Skip to main content
n8n is configured primarily through environment variables, allowing flexible deployment across different environments. This guide covers all major configuration options.

Core Configuration

Instance Settings

N8N_ENCRYPTION_KEY
string
required
Encryption key for securing credentials in the database.
N8N_ENCRYPTION_KEY=your-secure-key-min-10-chars
  • Minimum 10 characters
  • Generate with: openssl rand -base64 32
  • Never change after initial setup or credentials become unrecoverable
  • Back up securely in a password manager or secrets vault
N8N_USER_FOLDER
string
default:"~/.n8n"
Path to n8n’s data folder containing database, settings, and custom extensions.
N8N_USER_FOLDER=/data/n8n
N8N_HOST
string
default:"localhost"
Hostname or domain where n8n is accessible.
N8N_HOST=n8n.example.com
N8N_PORT
number
default:"5678"
Port for the n8n web server.
N8N_PORT=5678
N8N_PROTOCOL
string
default:"http"
Protocol (http or https) used to access n8n.
N8N_PROTOCOL=https
WEBHOOK_URL
string
Full URL where webhooks can reach n8n. Defaults to {N8N_PROTOCOL}://{N8N_HOST}/.
WEBHOOK_URL=https://n8n.example.com/

Timezone

GENERIC_TIMEZONE
string
default:"America/New_York"
Default timezone for n8n workflows (used by Schedule node).
GENERIC_TIMEZONE=Europe/Berlin
TZ
string
System timezone for the container/process.
TZ=Europe/Berlin

Database Configuration

Database Type

DB_TYPE
string
default:"sqlite"
Database type: sqlite or postgresdb.
DB_TYPE=postgresdb
PostgreSQL is required for:
  • Queue mode (scaling)
  • Multi-main setup
  • Production deployments

SQLite Configuration

DB_SQLITE_DATABASE
string
default:"database.sqlite"
SQLite database filename (relative to N8N_USER_FOLDER).
DB_SQLITE_DATABASE=n8n.sqlite
DB_SQLITE_POOL_SIZE
number
default:"3"
SQLite connection pool size (minimum 1).
DB_SQLITE_POOL_SIZE=5
DB_SQLITE_VACUUM_ON_STARTUP
boolean
default:"false"
Run VACUUM on startup to optimize database. Warning: Increases startup time.
DB_SQLITE_VACUUM_ON_STARTUP=true

PostgreSQL Configuration

DB_POSTGRESDB_HOST
string
default:"localhost"
PostgreSQL server hostname.
DB_POSTGRESDB_HOST=postgres.example.com
DB_POSTGRESDB_PORT
number
default:"5432"
PostgreSQL server port.
DB_POSTGRESDB_PORT=5432
DB_POSTGRESDB_DATABASE
string
default:"n8n"
PostgreSQL database name.
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER
string
default:"postgres"
PostgreSQL username.
DB_POSTGRESDB_USER=n8n_user
DB_POSTGRESDB_PASSWORD
string
PostgreSQL password.
DB_POSTGRESDB_PASSWORD=secure-password
Can also use DB_POSTGRESDB_PASSWORD_FILE to read from a file (Docker secrets).
DB_POSTGRESDB_SCHEMA
string
default:"public"
PostgreSQL schema name.
DB_POSTGRESDB_SCHEMA=n8n_schema
DB_POSTGRESDB_POOL_SIZE
number
default:"2"
PostgreSQL connection pool size.
DB_POSTGRESDB_POOL_SIZE=10
DB_POSTGRESDB_CONNECTION_TIMEOUT
number
default:"20000"
Connection timeout in milliseconds.
DB_POSTGRESDB_CONNECTION_TIMEOUT=30000
DB_POSTGRESDB_STATEMENT_TIMEOUT
number
default:"300000"
Query execution timeout in milliseconds. Set to 0 to disable.
DB_POSTGRESDB_STATEMENT_TIMEOUT=60000

PostgreSQL SSL

DB_POSTGRESDB_SSL_ENABLED
boolean
default:"false"
Enable SSL/TLS for PostgreSQL connections.
DB_POSTGRESDB_SSL_ENABLED=true
DB_POSTGRESDB_SSL_CA
string
Path to SSL certificate authority file.
DB_POSTGRESDB_SSL_CA=/path/to/ca.crt
DB_POSTGRESDB_SSL_CERT
string
Path to SSL client certificate.
DB_POSTGRESDB_SSL_CERT=/path/to/client.crt
DB_POSTGRESDB_SSL_KEY
string
Path to SSL client key.
DB_POSTGRESDB_SSL_KEY=/path/to/client.key
DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED
boolean
default:"true"
Reject unauthorized SSL connections.
DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED=true

Database Logging

DB_LOGGING_ENABLED
boolean
default:"false"
Enable database query logging.
DB_LOGGING_ENABLED=true
DB_LOGGING_OPTIONS
string
default:"error"
Logging level: query, error, schema, warn, info, log, or all.
DB_LOGGING_OPTIONS=query
DB_LOGGING_MAX_EXECUTION_TIME
number
default:"0"
Log only queries exceeding this time (ms). Set to 0 to disable.
DB_LOGGING_MAX_EXECUTION_TIME=1000

Queue Mode Configuration

Execution Mode

EXECUTIONS_MODE
string
default:"regular"
Execution mode: regular (in-process) or queue (worker-based).
EXECUTIONS_MODE=queue
Queue mode requires PostgreSQL and Redis.

Redis Configuration

QUEUE_BULL_REDIS_HOST
string
default:"localhost"
Redis server hostname.
QUEUE_BULL_REDIS_HOST=redis.example.com
QUEUE_BULL_REDIS_PORT
number
default:"6379"
Redis server port.
QUEUE_BULL_REDIS_PORT=6379
QUEUE_BULL_REDIS_DB
number
default:"0"
Redis database number.
QUEUE_BULL_REDIS_DB=2
QUEUE_BULL_REDIS_USERNAME
string
Redis username (Redis 6.0+).
QUEUE_BULL_REDIS_USERNAME=n8n_user
QUEUE_BULL_REDIS_PASSWORD
string
Redis password.
QUEUE_BULL_REDIS_PASSWORD=redis-password
QUEUE_BULL_REDIS_TIMEOUT_THRESHOLD
number
default:"10000"
Max cumulative timeout (ms) for Redis connection retries before exit.
QUEUE_BULL_REDIS_TIMEOUT_THRESHOLD=30000
QUEUE_BULL_PREFIX
string
default:"bull"
Prefix for Bull queue keys in Redis.
QUEUE_BULL_PREFIX=n8n_queue

Redis TLS

QUEUE_BULL_REDIS_TLS
boolean
default:"false"
Enable TLS for Redis connections.
QUEUE_BULL_REDIS_TLS=true
QUEUE_BULL_REDIS_DNS_LOOKUP_STRATEGY
string
default:"LOOKUP"
DNS resolution strategy: LOOKUP (use DNS) or NONE (pass hostnames directly).
QUEUE_BULL_REDIS_DNS_LOOKUP_STRATEGY=NONE
Use NONE for AWS ElastiCache with TLS to avoid certificate errors.

Redis Cluster

QUEUE_BULL_REDIS_CLUSTER_NODES
string
Comma-separated list of Redis cluster nodes as host:port pairs.
QUEUE_BULL_REDIS_CLUSTER_NODES=redis-1:6379,redis-2:6379,redis-3:6379

Worker Settings

QUEUE_HEALTH_CHECK_ACTIVE
boolean
default:"false"
Enable health check endpoints for workers.
QUEUE_HEALTH_CHECK_ACTIVE=true
QUEUE_HEALTH_CHECK_PORT
number
default:"5678"
Port for worker health check server.
QUEUE_HEALTH_CHECK_PORT=5679
QUEUE_WORKER_LOCK_DURATION
number
default:"60000"
Lease duration (ms) for a worker processing a job.
QUEUE_WORKER_LOCK_DURATION=120000
QUEUE_WORKER_LOCK_RENEW_TIME
number
default:"10000"
How often (ms) a worker must renew its lease.
QUEUE_WORKER_LOCK_RENEW_TIME=15000
QUEUE_WORKER_STALLED_INTERVAL
number
default:"30000"
How often (ms) to check for stalled jobs. Set to 0 to disable.
QUEUE_WORKER_STALLED_INTERVAL=60000

Execution Settings

EXECUTIONS_TIMEOUT
number
default:"-1"
Workflow execution timeout in seconds. -1 for unlimited.
EXECUTIONS_TIMEOUT=300
EXECUTIONS_TIMEOUT_MAX
number
default:"3600"
Maximum allowed execution timeout in seconds.
EXECUTIONS_TIMEOUT_MAX=7200
N8N_CONCURRENCY_PRODUCTION_LIMIT
number
default:"-1"
Max concurrent production executions. -1 for unlimited.
N8N_CONCURRENCY_PRODUCTION_LIMIT=10

Execution Data Pruning

EXECUTIONS_DATA_PRUNE
boolean
default:"true"
Enable automatic deletion of old execution data.
EXECUTIONS_DATA_PRUNE=true
EXECUTIONS_DATA_MAX_AGE
number
default:"336"
Age in hours before executions are eligible for soft deletion.
EXECUTIONS_DATA_MAX_AGE=168  # 7 days
EXECUTIONS_DATA_PRUNE_MAX_COUNT
number
default:"10000"
Maximum number of executions to keep. 0 for unlimited.
EXECUTIONS_DATA_PRUNE_MAX_COUNT=50000
EXECUTIONS_DATA_HARD_DELETE_BUFFER
number
default:"1"
Hours buffer before hard-deleting executions.
EXECUTIONS_DATA_HARD_DELETE_BUFFER=24

Task Runner Configuration

N8N_RUNNERS_MODE
string
default:"internal"
Task runner mode: internal (child process) or external (separate process).
N8N_RUNNERS_MODE=external
N8N_RUNNERS_BROKER_PORT
number
default:"5679"
Port for task runner broker.
N8N_RUNNERS_BROKER_PORT=5679
N8N_RUNNERS_BROKER_LISTEN_ADDRESS
string
default:"127.0.0.1"
IP address for task runner broker to listen on.
N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0
N8N_RUNNERS_AUTH_TOKEN
string
Authentication token for task runners.
N8N_RUNNERS_AUTH_TOKEN=your-secure-runner-token
N8N_RUNNERS_TASK_BROKER_URI
string
URI for runners to connect to broker (runner-side config).
N8N_RUNNERS_TASK_BROKER_URI=http://n8n:5679
N8N_RUNNERS_MAX_CONCURRENCY
number
default:"10"
Max concurrent tasks per runner.
N8N_RUNNERS_MAX_CONCURRENCY=20
N8N_RUNNERS_TASK_TIMEOUT
number
default:"300"
Task execution timeout in seconds.
N8N_RUNNERS_TASK_TIMEOUT=600
N8N_RUNNERS_MAX_PAYLOAD
number
default:"1073741824"
Maximum payload size in bytes (default 1GB).
N8N_RUNNERS_MAX_PAYLOAD=2147483648  # 2GB

Security Configuration

N8N_RESTRICT_FILE_ACCESS_TO
string
default:"~/.n8n-files"
Directories that ReadWriteFile and ReadBinaryFiles nodes can access. Separate with ;.
N8N_RESTRICT_FILE_ACCESS_TO=/data/allowed;/mnt/shared
Set to empty string to disable restrictions (insecure for production).
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES
boolean
default:"true"
Block access to n8n’s internal directories.
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true
NODES_EXCLUDE
string
JSON array of node types to exclude for security.
NODES_EXCLUDE='["n8n-nodes-base.executeCommand"]'
NODES_INCLUDE
string
default:"[]"
JSON array of node types to include. Empty means all (except excluded).
NODES_INCLUDE='["n8n-nodes-base.httpRequest","n8n-nodes-base.postgres"]'

Multi-Main Setup

N8N_MULTI_MAIN_SETUP_ENABLED
boolean
default:"false"
Enable multi-main setup for high availability (requires Enterprise license).
N8N_MULTI_MAIN_SETUP_ENABLED=true
N8N_MULTI_MAIN_SETUP_KEY_TTL
number
default:"10"
Leader key TTL in seconds.
N8N_MULTI_MAIN_SETUP_KEY_TTL=15
N8N_MULTI_MAIN_SETUP_CHECK_INTERVAL
number
default:"3"
Leader check interval in seconds.
N8N_MULTI_MAIN_SETUP_CHECK_INTERVAL=5

Monitoring & Metrics

N8N_METRICS
boolean
default:"false"
Enable Prometheus metrics endpoint at /metrics.
N8N_METRICS=true
N8N_METRICS_PREFIX
string
default:"n8n_"
Prefix for Prometheus metric names.
N8N_METRICS_PREFIX=workflow_
N8N_METRICS_INCLUDE_DEFAULT_METRICS
boolean
default:"true"
Include Node.js and system metrics.
N8N_METRICS_INCLUDE_DEFAULT_METRICS=true
N8N_METRICS_INCLUDE_WORKFLOW_ID_LABEL
boolean
default:"false"
Include workflow ID label on metrics (increases cardinality).
N8N_METRICS_INCLUDE_WORKFLOW_ID_LABEL=true

User Management

N8N_USER_MANAGEMENT_JWT_SECRET
string
JWT secret for session tokens. Auto-generated if not set.
N8N_USER_MANAGEMENT_JWT_SECRET=your-jwt-secret
N8N_USER_MANAGEMENT_JWT_DURATION_HOURS
number
default:"168"
JWT session duration in hours (default 7 days).
N8N_USER_MANAGEMENT_JWT_DURATION_HOURS=24

Email Configuration

N8N_EMAIL_MODE
string
default:"smtp"
Email sending mode: smtp or empty to disable.
N8N_EMAIL_MODE=smtp
N8N_SMTP_HOST
string
SMTP server hostname.
N8N_SMTP_HOST=smtp.gmail.com
N8N_SMTP_PORT
number
default:"465"
SMTP server port.
N8N_SMTP_PORT=587
N8N_SMTP_USER
string
SMTP username.
N8N_SMTP_USER=notifications@example.com
N8N_SMTP_PASS
string
SMTP password.
N8N_SMTP_PASS=smtp-password
N8N_SMTP_SSL
boolean
default:"true"
Use SSL for SMTP.
N8N_SMTP_SSL=false
N8N_SMTP_SENDER
string
Sender name and email.
N8N_SMTP_SENDER=n8n <notifications@example.com>

Public API

N8N_PUBLIC_API_DISABLED
boolean
default:"false"
Disable the Public API.
N8N_PUBLIC_API_DISABLED=false
N8N_PUBLIC_API_ENDPOINT
string
default:"api"
Path segment for Public API.
N8N_PUBLIC_API_ENDPOINT=public-api

Endpoints

N8N_ENDPOINT_WEBHOOK
string
default:"webhook"
Path segment for webhook endpoints.
N8N_ENDPOINT_WEBHOOK=hooks
N8N_ENDPOINT_REST
string
default:"rest"
Path segment for REST API.
N8N_ENDPOINT_REST=api
N8N_ENDPOINT_HEALTH
string
default:"/healthz"
Health check endpoint path.
N8N_ENDPOINT_HEALTH=/health
N8N_DISABLE_UI
boolean
default:"false"
Disable the web UI (API-only mode).
N8N_DISABLE_UI=false

Configuration Examples

# Basic development setup with SQLite
DB_TYPE=sqlite
N8N_ENCRYPTION_KEY=test-encryption-key
N8N_HOST=localhost
N8N_PORT=5678
N8N_PROTOCOL=http
GENERIC_TIMEZONE=America/New_York

Environment Variable Files

For Docker secrets and Kubernetes: 
# These variables support _FILE suffix
DB_POSTGRESDB_PASSWORD_FILE=/run/secrets/db_password
N8N_ENCRYPTION_KEY_FILE=/run/secrets/encryption_key
When using _FILE variants, n8n reads the value from the specified file path instead of the environment variable directly.

Next Steps

Docker Deployment

See these configurations in Docker Compose examples

Scaling

Learn about queue mode and scaling strategies