Can anyone share some practical tips on how to set up a secure n8n instance for production use? Would you go with Docker or build it from source? If Docker is the way to go, would you recommend a resource to learn more about securing Docker?
N8N is a tool that was built in a fantastic way.
I have success with deploying as microservices in production using Queue Mode in Docker Swarm.
A service for the Editor, a scalable service for inputting data into webhooks, and a scalable service for workers to process workflows.
N8N officiel docker image seems pretty safe and reliable to me.
In production, you can enforce security rules on Cloudflare Edge (for example) and also authenticate your webhooks.
You can have separate addresses for the Publisher and the Webhook, which gives you more flexibility to apply separate security rules for each.
I hope it helped you.
This is great! Thanks @luizeof