I am currently in process of self hosting n8n using an Enterprise License.

Have setup different k8s nodes for Main, Worker and Webhook. Have cerated and tested few workflows in test and production mode.

I can see workflow history also. But when I try to see Execution history, I get an empty screen with 403. I am logged in as a Owner user. What is going on here.

Screenshot 2025-06-03 at 2.56.17 PM1143×784 97.1 KB

Information on your n8n setup

• n8n version: : 1.93.0
• Database (default: SQLite): : Postgresql
• n8n EXECUTIONS_PROCESS setting (default: own, main): MultiMain + Queue
• Running n8n via (Docker, npm, n8n cloud, desktop app): Kubernetes
• Operating system: Linux

Hey @Sahil_Wadhwa

I see your using a Enterprise license, are you hosting onprem? It seems so, do you see anything in the logs, it seems like main can’t communcate

I doubt it RBAC, as you should be able to view executions. Was this working correctly before at all?

It seems like a configuration issue, could you share your configs please, also please remove any sensitive data.

Best regards,

Samuel

Hello @King_Samuel_David

It is Kubernetes based self hosted env using multimain + queue mode.

I was able to run few small workflows using webhooks and they ran fine.
here are all the configs setup in n8n main container

DB_TYPE: 'postgresdb'
EXECUTIONS_MODE: 'queue'

N8N_LOG_LEVEL: info
QUEUE_BULL_REDIS_PORT: '6379'

DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED: 'false'
DB_POSTGRESDB_DATABASE: 'n8n-dev'

N8N_MULTI_MAIN_SETUP_ENABLED: 'true'
N8N_DISABLE_PRODUCTION_MAIN_PROCESS: true

N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: true
N8N_RUNNERS_ENABLED: true

OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS: true


N8N_DIAGNOSTICS_ENABLED: false
N8N_VERSION_NOTIFICATIONS_ENABLED: false
N8N_TEMPLATES_ENABLED: false

N8N_HOST: 'n8n.mydomain.com'
N8N_EDITOR_BASE_URL: 'https://n8n.mydomain.com'
WEBHOOK_URL: 'https://n8n-webhook.mydomain.com'

DB_POSTGRESDB_HOST: a
DB_POSTGRESDB_USER: a
DB_POSTGRESDB_PASSWORD: a
N8N_ENCRYPTION_KEY: a
QUEUE_BULL_REDIS_HOST: a

Here are the startup logs for Leader instance

`Invalid number value for N8N_PORT: tcp://10.100.7.27:443`
`Initializing n8n process`
`n8n ready on 0.0.0.0, port 5678`
`n8n Task Broker ready on 127.0.0.1, port 5679`

`[license SDK] Skipping renewal on init because renewal is not due yet or cert is not initialized`

`Task runner connection attempt failed with status code 403`
`Task runner connection attempt failed with status code 403`

`Cannot set LDAP login enabled state when an authentication method other than email or ldap is active (current: saml)`

`Version: 1.93.0`
`   - "S-Test" (ID: wcHEPzTpb7ZNdsda))`
`     => Started`
`   - "My workflow 2" (ID: NvvFhzwc6rfweOhw))`
`     => Started`
`   - "My workflow" (ID: loVRNwerfbucmehc))`
`     => Started`
``

`Editor is now accessible via:`
`https://n8n.mydomain.com`

`Registered runner "JS Task Runner" (9OEaxuESReT0MNZGGj2Yu)`

`[Instance ID main-Scm0i66ORu01NgcU] Leader is now this instance`
`[license SDK] License auto-renewals enabled`

` ================================`
`   Start Active Workflows:`
` ================================`


`Execution 90 (job 48) finished successfully`
`Execution 91 (job 49) finished successfully`
`Pruning old insights data`
`[license SDK] attempting license renewal`

`[license SDK] license successfully renewed`

Hey @Sahil_Wadhwa

Am looking at setting up k8s, but osmething that I noticed was this on the runner docs:

N8N_RUNNERS_BROKER_LISTEN_ADDRESS=0.0.0.0 By default, the task broker only listens to localhost. When using multiple containers (for example, with Docker Compose), it needs to be able to accept external connections.

How is it going? Did you manage to fix it?

You could try disable task runner, see if it’s stable then, and maybe try disable multi-main, for testing.

It’s strange you mentioned it worked, which makes me think, maybe you was on leader, and maybe leader switch happen and that node has issue :? just guessing atm

Samuel

Hi @King_Samuel_David

Our setup is Queue enabled setup.
I have configured a Redis instance which will I belive act as a broker. Host is set as part of QUEUE_BULL_REDIS_HOST env var.
Will internal n8n broker be active if a redis is provisioned ??

Also, I tried swithcing from multi main to single main node and also tried disabling task runner.

Still I am not able to see the execution history.

I can confirm entries are getting added to execution_entity table in Database, but those are not reflecting in UI

Sahil

@Sahil_Wadhwa

Am wondering if setting Execution data | n8n Docs will help, my assumption atm are, execution history maybe too large and timing out? Hense no display. So it could be execution data is too large, so if we enable the purge, it may fix it.

You could also try spin up a latest version of n8n, and copy db over with enc key, and see if you see the same issue. (keep the original running, make another env for testing)

But it doesn’t explain why you get the 403 forbidden :?

I have a feeling this is probably a bug that may have been fixed already, but i can’t see any PR or issue logged for this, I would try on newer version, there is clearly a permission issue here, and likely due to multi-main.

Hope this helps further,

Samuel

@King_Samuel_David
It’s a newly deployed instance with only around 100-120 test executions in data base. We still haven’t rolled it out for full scale usage.

I am logged in as Owner of this n8n instance.
Api hit by n8n UI while trying to fetch execution history which is giving 403 is:
https://n8n.integration.mycomp.com/rest/executions?filter={"workflowId"%3A"J6WK8mHCHA0SVJIQ"}&limit=10

But Surprisingly from same broweser if I hit:
https://n8n.integration.mycomp.com/rest/executions
I get the list of all the 120+ executions in json body… here is a small response snippet:

  "data": {
    "results": [
      {
        "id": "88",
        "workflowId": "wRoIERim3t5sxZ2u",
        "mode": "webhook",
        "retryOf": null,
        "status": "error",
        "createdAt": "2025-06-04T05:53:30.787Z",
        "startedAt": "2025-06-04T05:53:30.867Z",
        "stoppedAt": "2025-06-04T05:53:30.895Z",
        "waitTill": null,
        "retrySuccessId": null,
        "workflowName": "My workflow 4",
        "annotation": {
          "vote": null,
          "tags": [
            
          ]
        },
        "scopes": [
          "workflow:create",
          "workflow:delete",
          "workflow:execute",
          "workflow:list",
          "workflow:move",
          "workflow:read",
          "workflow:share",
          "workflow:update"
        ]
      }
]
}
}

I have also updated to latest ver : 1.95.3
But still same behaviour…getting 403 when I try to see any of the execution history: Personal or Project wise

@Sahil_Wadhwa

It a config issues, but am not 100 percent sure what we would need to change.

And thats weird, you shouldn’t be able to access https://n8n.integration.mycomp.com/rest/executions

You should get

{“status”:“error”,“message”:“Unauthorized”}

Best regards,

Samuel

Hey @Sahil_Wadhwa,
could you try deploying without N8N_EDITOR_BASE_URL. You are already setting the N8N_HOST and n8n isn’t handling TSL certs (https) from what I can see.

Best to test with a single container first. Once that works, the working config ideally is shared between main, worker and webhook, with a few exceptions like N8N_DISABLE_PRODUCTION_MAIN_PROCESS.

@marcus thanks for this info, how does multimain communcate? Leader / follower like Kafka?

@Sahil_Wadhwa I guess instead of deploying 1.93, maybe the issue is from there, but try deploy latest again a fresh deployment, and test executions quickly?

I deployed using k8s, but didn’t face the same issue.

Hope you resolve soon.

Best regards,

Samuel

Leader selection is implemented with Redis, using a special leader key that is locked to the current leader and has a short lifetime. Both the leader and others try to grab the key lock in short intervals. As long as the leader is alive, it will refresh the lock. If the leader dies, another instance will grab the lock for itself and become the leader. We have some configuration around that mechanism here.

Hello @marcus,

I tried what you asked but still getting 403 Forbidden in browser console while trying to see execution history.

HTTP call is made to : https://n8n.integration.bbb.com/rest/executions?filter={"workflowId"%3A"wcHEPzTpb7ZNdqJa"%2C"projectId"%3A"f7wLdozSB1cYPHY4"}&limit=10

But if I remove the filter query param, then as mentioned earlier i get valid repose from:
https://n8n.integration.bbb.com/rest/executions?limit=10

Here is Current Configuration:

• I am logged in with Owner Role.
• Single Main instance
• Redis and Postgresql
• Webhook pods also running
• Enterprise license

ENV Set:

  DB_POSTGRESDB_DATABASE: bbb-n8n-dev
  DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED: 'false'
  DB_TYPE: postgresdb
  
  
  EXECUTIONS_DATA_PRUNE: 'true'
  EXECUTIONS_DATA_PRUNE_MAX_COUNT: '1000'
  EXECUTIONS_DATA_SAVE_ON_ERROR: all
  EXECUTIONS_DATA_SAVE_ON_SUCCESS: all
  EXECUTIONS_MODE: queue
  
  N8N_DIAGNOSTICS_ENABLED: 'false'
  N8N_MULTI_MAIN_SETUP_ENABLED: 'false'

  N8N_DISABLE_PRODUCTION_MAIN_PROCESS: 'false'
  N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'

  N8N_EXTERNAL_STORAGE_S3_BUCKET_NAME: genai-n8n
  N8N_EXTERNAL_STORAGE_S3_BUCKET_REGION: eu-central-1
  N8N_EXTERNAL_STORAGE_S3_HOST: s3.eu-central-1.amazonaws.com


  N8N_LOG_LEVEL: info
  N8N_RUNNERS_ENABLED: 'false'
  N8N_TEMPLATES_ENABLED: 'false'
  N8N_VERSION_NOTIFICATIONS_ENABLED: 'false'
  OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS: 'true'
  QUEUE_BULL_REDIS_PORT: '6379'

  WEBHOOK_URL: https://n8n-webhook.integration.bbb.com
  N8N_HOST: n8n.integration.bbb.com

Main Pod Startup Logs

Invalid number value for N8N_PORT: tcp://10.100.7.27:443
Initializing n8n process
n8n ready on 0.0.0.0, port 5678

There is a deprecation related to your environment variables. Please take the recommended actions to update your configuration:

• N8N_RUNNERS_ENABLED → Running n8n without task runners is deprecated. Task runners will be turned on by default in a future version. Please set N8N_RUNNERS_ENABLED=true to enable task runners now and avoid potential issues in the future. Learn more: Task runners | n8n Docs

[license SDK] Skipping renewal on init because renewal is not due yet or cert is not initialized
Cannot set LDAP login enabled state when an authentication method other than email or ldap is active (current: saml)
Set local git repository to track remote
Version: 1.95.3

Start Active Workflows:

• “SW-Test” (ID: wcHEPzTpb7ZNdqJa))
  => Started
• “My workflow” (ID: loVRNbdxdbucmehc))
  => Started
• “DataDogWebhook” (ID: iP3PE1qSO7d5ANhR))
  => Started

Editor is now accessible via:
https://n8n-webhook.integration.bbb.com
Execution 194 (job 152) finished successfully

cc: @King_Samuel_David

@Sahil_Wadhwa The thing that concerns me is Invalid number value for N8N_PORT: tcp://10.100.7.27:443

Everything seems okay except that error.

Samuel

@Sahil_Wadhwa

Any resolve? How it go?

Samue

I checked my old workflows on my self hosten n8n on docker. I dont seee previous executions too. Also the versions are also saved for the same day.

No, the problem is still there.
I had spin up a single container n8n main instance in another cluster and there I can see the execution history.

Step by step I will replicate all the configs to another cluster to see which one is causing the issue.

@Sahil_Wadhwa

I have a feel it’s going to be hard to detect, and is likely due to multi-main in my opinion, where the role switch casued it and then caused an invaid state in the DB / config.

It may also not happen again unless them exact conditions happen again, it could have been a number of potentials things happening in N8N when it make this invalid state, it maybe in logs, if you have still. Can help review logs if needed.

Samuel

@sandy4v

Is that setup on multimain? Did you see same error as above 403 forbidden?

Samuel

I am not using multimain. Its a simple docker container. I always thought its the limitation of the local version so that we get the paid one.