-
Building an MCP server for n8n: connect Claude and Cursor to your workflows
"Building an MCP server for n8n" is at least three different tasks. How to tell the native server, the Server Trigger node, and the community n8n-mcp server apart, and connect Claude and Cursor to self-hosted n8n.
-
n8n user management: what Community gives you, and what each tier really costs
A self-hoster's map of n8n user management across Community, Business, and Enterprise. Where the real paywalls sit, which capability forces which tier, and the one place the docs and the license check disagree.
-
API tokens and credential security in self-hosted n8n: storage, scoping, and rotation
Self-hosted n8n holds three different secrets, not one. A practical guide to where each lives, who can reach it, how it rotates, and which controls are gated behind paid tiers.
-
n8n project RBAC vs tenant isolation: when you need separate instances
Project roles control who can act inside one n8n instance; they are not a tenancy boundary. What Enterprise RBAC gives you, what every project still shares, and when multi-client work needs separate instances.
-
SSO for Self-Hosted n8n with OIDC: Google Workspace, Authentik, and Keycloak
OIDC single sign-on for self-hosted n8n 2.x: the Enterprise-license gate, the PKCE and state limitations, IdP-driven role mapping, why Google Workspace is the weakest source, and a break-glass recovery plan.
-
n8n Permissions End to End: Account Types, Project Roles, and the Community Cliff
Effective access in n8n is a global account type plus a per-project role. What Owner, Admin, Member, and the project roles each control, and how little of it exists on the free Community edition.
-
Migrating from n8n Cloud to Self-Hosted Without Breaking Workflows
A repeatable, parallel cutover for moving off n8n Cloud on the 2.x line: what moves cleanly, what has to be rebuilt, and how to flip traffic with no data loss and no downtime.
-
n8n Monitoring with Prometheus and Alertmanager: Alerts That Actually Fire
Most published n8n alert rules never fire because they use series names n8n does not emit. Here is what /metrics really exposes, the failure-rate alert that works natively in 2.x, and the rules to copy.
-
Zero-Downtime Deployments for Self-Hosted n8n: What's Achievable and What Isn't
An upgrade procedure for queue-mode n8n that drops zero webhooks and loses zero executions, plus an honest account of where true zero-downtime stops and why the right path depends on whether the release ships database migrations.
-
Automated backups for a self-hosted n8n PostgreSQL database (that restore)
A pg_dump of your n8n database is necessary but not sufficient. The encryption key lives outside the database, and the only backup that counts is one you have restored.
-
n8n Environment Variables and Secrets Management Without Vault Overhead
A practical, Vault-free way to handle secrets in self-hosted n8n: the encryption key, .env and Docker secrets for infrastructure, native credentials for workflows, plus the v2.x gotchas most tutorials miss.
-
Self-hosting n8n: production Docker setup with backups and monitoring
Complete Docker Compose setup for self-hosted n8n: PostgreSQL 18, Caddy with auto-HTTPS, external task runners, off-site backups to GCS/S3, monitoring, and restore procedure.