One year of self-hosted n8n on a $6 Hetzner VPS

One year of self-hosted n8n on a $6 Hetzner VPS

One year of self-hosted n8n on a $6 Hetzner VPS

Twelve months ago I moved my workflow automation off Zapier and onto a single Hetzner CX22 — €4.51/mo, 2 vCPU, 4 GB RAM, 40 GB disk. One Docker host, one n8n container, one Postgres, one Caddy reverse proxy. It's run four production workflows continuously since then, with one outage I'll get to below.

This post is not a "n8n vs Zapier" pitch. It's a year of operating notes — what stayed cheap, what broke, what I'd do differently.

The actual setup

Hetzner Cloud CX22 (Falkenstein) ├── Docker │ ├── n8n (latest stable) │ ├── postgres:15 │ └── caddy (with automatic TLS) ├── UFW (22, 80, 443 only) └── borgbackup → Hetzner Storage Box (€3.81/mo)

The Caddy bit matters more than people think. n8n's built-in HTTP is fine for localhost, but webhook receivers need real TLS, and Caddy gives you ACME, HTTP→HTTPS redirect, and per-domain certificates with zero config. Caddyfile is six lines. You don't have to think about it again.

What's running

Four workflows. None of them invented; all real:

Telegram bot dispatcher. Inbound webhook → routing logic → either a Postgres write or a downstream service call. About 40 events/day average, occasional 200-event spikes.

RSS aggregator → Telegram channel. Polls 12 feeds every 15 min, dedupes by URL hash in Postgres, posts new items to a private channel. ~30 posts/day.

Form submission → CRM-lite. A few WordPress sites hit a webhook on form submit; n8n writes to Postgres, sends an email confirmation, and logs to a Discord channel for me.

Daily reporting cron. Pulls metrics from three internal APIs at 06:00, builds a markdown digest, emails it, also posts it to Slack.

None of these need millisecond latency. All of them benefit from being one config-pull away from changing.

The cost breakdown (12 months)

Item Monthly Annual

Hetzner CX22 €4.51 €54.12

Storage Box (backup) €3.81 €45.72

Domain (.dev) — €12

Total ~€9.20 ~€112

Equivalent Zapier seat for the same task volume would have been ~$30-50/month depending on the plan, so we're looking at roughly €350-500 saved over the year. Not life-changing. The real win is something else, which I'll get to.

What broke (the one outage)

Month four. n8n upgraded from v1.x to a major release. I'd been running docker compose pull weekly without pinning, because "it's been fine." The upgrade introduced a breaking change to how credentials were stored. Container started; UI loaded; every workflow showed "credentials missing" and refused to execute.

Root cause: I had no version-pin and no upgrade test. The backup was fine (borg snapshots intact), but the restore-and-investigate took me a Saturday afternoon.

What I changed:

Pinned n8n image to a specific minor version (n8nio/n8n:1.45.x). Added a "staging" branch on a second Hetzner VPS (€3/mo CX21) that gets the upgrade first. Subscribed to the n8n releases RSS feed so I see breaking changes before I pull.

In hindsight: a SaaS would have done the upgrade for me and either Bigger Things would have broken (multi-tenant blast radius) or none of this would have ever happened. Pick your trade.

The actual win (it's not the money)

The €350/year doesn't matter. What matters is that workflows live in a git-tracked YAML I own, on infrastructure I own.

When a workflow changes, I commit the n8n export. When something breaks, I can diff yesterday's export against today's and see what shifted. When the credentials database gets weird, I open psql and look at the rows. When the webhook target changes, I write the new URL in a Caddyfile and reload — no support ticket, no rate limit on changes, no "this requires an upgrade to the Team plan."

On Zapier, the same change graph is a black box. Some changes are free, some require the next plan tier, and you don't always know which until the click. With n8n on a box you control, the question "can I do this?" reduces to "is it physically possible?" — and the answer is almost always yes.

Things I'd do differently if starting today

Pin the image from day one. Whatever the cost in "missing the new shiny feature for a week" is dwarfed by the cost of an unscheduled Saturday.

Use external Postgres, not the docker-compose one. Hetzner offers managed Postgres now. €11/mo, automatic backups, no "my container restarted and ate the WAL" risk. I'd take the €11 hit gladly.

Don't put auth on the webhook receivers via n8n itself. Put it at Caddy or a separate gateway. n8n's auth model exists, but you can't reuse it for non-n8n endpoints, and you'll regret the coupling.

Write the runbook first, not after the first outage. "How do I restore from borg," "how do I roll the credentials key," "where are the env files" — five minutes to write, an hour to rediscover when stressed.

Don't put more than 10 workflows on one box. Memory usage scales with concurrent execution, and a runaway loop in one workflow will starve the others. If you go past 10, split into two n8n instances, not one.

When NOT to self-host

This setup works because the four workflows are mine, the data is mine, and downtime measured in hours (not minutes) is acceptable. If any of those three change, the calculus changes.

If a client depends on the webhook receiver having 99.95% uptime, this single-box setup is wrong. Use n8n Cloud or a multi-node deployment. If the workflows touch regulated data (HIPAA, PCI, GDPR's stricter applications), don't reach for the cheapest box. Use a vendor who'll sign a DPA and an audit-ready hosting tier. If you're a team of more than three and people need fine-grained access, n8n self-host's RBAC is workable but not great. The Cloud tier handles teams better. If your time is worth more than €30/month, and the workflows are simple enough that Zapier or Make.com handles them without ceremony, the savings aren't worth the operating load. Pay for the SaaS.

The five-line take

Self-hosted n8n on a cheap VPS is one of those rare cases where the "boring" answer is also the cheap one and also the powerful one. Run it for a year before you decide it's not for you. Pin your versions. Write the runbook. Don't put it on the same box as anything else important.

— Boris (@lamastoma)

Publishing checklist

☐ Set published: true

☐ Add cover image (1000×420 — Hetzner ANGE + n8n logo composite? or just terminal screenshot) ☐ Tags: n8n, selfhosted, automation, devops — Dev.to limits to 4 ☐ Canonical URL: leave blank (Dev.to is canonical) ☐ Once published, share Fiverr profile URL in bio (not in body of article) ☐ Comment-engagement plan: monitor for first 24h, reply to every comment, no defensive corrections

See also

Article #1 (race condition Python Telegram bot) — already published 2026-05-20 [[devto-article-01]] memory — engagement tracking [[twitter-rules]] — no Dev.to URL in Twitter body for first 30 days