Maintenance Runbook¶
Last updated: 2026-04-10
Update n8n¶
n8n is pinned to a specific version (1.80.0). To update:
pct enter 102
cd /opt/n8n
# 1. Check current version
docker compose ps
# 2. Take a snapshot BEFORE updating (from Proxmox host)
# pct snapshot 102 pre-n8n-update --description "Before n8n update to X.Y.Z"
# 3. Edit compose to new version
nano docker-compose.yml
# Change: image: n8nio/n8n:1.80.0 → image: n8nio/n8n:<new_version>
# 4. Pull and restart
docker compose pull n8n
docker compose up -d n8n
# 5. Check logs for errors
docker compose logs --tail 50 n8n
# 6. Verify in browser
# Visit https://n8n.exzentcg.com → Settings → check version
Warning
Always snapshot before updating. If the new version breaks, rollback: pct rollback 102 pre-n8n-update && pct start 102
Update Nginx Proxy Manager¶
pct enter 101
cd /opt/edge-gateway
# 1. Snapshot first (from Proxmox host)
# pct snapshot 101 pre-npm-update --description "Before NPM update"
# 2. Pull latest and restart
docker compose pull npm
docker compose up -d npm
# 3. Verify
docker compose ps
# Visit http://192.168.0.51:81 — admin panel should load
Update cloudflared¶
pct enter 101
cd /opt/edge-gateway
docker compose pull cloudflared
docker compose up -d cloudflared
# Verify tunnel reconnects
docker compose logs --tail 30 cloudflared
# Look for: "Registered tunnel connection" x4
Check Cloudflare dashboard → Zero Trust → Tunnels → status should be HEALTHY.
Take Proxmox Snapshots¶
# From Proxmox host shell
# Snapshot edge-gateway
pct snapshot 101 <name> --description "<what changed>"
# Snapshot n8n-app
pct snapshot 102 <name> --description "<what changed>"
# List snapshots
pct listsnapshot 101
pct listsnapshot 102
Naming convention: phase1-complete, pre-n8n-update, 2026-04-15-weekly, etc.
Rotate Cloudflare Tunnel Token¶
- Cloudflare dashboard → Zero Trust → Networks → Tunnels → exzentcg-homelab
- Click the three-dot menu → Rotate token (or Configure → grab new token)
- Update on edge-gateway:
pct enter 101 cd /opt/edge-gateway nano .env # Replace TUNNEL_TOKEN= value docker compose restart cloudflared docker compose logs --tail 30 cloudflared
Back Up n8n Data¶
pct enter 102
cd /opt/n8n
docker compose stop n8n
tar czf /root/n8n-backup-$(date +%F).tgz ./data/
docker compose up -d n8n
To pull the backup to your desktop:
# From admin desktop
scp root@192.168.0.52:/root/n8n-backup-*.tgz ~/backups/
Back Up NPM Config¶
pct enter 101
cd /opt/edge-gateway
tar czf /root/npm-backup-$(date +%F).tgz ./npm/
Restart Everything After Power Outage¶
If both LXCs have onboot: 1 set, they auto-start when Proxmox boots. Verify:
# From Proxmox host
pct list # Both should show "running"
pct enter 101
docker compose ps # npm + cloudflared: Up
exit
pct enter 102
docker compose ps # n8n: Up
If containers didn't auto-start:
pct start 101
pct start 102
Docker services restart automatically (restart: unless-stopped).
Check Proxmox Firewall Rules¶
# View compiled rules for each container
iptables -S veth101i0-IN | head -20
iptables -S veth101i0-OUT | head -20
iptables -S veth102i0-IN | head -20
iptables -S veth102i0-OUT | head -20
# Or compile and check
pve-firewall compile 2>&1 | grep -A20 "veth101i0"
pve-firewall compile 2>&1 | grep -A20 "veth102i0"
Unlock /etc/resolv.conf (if needed)¶
CT 101 has /etc/resolv.conf locked with chattr +i to prevent Proxmox from overwriting it. To edit:
chattr -i /etc/resolv.conf
nano /etc/resolv.conf
chattr +i /etc/resolv.conf