Skip to content
Greffon
Tutorial

Self-Host n8n with Greffon: Own Your Automations

A Zapier-style automation tool that runs on your own server, holding your own API keys. Powerful, and worth setting up carefully. Here is the honest version.

GLGreffon Labs6 min read
~/blog/self-host-n8n

n8n is workflow automation: connect APIs, move data between services, run scheduled jobs, with a visual editor and a growing set of nodes. Hosted automation tools hold your credentials and see your data in transit. Self-hosting n8n on a greffer keeps the workflows, the API keys, and the data they touch on a machine you control. It is powerful, which is exactly why a couple of setup choices matter.

Why own your automations

An automation tool ends up holding the keys to half your stack: the API tokens, the database connections, the webhooks. Running n8n yourself means those credentials live in your greffer rather than a third party's, and the data flowing through your workflows does not take a detour through someone else's servers.

Graft it from the catalog

Pick n8n from the catalog and graft it onto your greffer. Greffon issues the certificate and routes it, so the editor is reachable over HTTPS from the first start.

Webhooks and reachability

Many useful workflows are triggered by webhooks, which means external services need to reach your n8n over HTTPS. Tunnel mode lets the greffer serve n8n with no inbound ports, the simplest path behind NAT, or you can port-forward with dynamic DNS. Either way the webhook URLs n8n generates resolve to your greffer.

It runs code, so lock it down

This is the honest caution. n8n executes your workflows, can run code nodes, and can reach whatever your greffer can reach on its network. That is the point of an automation tool, and it is also why access to the editor should be treated as sensitive. Use a strong set of credentials, do not expose the editor more widely than you need, and be deliberate about which integrations and code nodes you enable.

The editor is a powerful door
Anyone who can sign in to n8n can run workflows that use your stored credentials and reach your network. Protect the login accordingly, and keep the instance for people you trust with that reach.

Back up workflows and credentials

Your workflows and their stored credentials are the asset here. Greffon handles TLS and routing today; native one-click backups land in M2. Until then, bring your own tool (restic or borgbackup) and back up n8n's database, which holds both the workflows and the encrypted credentials, on a schedule.

FAQ

Is n8n open source?
n8n is fair-code, released under the Sustainable Use License rather than a standard OSI-approved open-source license. You can self-host and use it freely; there are limits on offering it as a commercial hosted service. Worth knowing, since it is not the same as AGPL or MIT.
Do webhooks work when I self-host?
Yes, as long as the calling service can reach your n8n over HTTPS. Tunnel mode or port forwarding gives n8n a reachable URL, and it generates webhook addresses against that.
Will it run on a small server?
Light workflows run on a modest always-on box. Heavy, frequent, or data-intensive workflows want more memory and CPU, so size the greffer to how hard you plan to use it.
GL
Greffon Labs
We build Greffon, the simplest way to turn any machine into a server you own.

Ready to turn on your greffer?

Install in minutes. Deploy each app in seconds. Your server, your apps.

Read the docs