Connection lost when accessing n8n editor behind NGINX (custom ports, restricted LAN)
Hi all,
We’re deploying n8n in an on-premise, air-gapped corporate network where the environment is not exposed to the public internet. Our setup uses NGINX as a reverse proxy (hosted on Windows), and n8n + PostgreSQL run inside Docker.
Use Case Summary
- Editor UI: served at
https://n8n.example.com:5254 - Webhooks: served externally at
https://n8n.example.com:5465 - Internal traffic (NGINX → Docker): proxied to
http://127.0.0.1:5678
This is a closed network setup — only specific internal users have access via DNS-resolved n8n.example.com.
Problem
When accessing the editor at https://n8n.example.com:5254, everything loads except:
- Editor constantly shows “Connection lost”
- Saving or editing workflows becomes unstable
- Browser dev tools show:
GET /rest/push?pushRef=... → 500 (Internal Server Error) - n8n Docker logs include:
ResponseError: Invalid origin!
Our Current Configuration
docker-compose.yml
services:
postgres:
image: postgres:15
restart: always
environment:
POSTGRES_USER: n8n
POSTGRES_PASSWORD: strongpgpass
POSTGRES_DB: n8ndb
volumes:
- postgres_data:/var/lib/postgresql/data
n8n:
image: n8nio/n8n
restart: always
ports:
- "5678:5678"
environment:
- DB_TYPE=postgresdb
- DB_POSTGRESDB_HOST=postgres
- DB_POSTGRESDB_PORT=5432
- DB_POSTGRESDB_DATABASE=n8ndb
- DB_POSTGRESDB_USER=n8n
- DB_POSTGRESDB_PASSWORD=strongpgpass
- N8N_HOST=n8n.example.com
- N8N_PORT=5678
- N8N_PROTOCOL=https
- N8N_EDITOR_BASE_URL=https://n8n.example.com:5254
- WEBHOOK_URL=https://n8n.example.com:5465
- N8N_PUSH_BACKEND=websocket
- N8N_RUNNERS_ENABLED=true
volumes:
postgres_data:
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name n8n.example.com;
return 301 https://$host$request_uri;
}
server {
listen 5254 ssl;
server_name n8n.example.com;
ssl_certificate C:/ssl/n8n.crt;
ssl_certificate_key C:/ssl/n8n.key;
location /rest/push {
proxy_pass http://127.0.0.1:5678/rest/push;
proxy_http_version 1.1;
proxy_set_header Host n8n.example.com;
proxy_set_header Origin https://n8n.example.com:5254;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://127.0.0.1:5678/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host n8n.example.com;
proxy_set_header Origin https://n8n.example.com:5254;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 5465 ssl;
server_name n8n.example.com;
ssl_certificate C:/ssl/n8n.crt;
ssl_certificate_key C:/ssl/n8n.key;
location ~ ^/(webhook|webhook-test)/ {
proxy_pass http://127.0.0.1:5678;
proxy_http_version 1.1;
proxy_set_header Host n8n.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
return 403;
}
}
}
Tried Already
- Forwarding static
Origin/Hostheaders in nginx - Ensuring
N8N_EDITOR_BASE_URLmatches exactly - Tested both
server-sent-eventsandwebsocket - TLS is valid and working
- Webhooks function correctly
Request for Help
What else might cause Invalid origin on /rest/push, even with all values matched?
We’re blocked from going live and would appreciate any guidance 
Thanks!
Information on your n8n setup
- n8n version: 1.92.2
- Database (default: SQLite): Postgre/Docker
- n8n EXECUTIONS_PROCESS setting (default: own, main):
- Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
- **Operating system: Windows Server 2022 **