Praxium Labs ships this for Nepali clients — here is what works. You do not need a DevOps team or a cloud architect to run n8n in production for a Nepali business. The setup below has served clients running 20,000+ executions per day for less than the cost of a Zapier Starter subscription.
Which VPS provider for Nepal?
Three providers consistently deliver the best price-performance for Nepali workloads:
- Hetzner (Frankfurt / Helsinki): CX22 — 2 vCPU, 4 GB RAM, 40 GB SSD — €4.51/mo (~NPR 700/mo). Excellent performance per rupee but Indian payment cards work fine.
- DigitalOcean (Singapore): $6/mo entry tier. Slightly more expensive but ~80 ms lower latency to Nepal. Great for customer-facing infra.
- Vultr (Singapore / Tokyo): $6/mo. Similar to DO but supports cheaper Cloud Compute tier in Mumbai which is best-in-class for latency.
For pure n8n we prefer Hetzner — cost wins. For n8n + a customer-facing API behind it, Vultr Mumbai or DO Singapore wins on latency.
The docker-compose.yml we ship
Copy this into /opt/n8n/docker-compose.yml. Replace the placeholder secrets and your domain.
docker-compose.yml
version: '3.8'
services:
postgres:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_USER: n8n
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: n8n
volumes:
- pg_data:/var/lib/postgresql/data
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U n8n']
interval: 10s
n8n:
image: n8nio/n8n:latest
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
environment:
DB_TYPE: postgresdb
DB_POSTGRESDB_HOST: postgres
DB_POSTGRESDB_PORT: 5432
DB_POSTGRESDB_DATABASE: n8n
DB_POSTGRESDB_USER: n8n
DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}
N8N_HOST: n8n.yourdomain.com
N8N_PROTOCOL: https
WEBHOOK_URL: https://n8n.yourdomain.com/
N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
EXECUTIONS_DATA_PRUNE: 'true'
EXECUTIONS_DATA_MAX_AGE: 336
GENERIC_TIMEZONE: Asia/Kathmandu
volumes:
- n8n_data:/home/node/.n8n
caddy:
image: caddy:2-alpine
restart: unless-stopped
ports:
- '80:80'
- '443:443'
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_data:/data
- caddy_config:/config
volumes:
pg_data:
n8n_data:
caddy_data:
caddy_config:Caddyfile
n8n.yourdomain.com {
reverse_proxy n8n:5678
encode gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
}
}Backups: the part most teams skip
Without a backup, a single VPS disk failure wipes every workflow, credential, and execution history. The two-line cron that has saved more than one engagement:
Nightly Postgres backup to B2
# /etc/cron.daily/n8n-backup
#!/bin/bash
set -e
docker exec postgres pg_dump -U n8n -d n8n | gzip > /backups/n8n-$(date +%F).sql.gz
rclone copy /backups b2:my-bucket/n8n/ --quiet
find /backups -type f -mtime +7 -deleteStorage cost: Backblaze B2 at NPR 70 per 10 GB/month. For a typical SME the entire year of nightly backups costs less than NPR 500.
Production-readiness checklist
- ✅ HTTPS only (Caddy handles certificate renewal automatically)
- ✅ Strong N8N_ENCRYPTION_KEY (32+ random bytes, never lose it — without it old credentials are unrecoverable)
- ✅ EXECUTIONS_DATA_PRUNE enabled — prevent Postgres growth
- ✅ Off-host backups (B2 / S3 / DO Spaces)
- ✅ Uptime check pinging /healthz every minute, alert on 2 consecutive failures
- ✅ Global error workflow inside n8n that posts to Slack/WhatsApp on any execution failure
- ✅ Postgres + n8n versions pinned to specific tags (not
:latest) for reproducible deploys - ✅ SSH access locked down — key-based auth only, fail2ban, no root login
When to upgrade beyond a single VPS
A single VPS handles up to ~30,000 executions/day before you start hitting CPU pressure. Above that you have three upgrade paths: (1) vertical scale to CX32 (4 vCPU, 8 GB RAM) — usually buys another 5–10x headroom; (2) move Postgres to a managed service (DigitalOcean Managed Postgres at ~$15/mo); (3) split n8n into queue mode with separate worker nodes for true horizontal scaling. Most Nepali businesses stay comfortably on a single CX22 for years. For related context, see our Complete Guide to n8n Automation for Nepali Businesses post.
Frequently asked questions
Can I run n8n on a NPR 300/month shared host?
No. n8n needs Docker, persistent storage, and the ability to open inbound webhook ports — none of which shared hosting provides. The cheapest viable option is a Hetzner CX22 at ~NPR 700/month.
Do I need a static IP?
No. A domain pointed at the VPS IP is enough; if the IP changes (it rarely does on Hetzner / DO / Vultr), update DNS and Caddy continues to work. For incoming webhooks from Daraz / Khalti / eSewa you only need a public HTTPS URL, not a fixed IP.
Is self-hosting n8n GDPR / Nepal Privacy Act compliant?
Self-hosting is the easiest path to compliance because data never leaves infrastructure you control. Compliance still depends on having data-retention policies, encryption at rest (Postgres TDE or full-disk encryption), and an incident-response plan documented. Praxium Labs ships those as part of every engagement.
What if my VPS gets hacked?
Your immediate risk is credentials theft (the API keys you store in n8n). Mitigations: (1) per-workflow credentials scoped to minimum permission, (2) rotate credentials on schedule, (3) keep N8N_ENCRYPTION_KEY out of the repo, (4) monitor SSH auth logs for brute-force attempts. With these in place a compromised VPS is recoverable; without them it is a disaster.
Can I use Coolify, Dokploy, or Easypanel to install n8n?
Yes — these are 1-click installers for Docker apps and we have shipped n8n on all three. They simplify the initial setup but make customisation slightly harder. For a single-app VPS we prefer raw docker-compose; for an agency running multiple client apps on one box, Coolify is excellent.
Who can build this in Nepal?
Praxium Labs — Nepal's AI and automation consultancy, based in Lalitpur — designs and builds the systems described in this guide for Nepali businesses and for international teams hiring from Nepal. Start a project or see all services.