Self-Host n8n with Greffon: Own Your Automations
A Zapier-style automation tool that runs on your own server, holding your own API keys. Powerful, and worth setting up carefully. Here is the honest version.
n8n is workflow automation: connect APIs, move data between services, run scheduled jobs, with a visual editor and a growing set of nodes. Hosted automation tools hold your credentials and see your data in transit. Self-hosting n8n on a greffer keeps the workflows, the API keys, and the data they touch on a machine you control. It is powerful, which is exactly why a couple of setup choices matter.
Why own your automations
An automation tool ends up holding the keys to half your stack: the API tokens, the database connections, the webhooks. Running n8n yourself means those credentials live in your greffer rather than a third party's, and the data flowing through your workflows does not take a detour through someone else's servers.
Graft it from the catalog
Pick n8n from the catalog and graft it onto your greffer. Greffon issues the certificate and routes it, so the editor is reachable over HTTPS from the first start.
Webhooks and reachability
Many useful workflows are triggered by webhooks, which means external services need to reach your n8n over HTTPS. Tunnel mode lets the greffer serve n8n with no inbound ports, the simplest path behind NAT, or you can port-forward with dynamic DNS. Either way the webhook URLs n8n generates resolve to your greffer.
It runs code, so lock it down
This is the honest caution. n8n executes your workflows, can run code nodes, and can reach whatever your greffer can reach on its network. That is the point of an automation tool, and it is also why access to the editor should be treated as sensitive. Use a strong set of credentials, do not expose the editor more widely than you need, and be deliberate about which integrations and code nodes you enable.
Back up workflows and credentials
Your workflows and their stored credentials are the asset here. Greffon handles TLS and routing today; native one-click backups land in M2. Until then, bring your own tool (restic or borgbackup) and back up n8n's database, which holds both the workflows and the encrypted credentials, on a schedule.