Securing Your Instance with Nginx: The Reverse Proxy Pattern

Running automation on a raw port (e.g., :5678) is a major security vulnerability. In this lesson, we implement an Nginx Reverse Proxy with SSL to secure your "Automation Factory" behind an encrypted, high-status URL.

🏗️ The Proxy Architecture

Nginx acts as the "Gatekeeper" for your server. It intercepts traffic on port 443 (HTTPS), validates the SSL certificate, and securely passes the request to n8n on port 5678 internally.

🛠️ Technical Snippet: Nginx Configuration for n8n

Create this file at /etc/nginx/sites-available/n8n:

server {
    listen 80;
    server_name automate.yourdomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name automate.yourdomain.com;

    location / {
        proxy_pass http://localhost:5678;
        proxy_set_header Connection '';
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
    }
}

🔍 Nuance: SSL via Certbot

In 2026, there is zero excuse for unencrypted traffic. Use Certbot (Let's Encrypt) to automate your SSL renewal: sudo certbot --nginx -d automate.yourdomain.com

⚡ Practice Lab: The Proxy Test

Configure: Setup a basic Nginx site pointing to a local HTML file.
Redirect: Implement a port-forward from port 80 to port 8080.
Verify: Access the site via your domain and verify the "Green Padlock" is active.

📝 Homework: The Secure Factory

Link your n8n Docker container to your Nginx proxy. Ensure that n8n can only be accessed via your HTTPS domain and that the raw port 5678 is blocked by your server's firewall (ufw).