n8n Production Configuration: Security and Scaling
Table of Contents
n8n Deployment: Production Configuration Guide
Part 3 of 3: Part 1: Docker Compose Setup | Part 2: Kubernetes Manifest Guide
Configuration Deep Dive
Here are the settings I always tune from their defaults.
| Parameter | Default | My Production Value | Impact |
|---|---|---|---|
EXECUTIONS_MODE | regular | queue | Enables horizontal scaling |
QUEUE_BULL_REDIS_DB | 0 | 1 | Isolates n8n from other Redis users |
N8N_CONCURRENCY_PRODUCTION_LIMIT | -1 | 50 | Prevents resource exhaustion |
EXECUTIONS_TIMEOUT | 3600 | 300 | Kills runaway workflows |
N8N_DEFAULT_BINARY_DATA_MODE | default | filesystem | Handles large files without memory bloat |
Verification and Testing
After deployment, run these checks.
Health Check
# Dockercurl -s http://localhost:5678/healthz | jq .# Expected: {"status":"ok"}
# Kuberneteskubectl exec -n n8n deployment/n8n-main -- wget -qO- localhost:5678/healthzSmoke Test: Create a Simple Workflow
- Log in to the editor.
- Create a workflow with a Schedule Trigger (every minute) and a Code node that returns
{ "status": "ok" }. - Activate it.
- Check Executions: you should see green checkmarks every minute.
Load Test
Use the n8n CLI or a simple shell loop to fire webhooks:
for i in {1..100}; do curl -X POST https://hooks.yourdomain.com/webhook/test \ -H "Content-Type: application/json" \ -d '{"payload":"test"}' &donewaitMonitor worker CPU and Redis memory during the test.
Production Considerations
High Availability
- Run 2+ n8n-main replicas behind a session-aware load balancer if you need HA for the UI. Note that n8n uses local memory for some state, so sticky sessions or a single replica is simpler.
- Run 3+ workers minimum. Scale based on queue depth.
- Use PostgreSQL with backup. I run
pg_dumpnightly to S3-compatible storage.
Monitoring
I monitor these metrics:
| Metric | Source | Alert Threshold |
|---|---|---|
| Queue depth | Redis LLEN bull:jobs | > 100 for 5 minutes |
| Worker CPU | Kubernetes metrics | > 80% for 10 minutes |
| Failed executions | n8n API /executions | > 5% in 10 minutes |
| Database connections | PostgreSQL pg_stat_activity | > 80% of max |
Update Strategy
Pin the n8n image tag to a specific version, never latest. My update flow:
- Test the new version in a staging namespace.
- Update the image tag in Git.
- Roll out with
kubectl rollout restart. - Watch executions for 30 minutes.
- Rollback with
kubectl rollout undoif error rates spike.
Troubleshooting
| Error Message | Cause | Solution |
|---|---|---|
ECONNREFUSED 127.0.0.1:5432 | n8n cannot reach PostgreSQL | Verify service name and network connectivity |
Queue is not enabled | Worker started without queue env | Set EXECUTIONS_MODE=queue on main and QUEUE_BULL_REDIS_HOST on workers |
Encryption key not set | N8N_ENCRYPTION_KEY missing | Add it to secrets and restart |
Webhook 404 | Workflow not active or wrong URL | Activate the workflow and check the webhook path |
Out of memory | Workers exceeding limits | Increase memory limit or add more workers |
FAQ
What is n8n, and how does it differ from Zapier?
n8n is an open-source workflow automation platform. Unlike Zapier, you self-host it, which means you own your data, your credentials never leave your infrastructure, and you are not bound by usage tiers or rate limits.
Do I need a GPU to run n8n?
No. n8n itself runs on CPU only. You only need a GPU if you connect n8n’s AI Agent node to a self-hosted LLM like Ollama or vLLM running on the same cluster.
What is queue mode, and when do I need it?
Queue mode separates the web UI from workflow execution workers using Redis as a job queue. You need it as soon as you run more than a handful of concurrent workflows or require horizontal scaling.
Can I run n8n without PostgreSQL?
Yes, n8n ships with SQLite by default. However, SQLite does not handle concurrent writes well and will corrupt under load. Use PostgreSQL for any serious deployment.
How do I back up my n8n instance?
Back up two things: the PostgreSQL database (pg_dump) and the ~/.n8n directory (or the mounted volume) which contains encryption keys and local binary data. Without the encryption key, your credentials are unrecoverable.
Is n8n’s AI Agent node production-ready?
It is ready for internal tooling and alert triage. I would not yet trust it with autonomous remediation in production without human approval gates. Always keep a human in the loop for destructive actions.
How do I secure webhooks exposed to the internet?
Use a dedicated subdomain, enable TLS, add header-based authentication, and IP-allowlist where possible. Consider putting webhooks behind a reverse proxy with rate limiting.
Can I use n8n with vLLM instead of Ollama?
Absolutely. Both expose an OpenAI-compatible API. Point the HTTP Request node or the OpenAI Chat Model node at your vLLM service URL and set the model name accordingly.
Next Steps
You now have a production-ready n8n deployment with queue mode, encrypted credentials, and AI Agent capabilities. Here is what to explore next:
- Read the n8n vs Temporal comparison to understand when to use workflow orchestration versus event-driven automation.
- Dive into advanced n8n automation patterns including error handling, idempotency, and multi-tenant credential isolation.
- Connect your n8n instance to a self-hosted Ollama deployment for fully private LLM-powered automation.
If you hit issues not covered here, drop a comment with your setup details and I will help you debug it.
Parts in this series: Part 1: Docker Compose Setup ← | Part 2: Kubernetes Manifest Guide ←