n8n Docker Environment Variables: Complete Reference Guide
⚙️ ENV Reference Production variables · Webhook URLs · Database · Queue mode · Security · Logging
n8n Docker Environment Variables: Complete Reference Guide
Essential and advanced environment variables for production n8n deployments
This guide provides a complete reference to n8n environment variables for Docker self‑hosted deployments. You will learn which variables are mandatory, how to set them correctly, and best practices for production scenarios. All values are based on official n8n documentation as of version 1.78+.

1. Which environment variables are mandatory for production n8n?

N8N_HOST (public domain), N8N_PROTOCOL=https, WEBHOOK_URL (if different from host), N8N_ENCRYPTION_KEY (credential encryption), and DB_TYPE with connection details for PostgreSQL. For single‑container SQLite, the last is optional but not recommended.

Without these variables, webhooks fail, credentials are not encrypted, or the editor cannot be reached. Below is the minimal set for a production Docker container behind a reverse proxy:

environment:
  - N8N_HOST=n8n.yourdomain.com
  - N8N_PROTOCOL=https
  - WEBHOOK_URL=https://n8n.yourdomain.com
  - N8N_ENCRYPTION_KEY=your-strong-64-char-key
  - DB_TYPE=postgresdb
  - DB_POSTGRESDB_HOST=postgres
  - DB_POSTGRESDB_PORT=5432
  - DB_POSTGRESDB_DATABASE=n8n
  - DB_POSTGRESDB_USER=n8n
  - DB_POSTGRESDB_PASSWORD=securepass
⚠️ Never hardcode secrets in Compose files that go into version control. Use .env files or Docker secrets for production.

2. How do you correctly set webhook‑related variables (N8N_HOST, N8N_PROTOCOL, WEBHOOK_URL)?

Set N8N_HOST to your public domain (e.g., n8n.example.com). Set N8N_PROTOCOL=https. WEBHOOK_URL overrides the base URL for webhooks; set it to the same HTTPS URL. These ensure that webhook callbacks and editor assets use the correct domain and scheme.

n8n generates webhook URLs using the N8N_HOST and N8N_PROTOCOL values. If you use a reverse proxy that rewrites paths, also set N8N_PATH (rare). Example:

N8N_HOST=n8n.internal.example.com
N8N_PROTOCOL=https
WEBHOOK_URL=https://public.n8n.example.com

This is useful when the internal container hostname differs from the public domain. Without correct values, third‑party services (GitHub, Stripe) cannot reach your webhooks.

3. What is N8N_ENCRYPTION_KEY and how do you generate a secure one?

N8N_ENCRYPTION_KEY is the master key for AES‑256‑CBC encryption of all credentials. Generate a 64‑character hex string with openssl rand -hex 32. Set the same key across all main and worker containers. Back it up separately; without it, you cannot recover credentials from a database backup.

If you do not set this variable, n8n auto‑generates a key and stores it in /home/node/.n8n/config. That key is not shared across replicas, causing decryption errors in queue mode. Always set it explicitly. Example generation:

openssl rand -hex 32
# Output: a1b2c3d4e5f6... (64 characters)

Store it in a password manager or a secret store like HashiCorp Vault. Never commit it to Git.

4. How do you configure n8n to use PostgreSQL instead of SQLite?

Set DB_TYPE=postgresdb and provide DB_POSTGRESDB_HOST, DB_POSTGRESDB_PORT, DB_POSTGRESDB_DATABASE, DB_POSTGRESDB_USER, DB_POSTGRESDB_PASSWORD. Omit these for SQLite (default). For production, always use PostgreSQL. Queue mode requires PostgreSQL.

Full PostgreSQL example:

DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=postgres-service.example.com
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n
DB_POSTGRESDB_PASSWORD=strong-password
DB_POSTGRESDB_SCHEMA=public (optional)

If you use a connection string, you can also use DB_POSTGRESDB_URL. For SSL connections, append ?sslmode=require to the URL.

5. Which variables enable queue mode and control concurrency?

Set QUEUE_MODE_ENABLED=true. Also set QUEUE_BULL_REDIS_HOST (and optionally port, password). On workers, set EXECUTIONS_PROCESS=worker. Concurrency per worker: N8N_CONCURRENCY_PRODUCTION_LIMIT (default -1 unlimited). Main instance uses N8N_CONCURRENCY_PRODUCTION_LIMIT only if running executions (not typical in queue mode).

Example for a worker container:

QUEUE_MODE_ENABLED=true
QUEUE_BULL_REDIS_HOST=redis
QUEUE_BULL_REDIS_PORT=6379
QUEUE_BULL_REDIS_DB=0
N8N_CONCURRENCY_PRODUCTION_LIMIT=5
EXECUTIONS_PROCESS=worker

If Redis requires authentication, set QUEUE_BULL_REDIS_PASSWORD. For high availability, use Redis Sentinel variables: QUEUE_BULL_REDIS_SENTINEL_MASTER, QUEUE_BULL_REDIS_SENTINEL_NODES.

6. Which environment variables improve n8n security?

N8N_BASIC_AUTH_ACTIVE, N8N_BASIC_AUTH_USER, N8N_BASIC_AUTH_PASSWORD (legacy), N8N_USER_MANAGEMENT_JWT_SECRET (for built‑in user auth), N8N_SKIP_WEBHOOK_DANGEROUS_EMAIL_CHECK=false, and N8N_VERSION_NOTIFICATIONS_ENABLED=false to reduce information leakage.

For n8n 1.0+, built‑in user management is preferred over basic auth. Set N8N_USER_MANAGEMENT_JWT_SECRET to a random string to sign JWT tokens. Disable version notifications to avoid exposing your version to the public API. Example:

N8N_USER_MANAGEMENT_JWT_SECRET=random-jwt-secret-32-chars
N8N_SKIP_WEBHOOK_DANGEROUS_EMAIL_CHECK=false
N8N_VERSION_NOTIFICATIONS_ENABLED=false

Also consider N8N_METRICS_BASIC_AUTH_USER and N8N_METRICS_BASIC_AUTH_PASSWORD if you expose the Prometheus endpoint.

7. How do you configure logging and execution data retention?

Set N8N_LOG_LEVEL to info, debug, warn, or error. Use N8N_LOG_OUTPUT=console,file and N8N_LOG_FILE_LOCATION. For pruning, set N8N_EXECUTIONS_DATA_PRUNE=true and N8N_EXECUTIONS_DATA_MAX_AGE=168 (hours). This deletes execution logs older than 7 days.

Without pruning, the execution table can grow to gigabytes. Example:

N8N_LOG_LEVEL=info
N8N_LOG_OUTPUT=file
N8N_LOG_FILE_LOCATION=/home/node/.n8n/logs/n8n.log
N8N_EXECUTIONS_DATA_PRUNE=true
N8N_EXECUTIONS_DATA_MAX_AGE=168

For debugging, set N8N_LOG_LEVEL=debug temporarily — but beware of high volume in production.

8. What does a complete production environment variable set look like?

Combine mandatory webhook, database, encryption, security, logging, and queue mode (if needed) variables. Use a .env file to keep secrets out of Compose. Below is a template for a production n8n stack with PostgreSQL, queue mode, and monitoring.

Example .env file:

# Domain
N8N_HOST=n8n.prod.example.com
N8N_PROTOCOL=https
WEBHOOK_URL=https://n8n.prod.example.com

# Encryption
N8N_ENCRYPTION_KEY=7f3e4c2a9d8f1b6e5c4a3f2d1e0b9a8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f2a1

# Database
DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=postgres.internal
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n
DB_POSTGRESDB_PASSWORD=db_strong_password

# Queue mode (optional, remove if not used)
QUEUE_MODE_ENABLED=true
QUEUE_BULL_REDIS_HOST=redis.internal
QUEUE_BULL_REDIS_PORT=6379
QUEUE_BULL_REDIS_PASSWORD=redis_pass
N8N_CONCURRENCY_PRODUCTION_LIMIT=5

# Security
N8N_USER_MANAGEMENT_JWT_SECRET=jwt_secret_32_chars
N8N_SKIP_WEBHOOK_DANGEROUS_EMAIL_CHECK=false
N8N_VERSION_NOTIFICATIONS_ENABLED=false

# Logging & pruning
N8N_LOG_LEVEL=info
N8N_LOG_OUTPUT=file
N8N_LOG_FILE_LOCATION=/home/node/.n8n/logs/n8n.log
N8N_EXECUTIONS_DATA_PRUNE=true
N8N_EXECUTIONS_DATA_MAX_AGE=168

# Metrics (optional)
N8N_METRICS=true
N8N_METRICS_BASIC_AUTH_USER=monitor
N8N_METRICS_BASIC_AUTH_PASSWORD=metrics_pass

Reference this .env in your Docker Compose file with env_file: .env or individually as ${VAR}.

📘 Related guides

📖 Official references

⚠️ Disclaimer: This reference is for informational purposes. Always verify environment variable names against the official documentation for your n8n version. The author is not affiliated with n8n GmbH.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Trending now

n8n Queue Mode: Workers, Concurrency & Horizontal Scaling
n8n for Beginners: First Workflow, Templates & Getting Started
n8n Nodes & Techniques: Core Nodes, Expressions & Code Guide
n8n application interface, emphasizing how it links different apps and automates processes
A Complete Guide to n8n AI Agents: From Beginner to Expert