Step-by-Step Guide: n8n Oracle Cloud Setup Always Free (Docker + Caddy TLS)

Why follow this tutorial

This walkthrough shows a complete, tested method to run n8n Oracle Cloud setup Always Free Ampere instance using Docker and Caddy as a reverse proxy with automatic Let’s Encrypt TLS. It covers DNS, Oracle VCN rules, Docker Compose configuration, IPv6 pitfalls and a proven fallback when Caddy can’t resolve container hostnames.

Prerequisites for n8n Oracle Cloud Setup

Oracle Cloud account (n8n Oracle Cloud Setup) with Always Free resources (Ampere A1 recommended).
A domain you control (DNS editor access) — e.g. example.com.
Basic SSH knowledge and a terminal client (Termius, PuTTY, or native SSH).
You will only need to edit email, domain, username, password in the example files.

Quick overview for n8n Oracle Cloud Setup

Create Ampere A1 instance and assign a Public IPv4 (reserved recommended).
Configure VCN/Subnet security lists (allow 22, 80, 443).
SSH into the instance and install Docker / Docker Compose.
Create ~/n8n folder and add docker-compose.yml + Caddyfile.
Launch containers, wait for certificates, test.
Troubleshoot IPv6 / SSL issues and clear browser cache if needed.
Backup workflows and maintain.

Step 1 — Create the Oracle instance + public IP

In Oracle Console → Compute → Instances → Create Instance.

Choose Ampere A1 Flexible (Always Free eligible).
Select Ubuntu (22.04 LTS ARM / aarch64) or the image you prefer.
In Networking, ensure the VNIC is in a subnet with an Internet Gateway.

Make sure a Public IPv4 is assigned:

In instance page → Attached VNICs → click the VNIC → under IPv4 Addresses, click Assign Public IP.
Prefer a Reserved Public IP (won’t change on stop/start).

Note the public IP (example: 123.456.789.10) and use it in DNS.

Step 2 — DNS: Create an A record

At your DNS provider (Hostinger):

Create an A record: n8n → points to your instance public IPv4 (123.456.789.10).
(Optional) If you have IPv6 and a working route assign AAAA to the server IPv6 — but only do this if your provider routes IPv6 correctly; otherwise leave AAAA blank (we address IPv6 below).

Wait a few minutes and verify:

Host: n8n
Type: A
Value: YOUR_PUBLIC_IPV4
TTL: default

Verify:

dig +short n8n.YOUR_DOMAIN @8.8.8.8

It should return your public IPv4.

Step 3 — VCN / Security Lists (Oracle Console)

Make sure your subnet has these ingress rules (source 0.0.0.0/0):

TCP 22 — SSH
TCP 80 — HTTP (required for Let’s Encrypt HTTP-01)
TCP 443 — HTTPS

Also confirm the subnet route table has a route to the Internet Gateway.

Step 4 — SSH into the instance and prepare the server

SSH (Termius) to your public IP:

ssh ubuntu@123.456.789.10

SSH to your instance and run these commands to update, install Docker & Docker Compose and enable UFW:

sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose ufw curl jq
sudo systemctl enable --now docker
sudo usermod -aG docker $USER
# Apply docker group to current shell (no logout required)
newgrp docker
# Firewall
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable

Step 5 — Create project folder and files

From your home folder ~/ run:

mkdir -p ~/n8n && cd ~/n8n

Caddyfile (reverse proxy + TLS)

Create ~/n8n/Caddyfile — (replace YOUR_DOMAIN and YOUR_EMAIL):

YOUR_DOMAIN = n8n.YOUR_DOMAIN
YOUR_EMAIL = you@your-email.com

# Caddyfile content
n8n.YOUR_DOMAIN {
    reverse_proxy n8n:5678
    tls YOUR_EMAIL
    encode gzip
    # Optional: force IPv4 only if you encounter IPv6/SSL issues
    # bind 0.0.0.0
}

Also Read : https://itgyan.in/how-to-claim-perplexity-pro-ai-for-free-airtel/

docker-compose.yml

Create ~/n8n/docker-compose.yml and replace placeholders: YOUR_DOMAIN, YOUR_EMAIL, YOUR_USERNAME, YOUR_PASSWORD.

version: "3.8"
services:
  n8n:
    image: n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    environment:
      - N8N_HOST=n8n.YOUR_DOMAIN
      - N8N_PORT=5678
      - WEBHOOK_URL=https://n8n.YOUR_DOMAIN/
      - VUE_APP_URL_BASE_API=https://n8n.YOUR_DOMAIN/
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=YOUR_USERNAME
      - N8N_BASIC_AUTH_PASSWORD=YOUR_PASSWORD
      - GENERIC_TIMEZONE=Asia/Kolkata
      - NODE_ENV=production
    volumes:
      - n8n_data:/home/node/.n8n
    expose:
      - "5678"

  caddy:
    image: caddy:2
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - n8n

volumes:
  n8n_data:
  caddy_data:
  caddy_config:

Step 6 — Launch the stack

From ~/n8n: n8n Oracle Cloud Setup

docker-compose up -d

#Check Caddy logs to see certificate issuance
docker-compose logs -f caddy

Watch the Caddy logs until you see “certificate obtained successfully” for your domain.

Step 7 — If Caddy cannot resolve `n8n` (fallback)

In some rare cases Caddy inside the container cannot resolve the service name. If your browser shows ERR_SSL_PROTOCOL_ERROR or blank pages, do this:

Get the n8n (n8n Oracle Cloud Setup) container IP:

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' n8n
# Example output: 172.18.0.2

Update Caddyfile to use the container IP:

n8n.YOUR_DOMAIN {
    reverse_proxy 172.18.0.2:5678
    tls YOUR_EMAIL
    encode gzip
    bind 0.0.0.0   # optional: force IPv4
}

Restart:

docker-compose down
docker-compose up -d

This was the exact fallback used to solve a DNS-in-container issue during testing.

Troubleshooting (most common issues)

SSL / ERR_SSL_PROTOCOL_ERROR

Browser may prefer IPv6. Test IPv6 from the server: curl -6 -vk https://n8n.YOUR_DOMAIN If IPv6 fails with Network is unreachable, force IPv4 in Caddy with bind 0.0.0.0.
Test IPv4: curl -4 -vk https://n8n.YOUR_DOMAIN

DNS

Make sure dig A n8n.YOUR_DOMAIN +short returns your public IPv4.
If DNS changed, wait for propagation (minutes to a few hours).

Ports & firewall

UFW on VM: sudo ufw status
Oracle VCN Security List (n8n Oracle Cloud Setup) needs ports 80 & 443 inbound from 0.0.0.0/0.

Browser cache (client-side SSL errors)

Chrome: chrome://net-internals/#dns → Clear host cache; chrome://net-internals/#sockets → Flush socket pools.
OS-level DNS flush: Windows ipconfig /flushdns, macOS sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder.

If Caddy refuses to issue certificates

Check docker-compose logs -f caddy for http-01 or tls errors. Often the cause is blocked port 80 or DNS not pointing correctly.

Backup & maintenance

Export workflows via the n8n UI (n8n Oracle Cloud Setup), or backup the Docker volume:

docker run --rm -v n8n_data:/data -v $(pwd):/backup alpine \
  sh -c "cd /data && tar czf /backup/n8n_data_$(date +%F).tgz ."

For PostgreSQL setups, use pg_dump.

Update containers:

docker-compose pull
docker-compose up -d

Uninstall / Clean everything

Run these commands to remove the deployment and data:

cd ~
cd n8n || true

# Stop and remove containers
docker-compose down

# Remove volumes and network
docker volume rm n8n_data caddy_data caddy_config || true
docker network rm n8n_default || true

# Prune unused docker objects
docker system prune -f
docker volume prune -f
docker network prune -f

# Remove files
rm -rf ~/n8n

Frequently Asked Questions

Will this cost money on Oracle (n8n Oracle Cloud Setup)?

No — this uses Oracle Always Free eligible Ampere A1 resources. Make sure you stay within Always Free limits.

Why do I get SSL errors on my machine but not elsewhere?

Most likely IPv6 or cached failed TLS handshake. See browser DNS/socket flush steps or force IPv4 in Caddy.

Can I use Traefik instead of Caddy?

Yes — Traefik works too and offers a dashboard. Caddy is simpler for small setups.

Table of Contents