WF Workflow Fixes

self hosting

N8N Docker Compose .env File

A Docker Compose env file keeps n8n deployment settings separate from the Compose service definition and makes it easier to avoid committing secrets.

Match your incident first

Start with the symptom you can prove

Jump to checks

Container restarts after upgrade or compose pull

First check: Run docker compose ps and inspect the last 100 n8n log lines.

Wrong fix to avoid: Do not delete volumes to make the container start.

Verify: Container stays healthy and existing workflows/credentials remain visible.

Workflows disappear after recreating container

First check: Check compose volumes and whether /home/node/.n8n is persisted.

Wrong fix to avoid: Do not create new workflows until you confirm whether old data exists in a volume or backup.

Verify: A restart preserves workflows, credentials, executions, and settings.

Production URL is wrong in Docker deployment

First check: Inspect only the public URL-related env vars and the proxy route.

Wrong fix to avoid: Do not expose the container directly on the public internet to bypass proxy config.

Verify: Webhook URLs in the editor use the intended HTTPS domain.

Use when
self-hosted, Docker Compose
First check
Confirm workflows and credentials survive a restart before sending real traffic.
Time to check
5-10 minutes
Next step
Match the symptom, then run the verification checks.

Independent third-party notes. n8n is a trademark of its owner and is referenced only for compatibility and troubleshooting context.

Quick Answer

A Docker Compose env file keeps n8n deployment settings separate from the Compose service definition and makes it easier to avoid committing secrets.

Does this match your symptom?

Self-hosted Docker setup looks risky

The instance runs, but persistence, .env files, public URLs, HTTPS, Postgres, or backups are unclear.

First check: Confirm workflows and credentials survive a restart before sending real traffic.

Primary path n8n Docker Compose Setup: Persistent Volume, .env, Postgres, and Webhooks Related check n8n Docker Volume Persistence: Avoid Losing Workflows and Credentials Related check N8N SSL Setup Still blocked? Generate a diagnostic brief

Version awareness

Last reviewed 2026-05-21

Applies to
self-hosted n8n, Docker Compose, Postgres, reverse proxy, backup/restore
Official docs checked
n8n Docker Compose Setup, n8n Environment Variables
Version-sensitive assumptions
n8n node parameters, credential names, and queue mode defaults can change between releases; confirm against your installed version before changing production.
What may change after upgrades
Node parameter names, credential scopes, webhook behavior, Docker image defaults, and queue worker expectations may shift after n8n upgrades.

Key Facts

Best use
Store deployment-specific environment variables outside the Compose service body.
Typical values
Database, Redis, endpoint, timezone, encryption, and node settings.
Security reason
Secrets should not be committed to public repositories.
Operational reason
The same Compose file can be reused across environments.

Production Diagnostic Matrix

Turn checks into a brief
Exact symptom or log Likely cause First check Wrong fix to avoid Verification
Container restarts after upgrade or compose pull Missing required env var, incompatible database migration, or invalid compose service config. Run docker compose ps and inspect the last 100 n8n log lines. Do not delete volumes to make the container start. Container stays healthy and existing workflows/credentials remain visible.
Workflows disappear after recreating container n8n data was stored inside the container instead of a persistent volume or external database. Check compose volumes and whether /home/node/.n8n is persisted. Do not create new workflows until you confirm whether old data exists in a volume or backup. A restart preserves workflows, credentials, executions, and settings.
Production URL is wrong in Docker deployment WEBHOOK_URL, N8N_HOST, N8N_PROTOCOL, or reverse proxy labels are missing or inconsistent. Inspect only the public URL-related env vars and the proxy route. Do not expose the container directly on the public internet to bypass proxy config. Webhook URLs in the editor use the intended HTTPS domain.
Database or volume permission errors after moving hosts File ownership, mounted path, or Postgres credentials changed during migration. Check volume mount paths, container UID expectations, and database auth logs. Do not chmod everything recursively without a backup. n8n starts and can read previous workflows after one restart.
Backup exists but restore does not work Backup missed the database, .n8n folder, encryption key, or binary data storage. Verify restore in a disposable environment before touching production. Do not assume a SQL dump alone is enough when binary data or SQLite is used. A restored test instance can open workflows, decrypt credentials, and run a smoke test.
Upgrade breaks a previously working workflow Node behavior, credential schema, API response shape, or custom node compatibility changed. Compare failing execution before/after upgrade and check release notes for affected nodes. Do not immediately downgrade without checking database migration and rollback safety. Smoke tests for triggers, credentials, expressions, and outbound calls pass on the target version.
  1. Move environment-specific values into a local env file.
  2. Reference the env file from the Compose service.
  3. Keep secret values out of version control.
  4. Restart the Compose stack after editing variables.
  5. Check logs for malformed or missing variable values.

Verification

  • Compose starts n8n with the expected variables.
  • The env file is ignored by Git or otherwise protected.
  • The same Compose file can run with a different env file in staging.

First Commands / Checks

Check container state Use first when n8n is down, restarting, or behaving differently after a deploy. 
docker compose ps
Secrets note
This lists service names and status only; it should not print credential values.
Verification
n8n, database, Redis, and worker services are running or the failing service is obvious.
Read recent n8n logs Use when the editor, webhook, or startup path fails. 
docker compose logs n8n --tail=100
Secrets note
Review before sharing; remove tokens, private hostnames, and customer payloads.
Verification
The log contains a timestamped error, migration message, or clean startup line.
Check public URL variables only Use when webhook URLs show localhost, http, or the wrong domain. 
docker compose exec n8n printenv WEBHOOK_URL N8N_HOST N8N_PROTOCOL N8N_EDITOR_BASE_URL
Secrets note
Do not run a full env dump in public channels; print only these non-secret routing names.
Verification
Values point to the intended HTTPS public domain.

Safe Copyable Config

.env.example with redacted production placeholders Use as a review checklist for self-hosted n8n environment variables. 
N8N_HOST=automation.example.com
N8N_PROTOCOL=https
WEBHOOK_URL=https://automation.example.com/
GENERIC_TIMEZONE=UTC
DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=postgres
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n_app
DB_POSTGRESDB_PASSWORD=REDACTED_CHANGE_ME
N8N_ENCRYPTION_KEY=REDACTED_GENERATE_ONCE
What to change
Replace domain and timezone. Generate private secret values outside the repo.
Secrets to keep private
Every value marked REDACTED and the real .env file.
Verification
Only expected variable names are present in tickets or docs. The real .env is not committed.
Common mistakes
Sharing full env dumps. Changing encryption key after credentials are created.
Docker Compose with Postgres for n8n data Use when SQLite is no longer enough or when planning queue mode later. 
services:
  postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      - POSTGRES_DB=n8n
      - POSTGRES_USER=n8n_app
      - POSTGRES_PASSWORD=REDACTED_CHANGE_ME
    volumes:
      - postgres_data:/var/lib/postgresql/data

  n8n:
    image: n8nio/n8n:latest
    restart: unless-stopped
    depends_on:
      - postgres
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n_app
      - DB_POSTGRESDB_PASSWORD=REDACTED_CHANGE_ME
      - N8N_ENCRYPTION_KEY=REDACTED_GENERATE_ONCE
      - WEBHOOK_URL=https://automation.example.com/
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  postgres_data:
  n8n_data:
What to change
Generate a strong database password and N8N_ENCRYPTION_KEY privately. Back up both Postgres and n8n binary data storage.
Secrets to keep private
POSTGRES_PASSWORD DB_POSTGRESDB_PASSWORD N8N_ENCRYPTION_KEY
Verification
n8n starts without migration errors. A restart preserves workflows and credentials decrypt successfully.
Common mistakes
Changing N8N_ENCRYPTION_KEY after credentials exist. Backing up only the n8n volume while the database holds production state.

Warnings

  • An env file is still sensitive if it contains secrets.
  • Changing env values without restarting n8n may leave the old configuration active.

Sources

n8n Docker Compose Setup Accessed 2026-05-07 n8n Environment Variables Accessed 2026-05-07

Related Pages

self hosting

N8N Backup and Restore Guide

Back up the active database, n8n user data, encryption key, and any external binary storage before upgrades or infrastructure changes.

 self hosting

N8N Docker Compose Setup

Set up n8n with Docker Compose without losing workflows: check persistent volumes, private .env files, Postgres, HTTPS, backups, and WEBHOOK_URL.

 self hosting

N8N Docker Installation

Install n8n with Docker while keeping /home/node/.n8n persistent, aligning timezone settings, and preparing for HTTPS, backups, and public webhooks.

 self hosting

N8N Docker Volume Persistence

Fix n8n Docker persistence by mounting /home/node/.n8n, protecting SQLite data, preserving community nodes, and testing container recreation.

 self hosting

N8N Postgres Setup

Configure n8n with Postgres using DB_TYPE and DB_POSTGRESDB variables, database permissions, Docker networking, backups, and queue mode planning.