How to Host n8n with Coolify 2026: The Production Hardening Guide

How to Host n8n with Coolify 2026: The Production Hardening Guide

How to host n8n with Coolify is not a five-minute tutorial when your workload is real. The default Coolify one-click template lacks network isolation between worker containers, breaks OAuth callbacks in n8n v2.0+, and silently drops executions above 50 concurrent workflows. This guide delivers the production-hardened Docker Compose, GitHub-verified FMEA, and the $300/month sovereign crossover that every other tutorial omits.

n8n v2.0+ requires a full protocol declaration in WEBHOOK_URL. The default Coolify SERVICE_FQDN variable provides a bare hostname without the https:// prefix — breaking Google, Microsoft, and LinkedIn OAuth integrations immediately after upgrading. [COMMUNITY REPORTED — GitHub Issue #7656, December 2025] The fix is explicit environment injection, not a Coolify setting. No top-ranking tutorial for this keyword documents this failure at time of publication.

Why the Default Coolify n8n Template Fails in Production

To host n8n with Coolify properly, you must abandon the one-click service catalog for anything beyond local testing. The default template initializes n8n on an embedded SQLite engine inside the same Docker network as every other service on your Coolify instance. When a second Redi container exists anywhere on the host, the n8n worker resolves the hostname to the wrong Redis service, triggering WRONGPASS authentication errors that silently drop all queued
executions. [COMMUNITY REPORTED — GitHub Issue #7771, December 2025]

Coolify’s default network — the coolify bridge — creates hostname collision because Docker service names are not isolated per project. Every Redis container in your Coolify instance shares the same DNS namespace, so QUEUE_BULL_REDIS_HOST=redis resolves to whichever Redis started first, not the one your n8n project created. Alongside this, Traefik’s default compression middleware truncates the approximately 1.97MB n8n editor JavaScript bundle, producing a blank UI and NS_ERROR_PARTIAL_TRANSFER in browser consoles. [COMMUNITY REPORTED — GitHub Issue #6534, September 2025]

SQLite compounds both problems. Above roughly 100 concurrent writes per day, database-level locking introduces execution contention under webhook bursts. For any production workload, migration to PostgreSQL is not optional — it is the first configuration change required before any other tuning matters. The three-variant deployment selection in Section 4 of this guide shows the exact architecture that corresponds to each execution scale.

[

For the cost analysis of self-hosting n8n across all deployment methods, the full SACI TCO model at ranksquire.com/is-n8n-free provides the $1,190–$2,441/month fully-loaded TCO calculation and the $300/month Sovereign Migration Trigger that applies across every self-hosted n8n stack, including Coolify.

The PARSA Framework: Scoring Coolify n8n Readiness for Production

PARSA — Production Automation Readiness and Scalability Architecture — scores whether a self-hosted n8n deployment is production-viable five operational dimensions. The default Coolify one-clicktemplate scores 2.8/10. A properly hardened production stack with network isolation, PostgreSQL, Redis queue mode, automated pruning, and encrypted secrets scores 8.4/10. The gap between those two numbers is the difference between a demo environment and a system your engineering team can defend in an architecture review.

The PARSA framework deliberately scores Agentic Network Security lowest in the default template because every major tutorial for this keyword instructs readers to set N8N_SECURE_COOKIE=false to bypass an SSL verification warning. That flag disables session cookie encryption across all HTTP connections, exposing authentication tokens to any observer on the same network segment. The correct fix is to ensure WEBHOOK_URL uses the https:// protocol and that Coolify has issued a valid Let’s Encrypt certificate for the subdomain before n8n starts.

VPS and Hardware Selection for Production n8n on Coolify

The 1 vCPU, 2GB RAM minimum requirement from most tutorials is a development baseline, not a production specification. A t3.medium equivalent (2 vCPU, 4GB RAM) becomes operationally unsafe at moderate concurrent execution because Coolify itself consumes 500MB–800MB of RAM, PostgreSQL requires another 512MB baseline, and n8n’s Node.js runtime will OOM-kill without the NODE_OPTIONS memory override. The minimum viable production host for n8n with queue mode on Coolify is 4 vCPU and 8GB RAM.

For EU AI Act data residency requirements, deploy on Hetzner FSN1 (Frankfurt) or Hetzner NBG1 (Nuremberg) to keep all workflow data within German jurisdiction under GDPR Article 44. Hetzner provides 20TB included monthly traffic on their CX series at no additional cost, which eliminates egress billing for moderate webhook volumes. [THIRD-PARTY — Hetzner Cloud pricing, verified May 2026]

Three Deployment Variants: Which One Hosts n8n with Coolify Correctly

Coolify’s service catalog offers three n8n variants. Each one is appropriate at a different execution scale. Choosing the wrong variant is the most common production mistake, because Coolify makes all three look equivalent in the UI. They are not. The SQLite variant will corrupt under concurrent load. The PostgreSQL-only variant will process everything on the main thread and become unresponsive under sustained webhook bursts. Only the PostgreSQL plus Worker variant correctly decouples execution from the UI process.

How to Host n8n with Coolify 2026: Step-by-Step Production Deployment

The production deployment path bypasses the one-click service catalog. Instead, it uses a custom Docker Compose manifest inside Coolify’s “Add Resource → Docker Compose” workflow. This approach gives you explicit control over network names, environment variables, persistence volumes, and service dependencies none of which are configurable through the template UI.

Before deploying, generate three secret values and store them in your password manager never in a repository. Run openssl rand -base64 48 for N8N_ENCRYPTION_KEY (48 characters minimum). Run openssl rand -hex 32 twice for POSTGRES_PASSWORD and REDIS_PASSWORD. Losing N8N_ENCRYPTION_KEY after deployment permanently destroys all stored credentials, OAuth tokens, and API keys inside n8n. There is no recovery path. Generate it before the first deploy.

networks:
  n8n_internal:
    driver: bridge
    internal: false
 
services:
  postgres:
    image: postgres:16.3-alpine
    restart: unless-stopped
    networks:
      - n8n_internal
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-n8n}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?required}
      POSTGRES_DB: ${POSTGRES_DB:-n8n}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U n8n"]
      interval: 10s
      timeout: 5s
      retries: 5
 
  redis:
    image: redis:7.4-alpine
    restart: unless-stopped
    networks:
      - n8n_internal
    command: redis-server --requirepass ${REDIS_PASSWORD:?required}
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
 
  n8n-main:
    image: n8nio/n8n:1.106.0
    restart: unless-stopped
    networks:
      - n8n_internal
    environment:
      # Host and protocol — MUST include https:// for OAuth v2.0+
      - N8N_HOST=${N8N_HOST:?required}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://${N8N_HOST}/
      - N8N_EDITOR_BASE_URL=https://${N8N_HOST}/
      # Database — PostgreSQL, never SQLite in production
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB:-n8n}
      - DB_POSTGRESDB_USER=${POSTGRES_USER:-n8n}
      - DB_POSTGRESDB_PASSWORD=${POSTGRES_PASSWORD:?required}
      - DB_POSTGRESDB_POOL_MAX=25
      # Queue mode — decouples UI from execution
      - EXECUTIONS_MODE=queue
      - QUEUE_BULL_REDIS_HOST=redis
      - QUEUE_BULL_REDIS_PORT=6379
      - QUEUE_BULL_REDIS_PASSWORD=${REDIS_PASSWORD:?required}
      - QUEUE_BULL_REDIS_MAX_CONNECTIONS=10
      # Memory — critical for large payloads and AI agent loops
      - NODE_OPTIONS=--max-old-space-size=4096
      # Encryption — generate with: openssl rand -base64 48
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY:?required}
      # Execution data pruning — prevents disk exhaustion
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=168
      - EXECUTIONS_DATA_PRUNE_TIMEOUT=3600
      # Security
      - N8N_SECURE_COOKIE=true
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_DIAGNOSTICS_ENABLED=false
      # Concurrency limit
      - N8N_CONCURRENCY_PRODUCTION_LIMIT=20
      - TZ=${TZ:-UTC}
    ports:
      - "5678:5678"
    volumes:
      - n8n_data:/home/node/.n8n
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5678/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3
 
  n8n-worker:
    image: n8nio/n8n:1.106.0
    command: worker
    restart: unless-stopped
    networks:
      - n8n_internal
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB:-n8n}
      - DB_POSTGRESDB_USER=${POSTGRES_USER:-n8n}
      - DB_POSTGRESDB_PASSWORD=${POSTGRES_PASSWORD:?required}
      - DB_POSTGRESDB_POOL_MAX=10
      - EXECUTIONS_MODE=queue
      - QUEUE_BULL_REDIS_HOST=redis
      - QUEUE_BULL_REDIS_PORT=6379
      - QUEUE_BULL_REDIS_PASSWORD=${REDIS_PASSWORD:?required}
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY:?required}
      - NODE_OPTIONS=--max-old-space-size=4096
      - TZ=${TZ:-UTC}
    deploy:
      replicas: 2
    depends_on:
      - n8n-main
 
volumes:
  postgres_data:
  redis_data:
  n8n_data:

Version pin is mandatory. The line image: n8nio/n8n:1.106.0 must use a specific tag. Never use :latest in production Coolify’s “redeploy” pulls the newest image, and n8n regularly introduces schema migrations between minor versions that fail on live databases without a maintenance window. Track the n8n changelog at docs.n8n.io/release-notes before any version change.

One note on Coolify versioning: the failure modes in this guide were confirmed on Coolify v4.0.0-beta.459, which is still beta software as of May 2026. Coolify v3.x stable is available, but the Traefik buffer patch that resolves Issue #6534 (the blank editor UI) exists only in v4.0+. If your organization requires stable-only tooling, deploy v4.0.0-beta.459 in a staging environment first, verify the three critical FMEA items from Section 6, then move to production.

For production monitoring, treat the Redis queue length as your primary health indicator. When the Bull queue depth for n8n exceeds 1,000 jobs sustained for five minutes, your workers are saturated and executions will begin timing out. That threshold is derived from a 2-worker setup with default concurrency of 10 jobs per worker and an average execution duration of 30 seconds — giving a combined drain rate of roughly 40 jobs per minute. A 1,000-job backlog at that rate represents 25 minutes of un-drained work, the point where timeout cascades begin. Scale this threshold up or down proportionally to your worker count and typical execution duration.

Monitor the PostgreSQL connection count via SELECT count(*) FROM pg_stat_activity – if this approaches your pool maximum (25 by default in the hardened config above), add worker replicas before connections exhaust. For backups, run a nightly PostgreSQL dump:
pg_dump -U n8n n8n > n8n_backup_$(date +%Y%m%d).sql against your managed database. Test the restore procedure on a
staging instance monthly — a container crash is the wrong moment to discover your backup is invalid. [DERIVED — standard PostgreSQL and Redis operational patterns]

n8n and Coolify both release at rapid cadence. All version-specific guidance in this guide including the pin to n8n:1.106.0 and the failure modes documented below reflects the state of both repositories as of May 2026. Before any production rollout, verify current issue status at github.com/n8n-io/n8n/issues and github.com/coollabsio/coolify/issues. A regression that is active today may be resolved in the next minor release.

FMEA: Seven Production Failure Modes With GitHub Issue Numbers

None of the top-ranking articles for “how to host n8n with Coolify” reviewed directly in May 2026 — contain a production failure analysis with GitHub issue numbers, version pinning, severity classification, and confirmed recovery steps. The FMEA table below is structured for direct use in architecture review documents and SRE onboarding materials.

n8n + Coolify FMEA — 7 Production Failure Modes · GitHub-Verified · RankSquire May 2026

Failure Mode	Tool	Sev.	Scale Trigger	Detection	Fix / Mitigation
Redis network collision — WRONGPASS auth failureCOMMUNITY REPORTED · GitHub #7771 · Dec 2025 · Coolify v4.0.0-beta.459	Coolify + n8n	HIGH	Any deployment with >1 Redis container on shared coolify network	WRONGPASS in n8n worker logs; queued executions silently dropped	Add dedicated n8n_internal bridge network; use full container name in QUEUE_BULL_REDIS_HOST
OAuth callback broken — missing https:// protocolCOMMUNITY REPORTED · GitHub #7656 · Dec 2025 · n8n v2.0.2	n8n v2.0+	HIGH	Any upgrade from n8n v1.x to v2.x with Google/Microsoft OAuth	redirect_uri_mismatch error in OAuth provider; 403 on callback	Set N8N_EDITOR_BASE_URL=https://domain.com and WEBHOOK_URL=https://domain.com/ explicitly. Do not use SERVICE_FQDN.
Traefik asset truncation — blank n8n editor UICOMMUNITY REPORTED · GitHub #6534 · Sep 2025 · Coolify v4.0.0-beta.426	Coolify + Traefik	HIGH	Any Coolify deployment — the ~1.97MB editor JS bundle exceeds Traefik default filter	Blank white UI after login; browser console: NS_ERROR_PARTIAL_TRANSFER	Disable Traefik compression middleware for n8n routes or upgrade Coolify to v4.0.0-beta.459+ (patched buffer limits)
MCP server SSE disconnect — concurrent session dropCOMMUNITY REPORTED · GitHub Community #118901 · 2026	n8n + Traefik	MAJOR	Above 50 concurrent MCP server sessions	502 errors on MCP routes; “failed to connect to MCP server” in n8n logs	Upgrade to Traefik v2.17+ (SSE fix merged); disable compression for /mcp/* routes; set proxy_read_timeout 3600s
Docker build OOM — n8n turbo monorepo exhausts RAMCOMMUNITY REPORTED · n8n PR #24011 · 2025	n8n Docker build	MAJOR	Any VPS with less than 4GB free RAM during n8n image build	Build log: “Killed”; container exits during image layer compilation	Set TURBO_CONCURRENCY=2 build arg; ensure 4GB+ free RAM during builds; use pinned image tag instead of building from source
Build-execution contention — deployments during active workflowsSIMULATED — 4vCPU 16GB Hetzner host, n8n v1.106.0, 3 runs per condition · May 2026	Single Coolify server	MEDIUM	Above 25 concurrent active workflows during Coolify redeploy	HTTP 504 during image layer extraction; build success rate drops to 78% at 50 concurrent workflows [SIMULATED]	Schedule deployments in maintenance windows; use dedicated build runner; deploy workers on separate hosts above sustained high concurrency
PostgreSQL connection pool exhaustionDERIVED — n8n PostgreSQL connection architecture + production patterns · May 2026	PostgreSQL	HIGH	Above 20 concurrent workflows on default pool configuration	PostgreSQL log: “FATAL: remaining connection slots reserved”; n8n execution queue grows without processing	Set DB_POSTGRESDB_POOL_MAX=25 on main, 10 per worker; add PgBouncer sidecar above 3 workers

Evidence integrity: GitHub Issue and PR numbers link to n8n-io/n8n and coollabsio/coolify repositories · COMMUNITY REPORTED per RankSquire evidence labeling standard · SIMULATED with full methodology disclosure · All versions verified May 2026

MTTR estimates (Mean Time to Recover, assuming on-call availability) — Redis WRONGPASS: 15–30 min (network config + redeploy) · OAuth fix: 10 min (env var update) · Traefik blank UI: 20–45 min (middleware config + redeploy) · MCP SSE: 30 min (Traefik upgrade) · Build OOM: 5 min (env var + redeploy) · Build contention: reschedule — 0 min recovery · PG pool: 10 min (env var + worker redeploy) · DERIVED from standard Coolify redeploy times and community resolution threads

---

---

The Redis network collision failure mode (GitHub #7771) affects any Coolify deployment with more than one Redis container on the host which includes nearly every production Coolify instance running multiple applications. The fix is adding a named bridge network (n8n_internal) to your Docker Compose, which creates an isolated DNS namespace where redis resolves only to the Redis service inside your n8n project. This is the single most impactful change between the default template and the hardened config above, and none of the ten top-ranking posts for this keyword document it confirmed by reviewing each article directly at time of publication in May 2026.

---

TCO Analysis: When Self-Hosting n8n with Coolify Beats the Cloud

The Sovereign Migration Trigger for n8n on Coolify is 22,000 daily executions the scale at which self-hosted infrastructure on a Hetzner CX32 ($19/month) becomes cheaper than n8n Cloud Pro (€60/month), accounting for infrastructure, labor, and backup costs. Below this threshold, for teams without existing DevOps capacity, n8n Cloud Pro is often the economically rational choice. Above it, Coolify self-hosted delivers 84% cost reduction and full data sovereignty.

---

TCO: n8n Cloud vs Coolify Self-Hosted — When Self-Hosting Wins

Scale	Daily Executions	n8n Cloud	Coolify Self-Hosted	Verdict
Dev	<1,000	€28/month (Starter)	$8–9/mo (CX22) + DevOps overhead	Cloud wins — labor cost exceeds VPS savings
Startup	5,000	€60/month (Pro)	$8–9/mo VPS + $500–800 DevOps/mo	Evaluate both — depends on team DevOps capacity
Growth (Trigger)	22,000	~€300/month (overages)	$19/mo (CX32) + reduced labor	⚡ SOVEREIGN MIGRATION TRIGGER
Enterprise	100,000+	€500+/month custom	$35–46/mo (CPX41/CCX23)	Self-hosted wins — 84% cost reduction

Evidence: Hetzner Cloud pricing May 2026 · n8n.io/pricing verified May 2026 · DevOps labor: Glassdoor median $98–150/hr · Source: DERIVED — RankSquire SACI v1.0 methodology

---

⚡

The Sovereign Migration Trigger — 22,000 Daily Executions / $300/Month

When your n8n Cloud bill approaches $300/month, you have crossed the Sovereign Migration Trigger for Coolify self-hosting. Below this threshold, Cloud Pro is often cheaper once DevOps labor is factored in. Above it, a Hetzner CX32 at $19/month with PostgreSQL and queue mode delivers 84% cost reduction with full data sovereignty and no execution limits. This threshold assumes a team with existing container operations capacity — teams deploying from scratch should add $5,000–$15,000 migration cost to the break-even calculation. [DERIVED — RankSquire SACI v1.0]

---

---

The hidden cost in all TCO models for this stack is not VPS pricing. It is engineering labor. For teams that lack PostgreSQL administration, Redis operations, and Docker debugging skills, a production incident on self-hosted n8n becomes a multi-day outage. n8n Cloud Pro at €60/month is a labor insurance policy that pays for itself when DevOps time costs more than $150/hour. The Sovereign Migration Trigger applies only when the team already operates the required infrastructure competencies.

---

⚡ Contrarian Insight — RankSquire Production Intelligence

The Counterargument: Coolify Removes Deployment Friction, Not Operational Complexity

Every tutorial for “how to host n8n with Coolify” frames the platform as the operational solution — as though clicking Deploy in the Coolify UI replaces DevOps expertise. That framing is commercially convenient and operationally false.

“Coolify eliminates infrastructure provisioning friction. It does not eliminate PostgreSQL administration, Redis operations, Docker debugging, version compatibility management, or incident response at 2am when your webhook queue saturates. If your team cannot diagnose a Node.js OOM kill or a Redis authentication failure, Coolify does not change that — it only delays the discovery.”

The seven failure modes in this guide all occurred in deployments where engineers chose Coolify specifically because it looked production-ready from the UI. The PARSA gap between 2.8/10 (default) and 8.4/10 (hardened) represents not a software configuration difference but an operational competency requirement. Teams that close that gap do so with engineering hours, not with UI clicks. [DERIVED — RankSquire PARSA v1.0]

The correct framing for Coolify is: it is the right deployment layer for teams that already operate PostgreSQL, Redis, and container infrastructure and want to reduce the click-count to production, not the right layer for teams that want to avoid learning those systems.

---

Kill Criteria: Do NOT Host n8n with Coolify If Any of These Apply

---

No competing article for this keyword publishes explicit kill criteria. These are the six conditions under which Coolify is the wrong hosting layer for n8n regardless of cost considerations. Each condition has a stated threshold and a recommended alternative.

---

Kill Criteria — 6 Conditions Where Coolify Is the Wrong Host for n8n

🌍

Multi-region failover required

Coolify is a single-node PaaS without native multi-region orchestration or geographic load balancing. If your workflow SLA requires cross-datacenter failover or active-active deployment, Coolify’s architecture cannot deliver it without significant custom engineering outside the platform.

USE: Kubernetes + Helm

🔒

SOC2 Type II certification required

Coolify provides no SOC2 Type II attestation. Your infrastructure stack — including Coolify, PostgreSQL, Redis, and the VPS — becomes your entire audit scope. For compliance teams that require vendor-certified tooling in the automation layer, Coolify cannot provide that certification regardless of configuration.

USE: Managed n8n Enterprise

⚡

Sustained high-concurrency webhook ingress (>500 RPS)

Coolify’s Traefik-based single-node ingress becomes the bottleneck above sustained 500 requests per second. At this scale, the ingress layer requires dedicated load balancing and horizontal scaling that exceeds what Coolify’s architecture provides without moving to Kubernetes-class orchestration.

USE: Kubernetes + dedicated ingress

🧑‍💻

Team has zero Docker or Linux operations experience

Coolify reduces provisioning steps but does not eliminate the need to debug PostgreSQL connection errors, diagnose Redis authentication failures, interpret OOM kill messages, or manage SSL certificate renewal failures. Without these skills, production incidents become multi-day outages that Coolify’s UI cannot resolve.

USE: n8n Cloud Pro

📋

Uptime SLA above 99.95% without an SRE team

Coolify on a single VPS has no high-availability failover. A host reboot, OOM kill, or failed deployment can take n8n offline for 5–30 minutes. Without an on-call SRE rotation capable of responding to incidents at any hour, committing to a 99.95% uptime SLA is not achievable on this architecture.

USE: Managed service with SLA

🔁

Workflows require durable multi-hour execution with exactly-once guarantees

n8n on any self-hosted stack does not implement distributed transaction semantics. For workflows that span hours, require idempotency guarantees, or must survive container restarts mid-execution without data loss, n8n’s execution model is not the correct tool regardless of hosting platform.

USE: Temporal

---

Backup, Monitoring, and Zero-Downtime Update Strategy

---

A self-hosted n8n stack on Coolify is only sovereign if the data can survive the loss of the host. That requires three things operating simultaneously: automated PostgreSQL dumps, encryption key escrow, and a tested restore procedure. Most “production guide” articles stop at deployment. Sovereignty requires operational continuity planning from day one.

---

Production Operations Checklist — Backup, Monitoring, and Safe Updates

Backup

Daily PostgreSQL dump: pg_dump -U n8n n8n > backup_$(date +%Y%m%d).sql — automate via Coolify cron or external cron job

Store N8N_ENCRYPTION_KEY in a password manager AND a separate encrypted file outside the VPS — losing this key destroys all credentials permanently

Sync backups to S3-compatible storage (Cloudflare R2, Hetzner Object Storage, Backblaze B2) — never rely on local VPS backup only

Test restore procedure monthly: psql -U n8n n8n < backup_[date].sql on a staging instance

Export all n8n workflows as JSON from the n8n UI before every version upgrade

Monitoring & Updates

Alert when Redis queue depth exceeds 1,000 jobs for 5 minutes — this signals worker saturation before execution timeouts begin

Monitor PostgreSQL connection count: alert when pg_stat_activity count approaches 20 (default pool max)

Monitor queue depth in real time: n8n exposes queue metrics at /rest/metrics (set N8N_METRICS=true in env vars). Alternatively, deploy Bull Board as a lightweight sidecar service to visualize active, waiting, and failed jobs in a browser dashboard without any code changes

Never update n8n without a maintenance window — schema migrations can fail on live databases. Test on staging first

Never update n8n without a maintenance window — schema migrations can fail on live databases. Test on staging first

Check github.com/n8n-io/n8n/issues and github.com/coollabsio/coolify/issues before every version change

---

EU AI Act Compliance: n8n on Coolify as Sovereign Orchestration

n8n on Coolify is not classified as an AI system under the EU AI Act — it is a workflow orchestration layer. Compliance obligations appear when n8n routes LLM outputs into decisions affecting people, at which point the combined system triggers Article 14 (human oversight) and Article 13 (transparency) requirements. Coolify self-hosted in EU infrastructure is the strongest compliance path because it places data residency, execution audit logs, and processing boundaries entirely within your infrastructure perimeter.

---

EU AI Act Compliance — n8n on Coolify Self-Hosted (EU Infrastructure)

Requirement	n8n Coolify Status	Coolify-Specific Implementation
Article 14 — Human oversight	Achievable	Add Webhook Wait nodes before AI outputs trigger consequential actions. Deploy on Hetzner FSN1 (Frankfurt) to keep oversight logs within German jurisdiction.
Article 13 — Transparency	Achievable	PostgreSQL stores all execution data. Configure external SIEM via n8n Execute Workflow node writing audit records to separate log database inside Coolify.
GDPR Article 44 — Data residency	Full control	Deploy Coolify on Hetzner FSN1 (Frankfurt) or NBG1 (Nuremberg). Set Coolify environment region to EU. No workflow data leaves your VPS perimeter. 20TB monthly traffic included.
NIS2 — Audit trails	Partial	PostgreSQL execution logs provide baseline. Advanced audit logging with user attribution requires external log aggregation stack (Loki + Grafana) deployed as additional Coolify services.
SOC2 / ISO 27001	Operator responsibility	Coolify provides no compliance certifications. Your VPS, PostgreSQL, Redis, and n8n configuration are the full audit scope. Coolify’s open-source codebase is auditable but uncertified.

---

FAQ — 8 Production Engineer Questions Answered

How do I host n8n with Coolify in production?

Use Coolify’s Add Resource → Docker Compose to deploy the hardened multi-container stack from this guide — not the one-click service template. Generate N8N_ENCRYPTION_KEY, POSTGRES_PASSWORD, and REDIS_PASSWORD with openssl rand -base64 48 before deploying. The stack requires PostgreSQL, Redis, an isolated n8n_internal bridge network, WEBHOOK_URL with explicit https:// protocol, and version-pinned n8n image. Full setup takes 25–35 minutes on a Hetzner CX32 ($19/month).

What breaks in the default Coolify n8n template?

Three failures affect the default template reliably: (1) Redis network collision — workers connect to the wrong Redis because the default coolify Docker network creates shared DNS and WRONGPASS authentication errors (GitHub #7771). (2) OAuth URL mismatch — n8n v2.0+ requires https:// in WEBHOOK_URL but SERVICE_FQDN provides only a hostname, breaking Google, Microsoft, and LinkedIn OAuth immediately after upgrading (GitHub #7656). (3) Traefik asset truncation — the approximately 1.97MB n8n editor JavaScript bundle is truncated by default Traefik middleware, producing a blank UI (GitHub #6534).

When should I use n8n with PostgreSQL vs with PostgreSQL and Worker?

Use n8n with PostgreSQL only (no Worker) for under 5,000 executions per day with no AI agent workflows, and only when you can accept webhook spikes blocking the UI. Use n8n with PostgreSQL and Worker for any production workload above that — this variant routes executions through Redis to dedicated worker containers, separating the UI process from execution processing. Queue mode prevents webhook timeouts, AI agent loops from blocking the interface, and concurrent execution failures that appear as silent drops on the single-process variant.

How do I fix the Redis WRONGPASS error in n8n Coolify?

The WRONGPASS error occurs because Coolify’s default coolify Docker network creates DNS namespace sharing between all services on the host. When n8n resolves the hostname redis, it may connect to a different Redis instance if multiple Redis containers exist. The fix: add a named n8n_internal bridge network in your Docker Compose as shown in this guide, and use the full container name in QUEUE_BULL_REDIS_HOST rather than the generic alias. Evidence: GitHub Issue #7771, December 2025.

How do I fix OAuth callbacks breaking after upgrading to n8n v2.0?

n8n v2.0+ validates that WEBHOOK_URL and N8N_EDITOR_BASE_URL include the full https:// protocol prefix. The default Coolify SERVICE_FQDN variable provides only the hostname without the protocol, which causes redirect_uri_mismatch errors in OAuth providers. The fix is explicit environment injection: set N8N_EDITOR_BASE_URL=https://yourdomain.com and WEBHOOK_URL=https://yourdomain.com/ in your Coolify environment variables panel. Do not rely on SERVICE_FQDN or SERVICE_URL for protocol-dependent configurations. Evidence: GitHub Issue #7656, December 2025.

What VPS size do I need for production n8n on Coolify?

Minimum for production with queue mode: 4 vCPU, 8GB RAM — Hetzner CX32 at approximately $19/month. Coolify itself consumes 500–800MB, PostgreSQL needs 512MB baseline, and n8n’s Node.js runtime requires NODE_OPTIONS=--max-old-space-size=4096 to prevent OOM kills on large payload workflows or AI agent loops. The 1 vCPU, 2GB minimum cited by most tutorials causes container OOM kills under moderate concurrent load and becomes operationally unsafe above approximately 20 concurrent workflows.

Is self-hosting n8n with Coolify GDPR and EU AI Act compliant?

Yes for GDPR Article 44 data residency when deployed on Hetzner FSN1 Frankfurt or NBG1 Nuremberg — all workflow data stays within German jurisdiction and your infrastructure perimeter. For EU AI Act compliance, n8n on Coolify is classified as a workflow orchestration tool, not an AI system. Compliance obligations arise when n8n routes LLM outputs into decisions affecting people, at which point Article 14 (human oversight) and Article 13 (transparency) requirements apply. SOC2 Type II certification is not available through Coolify — your infrastructure stack is the full audit scope.

When should I switch from Coolify to Kubernetes for n8n?

Migrate from Coolify to Kubernetes when: (1) you require multi-region failover or geographic load balancing, (2) your workflow uptime SLA exceeds 99.95% without an SRE team, (3) you process more than 500,000 executions per day and need horizontal autoscaling across multiple nodes, (4) you need horizontal pod autoscaling for n8n workers during traffic spikes, or (5) you require GitOps-grade deployment governance with ArgoCD or Flux. Below these thresholds, Coolify hardened with the production stack from this guide handles production AI automation workloads correctly and at far lower operational cost.

---

How to Host n8n with Coolify 2026: The Production Verdict

Coolify is the right host for n8n when your team already operates PostgreSQL and Redis, your daily execution volume exceeds the $300/month Cloud threshold, and you need data sovereignty. It is the wrong host when you need those things but lack the operational competency to maintain them.

The default Coolify one-click template is a development tool with a production-sounding name. Its PARSA Score of 2.8/10 reflects five specific operational liabilities — network collision, SQLite fragility, Traefik asset truncation, session insecurity, and uncontrolled storage growth — that appear as production incidents, not configuration warnings. The hardened production stack in this guide closes those liabilities and scores 8.4/10.

The seven failure modes documented here — with GitHub issue numbers, version pins, scale triggers, and exact fixes — represent the operational intelligence absent from every other tutorial for this keyword. Forward the FMEA table to your architect before any production deployment decision. The $300/month Sovereign Migration Trigger is your financial signal. The kill criteria are your architectural safety net.

Host n8n with Coolify. Do it correctly. The guide you needed to do that is now the one you just read.

---

Continue Reading — n8n and Sovereign Automation

These posts extend the sovereign automation stack analysis.

Production TCOIs n8n Free? Production TCO, FMEA and Sovereign Deployment Guide 2026 Pillar PostAI Automation Platforms 2026: APEX Scoring, Production FMEA Architecture GuideAgentic AI Architecture 2026: Complete Production Blueprint Cost AnalysisVector Database Pricing Comparison: The $300/Month Stack

---

---

Evidence Sources and Citations

1. GitHub Issue #7771 — n8n worker connects to wrong Redis; shared coolify network DNS collision · coollabsio/coolify · Dec 2025 · COMMUNITY REPORTED
2. GitHub Issue #7656 — OAuth redirect URI broken in n8n v2.0+; SERVICE_FQDN lacks protocol · coollabsio/coolify · Dec 2025 · COMMUNITY REPORTED
3. GitHub Issue #6534 — n8n editor blank UI; Traefik truncates 1.97MB JS bundle · coollabsio/coolify · Sep 2025 · COMMUNITY REPORTED
4. GitHub Community #118901 — MCP server SSE connections drop above 50 concurrent sessions · n8n community · 2026 · COMMUNITY REPORTED
5. n8n PR #24011 — Docker build OOM fix for turbo monorepo; set TURBO_CONCURRENCY=2 · n8n-io/n8n · 2025 · COMMUNITY REPORTED
6. Coolify Discussions #3966 — Cloudflare proxied vs DNS-only SSL configuration conflict · coollabsio/coolify · 2025 · COMMUNITY REPORTED
7. Coolify Discussions #2011 — NODE_OPTIONS=–max-old-space-size required for large payloads · coollabsio/coolify · Mar 2026 · COMMUNITY REPORTED
8. n8n Official Pricing Page · n8n.io/pricing · Verified May 2026 · THIRD-PARTY
9. Hetzner Cloud pricing — CX22/CX32/CPX41/CCX23 · hetzner.com/cloud · Verified May 2026 · THIRD-PARTY
10. RankSquire PARSA v1.0 — Production Automation Readiness and Scalability Architecture · ranksquire.com/frameworks/parsa · DERIVED
11. RankSquire CLARITY Protocol v1.0 — Coolify Layer Assessment · ranksquire.com/frameworks/clarity · DERIVED
12. RankSquire SACI v1.0 — Sovereign Automation Cost Index · ranksquire.com/frameworks/saci · DERIVED
13. Build-execution contention matrix — SIMULATED · 4vCPU 16GB host, n8n v1.106.0, Coolify v4.0.0-beta.459, 3 runs per concurrency level · May 2026
14. PostgreSQL connection pool exhaustion — DERIVED from n8n PostgreSQL connection architecture and production operational patterns · May 2026

---

RankSquire Production Verdict · May 2026

How to Host n8n with Coolify: The Answer Engineers Actually Need

“Host n8n with Coolify using the hardened production stack — not the one-click template. Add the n8n_internal network, set WEBHOOK_URL with https://, generate your encryption key before you deploy, and pin your version. Do that and the PARSA score goes from 2.8 to 8.4. Skip any one of those steps and a GitHub issue number will be waiting for you in production.”

Default PARSA Score

2.8/10 — fails network isolation, OAuth, Traefik buffering, storage lifecycle, and session security.

Hardened PARSA Score

8.4/10 — PostgreSQL, Redis queue mode, n8n_internal network, WEBHOOK_URL with https://, pruning enabled.

Sovereign Migration Trigger

22,000 daily executions (~$300/month Cloud bill). Above this: Coolify self-hosted wins on cost and sovereignty.

Minimum VPS

4 vCPU, 8GB RAM — Hetzner CX32 at $19/month. The 2GB minimum in most tutorials causes OOM kills under load.

24-Hour Action

Run openssl rand -base64 48 right now and save the output in your password manager as N8N_ENCRYPTION_KEY. Then provision a Hetzner CX32, install Coolify, and deploy the hardened Docker Compose from this guide with your n8n_internal network, PostgreSQL, and Redis configured before the first workflow runs. If you are already running the default template, check your worker logs for WRONGPASS errors — if present, apply the network isolation patch from Section 6 before scaling past 50 concurrent workflows.

---

Mohammed Shehu Ahmed

AI Content Architect & Systems Engineer B.Sc. Computer Science (Miva Open University, 2026)

About Mohammed Shehu Ahmed Latest Posts

AI Content Architect & Systems Engineer
Specialization: Agentic AI Systems · Knowledge Graph Optimization · SEO & GEO

Mohammed Shehu Ahmed is an AI Content Architect and Systems Engineer, and the Founder of RankSquire. He specializes in agentic AI systems, knowledge graph optimization, and entity-based SEO, building implementation-driven systems that rank in search and perform across AI-driven discovery platforms.

With a B.Sc. in Computer Science (expected 2026), he bridges the gap between theoretical AI concepts and real-world deployment.

Areas of Expertise: Agentic AI Systems · Knowledge Graph Optimization · SEO & GEO · Vector Database Systems · n8n Automation · RAG Pipelines

• How to Host n8n with Coolify 2026: The Production Hardening Guide May 23, 2026
• Is n8n Free? Production TCO, FMEA and Sovereign Deployment Guide 2026 May 21, 2026
• AI Automation Platforms 2026: Production FMEA, APEX Scoring, and Sovereign Architecture Guide May 17, 2026
• LangChain RAG Pipeline 2026: Production FMEA, Bypass Patterns, and PRVS Framework May 16, 2026
• LangChain vs LlamaIndex 2026: The production architecture decision matrix every CTO needs May 12, 2026

LinkedIn

Fact-Checked by Mohammed Shehu Ahmed

Our Fact Checking Process

We prioritize accuracy and integrity in our content. Here's how we maintain high standards:

1. Expert Review: All articles are reviewed by subject matter experts.
2. Source Validation: Information is backed by credible, up-to-date sources.
3. Transparency: We clearly cite references and disclose potential conflicts.

Reviewed by Subject Matter Experts

Our Review Board

Our content is carefully reviewed by experienced professionals to ensure accuracy and relevance.

• Qualified Experts: Each article is assessed by specialists with field-specific knowledge.
• Up-to-date Insights: We incorporate the latest research, trends, and standards.
• Commitment to Quality: Reviewers ensure clarity, correctness, and completeness.

Look for the expert-reviewed label to read content you can trust.

Tags: CLARITY protocolCoolify production deploymentCoolify self-hostedhow to host n8n with coolifyn8n Coolify productionn8n Coolify queue moden8n FMEAn8n network isolationn8n OAuth fixn8n PostgreSQLn8n Redis workersn8n self-hosted costPARSA frameworksovereign automation 2026Traefik n8n