Cloudflare Tunnel - Telegram Webhook not responding

checkso · November 14, 2024, 8:37pm

Describe the problem/error/question

n8n locally hosted, behind a cloudflare tunnel.
Tunnel is working fine, and can access n8n via URL (n8n.example.com).
env variable WEBHOOK_URL set to external URL (n8n.example.com)
Telegram Connection Test successful
Telegram Webhook (URL is correctly set to n8n.example.com/…) in listen mode, but nothing happens - no message is received.
Also tried normal webhook action, same…listens, but nothing is received.
I’m able to access the external Webhook URL (Telegram) in browser and it is reachable

What is the error message (if any)?

no error message, also no logs on the Cloudflare dashboard logs

Please share your workflow

just the Telegram Trigger action

Share the output returned by the last node

nothing right now

Information on your n8n setup

n8n version: → Latest
Database (default: SQLite): → SQLite
n8n EXECUTIONS_PROCESS setting (default: own, main): →
Running n8n via (Docker, npm, n8n cloud, desktop app): → npm
Operating system: → Ubuntu

Jon · November 15, 2024, 4:55am

Hey @checkso

Which options do you have set in the Telegram node? Have you also tried using the docker image to see if that works as sometimes installing from npm can cause issues.

Can you also confirm which version of n8n you are using, we release weekly and update the latest tag which means it could be any version as I don’t know when you installed n8n or updated it last.

checkso · November 15, 2024, 6:18am

So i spinned up a n8n container, but the issue is the same.

version on both docker / npm is 1.67.1

tried “Trigger on” * , message … but all the same. Don’t receive any messages.

brauliodiasribeiro · December 6, 2024, 12:28am

I have the same issue and saw other posts from people with this problem.

From what I understand, it’s an issue with those who installed Docker n8n and CloudFlare ZeroTrust (Tunnel).

I haven’t found any solution that resolves the issue.
I have Docker n8n + Cloudflare Tunnel + NPM.

In NPM, I had to add the following code because it wasn’t working without it:

Custom Nginx Configuration:

location / {
    proxy_pass http://192.168.10.254:5678;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade"; 
    proxy_set_header Host $host;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
}

But the Telegram Trigger is not working.

checkso · December 6, 2024, 7:57am

I managed to get it working, but had to wait for a while.

After initially giving up and waiting a day or two, the webhook eventually functioned correctly.

Jon · December 6, 2024, 10:16am

I use a cloudflare tunnel when testing n8n locally and working on the Telegram node and it works almost instantly for me.

brauliodiasribeiro · December 6, 2024, 2:35pm

Got it… the solution was as follows:

The tunnel works if it is open for everyone to access (open to the world).

Mine was protected by two-factor authentication, and in this case, it doesn’t work.

Gavien · December 27, 2024, 4:43am

ever find a solution for this? im having the same with with cloudflare zero trust?

Gavien · December 27, 2024, 4:51am

I actually just found a solution. Now its going to make things messy and very tedious. But if you organize it and have a naming convention then you can make it not so bad.

So for every webhook you want to allow access for you need to create an application in your cloudflare zero trust. Set the application url to the webhook url and then create a policy to allow everyone or if you know the IPs of what service needs to access your webhook then add that and not everyone.

Hope this helps

brauliodiasribeiro · January 13, 2025, 2:29pm

Which service are you referring to when you mention the “service IP”?

I attempted to configure it but faced some issues. I added the URL of my Telegram Trigger to CloudFlare, but I’m unclear about the service IP part. Could you clarify?

Gavien · January 13, 2025, 2:55pm

Hey man, so I made an article on how to set it up. But for the policy you need to select service token. Create a service token and add that service token to the policy. Then in the headers of your webhook include the service token

Here is a document I put together on how to configure Cloudflare

codylo · February 19, 2025, 12:32am

I have been having the same issue where the Telegram trigger is not “triggering” - my self-hosted n8n is protected by Cloudflare with OTP or OIDC, access the n8n application works no issue, but the trigger is not working. Got the Webhook configured in the docker environment, and it turns out to be authentication issue of the webhook - for example if you host https://n8n.yourdomain.com/, you can still protect your application with your desired method, but you will need to allow authentication bypass for the URL Site similar to backpage | sites like backpage | new backpage - bedpage.com* in Zero Trust > Access > Application and add an application specifically with the n8n base URL including the “webhook*” PATH, the policy action should be “BYPASS”.

This works for me and now Telegram message trigger works fine while the base n8n URL will still need to authenticate with Cloudflare.

Derek_Chia · March 1, 2025, 2:14pm

Thank you @codylo for the clear instruction. This works for me perfectly!

baruchiro · April 24, 2025, 5:37am

EDIT: I set the “Action” to be “Allow”. Set it to “bypass” solved the problem.

It didn’t work for me.

As you said, I created a new application for the specific webhook path.

And I added a policy to allow everyone (I don’t know what you mean “BYPASS”):