain name is easy, but getting a free domain name is very hard. As far as my research goes, there are not many options available that provide cheap domain names (and I’m not referring to free subdomains). Here are a few affordable options:

  1. gen.xyz (1.111b class domain, cheapest domains)

  2. Namecheap education (never tried; requires a student email)

  3. Namecheap (affordable generally)

  4. Cloudfare domains (lowest renewal cost)

☁️ Cloudflare account

Creating a Cloudflare account is straightforward. If you need help, I’ve walked through it step-by-step in a video. But the basic steps are:

Set Up Your Domain on Cloudflare

If your domain is not already managed by Cloudflare:

  1. Create a Cloudflare account.

  2. Add your domain and change your nameservers to Cloudflare’s.

  3. Wait for DNS propagation (can take a few minutes to a couple of hours)

Once that’s done, you’re ready to set up the tunnel.

🖥️ A Linux machine (local or cloud)

Step 1: Download Cloudflare package

Download the cloudfare package: There are two different ways you can do that.

  1. Adding gpg keys and apt repositories

     I have mentioned a command for a debian-based system; you are using something else; checkout package documentation.

# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared

Step 2: connect to Cloudflare account

Link your Cloudflare account with your Linux machine. 

# just run it as normal user, do not use sudo
cloudflared tunnel login

It should open up your Cloudflare login page; log in to your account and select the domain you want to use. Authorize the domain, and it should save your secret credentials on your machine.

Step 3: create tunnel

Now create your tunnel; for simplicity I am calling it n8n-tunnel

cloudflared tunnel create n8n-tunnel

Note: Make sure to save the tunnel UUID, we need to use it in the next steps.

Step 4: Route the traffic to your domain

Run the following command with your tunnel name/UUID and your domain. 

# make sure to use proper tunnel name/ UUID
cloudflared tunnel route dns <YOUR_TUNNEL_NAME_OR_UUID> <your-subdomain.yourdomain.com>

Step 5 - Configuring Cloudflared

Now we will create a config file so our machine knows that it should route traffic to the tunnel.

Create a folder in a standard location so the computer knows where to look for the configuration. 

# create folder
sudo mkdir /etc/cloudflared

# go to directory
cd /etc/cloudflared

# create new config file (make sure you are in /etc/cloudflared)
sudo nano config.yml

Once the editor opens up, copy the sample config file and change the value mentioned below. 

# /etc/cloudflared/config.yml

# REPLACE - Your Tunnel UUID
tunnel: Tunnel_UUID

# REPLACE- credential path, make sure file is in correct the directory and change your actual username
credentials-file: /home/username/.cloudflared/Tunnel_UUID.json 

ingress:
  - hostname: n8n.yourdomain.com # REPLACE- your subdomain
    service: http://localhost:5678 # Points to n8n self-host
  - service: http_status:404

Step 6 - Run n8n in Docker

We’ll use Docker Desktop to run n8n in a container. If you don’t have Docker Desktop installed, you can check out my blog and YouTube video.

Open Docker Desktop and search for n8nio/n8n in the Images tab.

  1. Click Pull to download the image

  2. After it's downloaded, click Run

  3. Once the n8n image is downloaded, click on Run and select Optional settings. It should look similar to the attached image.

Set Up Optional Settings

Here’s what to configure when prompted:

Container Name

Choose a recognizable name like n8n_io

Ports

  • Host Port: 5678

  • Container Port: 5678 (leave this unchanged)

Volume Paths

  • Host Path: /home/your-username/n8n_data (or wherever you want to store your data)

  • Container Path: /home/node/.n8n

Environment Variables

Variable

Value

N8N_EDITOR_BASE_URL

https://sub-domain.xyz

WEBHOOK_URL

https://sub-domain.xyz

N8N_DEFAULT_BINARY_DATA_MODE

filesystem

Once everything is filled out, click Run and let Docker handle the rest.

Step 7 - Activate your tunnel

  1. Install cloudflare service

# register config with systemd
sudo cloudflared service install

  1. Enable service and check status

# enable service
sudo systemctl enable --now cloudflared

# check status
systemctl status cloudflared

🧠 Why I Prefer Cloudflare Tunnel with Docker

  • 🔒 No ports exposed: Zero attack surface — your firewall stays locked down.

  • 🌐 Free HTTPS: No certificates to manage. Cloudflare gives you HTTPS instantly.

  • 🚪 Bypass NAT/firewall: Works even behind strict routers or CGNAT (e.g., ISP blocks).

  • 🧰 Simple for local development: Works great with containerized systems such as Docker, Podman, and Casa OS.

🎯 Final Thoughts

This setup has become my go-to for quickly spinning up secure, remote-accessible n8n environments—whether I'm building automations for clients, my YouTube content, or internal tools.

If you’re already using Docker or Docker Desktop and you’ve got a domain managed by Cloudflare, this method is hands down the easiest and most secure way to self-host n8n.

Reply

or to participate.