Hestiacp Nginx proxy template file error

Questions
1

Hi Comunity. I’ve tried all possible ways for as a dummy can do. I’ve tried the examples here in the forum but none worked for me. Can you please take a look for this HestiaCP nginx template and let me know what’s wrong? I just started to add more and more options but i don’t have a clue what i’m doing.

The problem is that i’ve just installed n8n in docker container and in my first workflow i ‘listen for the request’ and it just doesn’t stop. Actually i guess that it doens’t update the UI.

server {
	listen      %ip%:%web_ssl_port% ssl;
	server_name %domain_idn% %alias_idn%;
	root        %sdocroot%;
	index       index.php index.html index.htm;

	ssl_certificate     %ssl_pem%;
	ssl_certificate_key %ssl_key%;
	ssl_stapling        on;
	ssl_stapling_verify on;

	# TLS 1.3 0-RTT anti-replay
	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
	if ($anti_replay = 425) { return 425; }

	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

	location ~ /\.(?!well-known\/) {
		deny all;
		return 404;
	}

	location / {
		client_max_body_size 512M;

		proxy_max_temp_file_size 0;
		proxy_read_timeout 120;
		proxy_redirect off;
		proxy_buffering off;
		proxy_set_header Host $http_host;
		proxy_set_header Early-Data $rfc_early_data;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;

		proxy_pass http://localhost:8002;
	}

	location /error/ {
		alias %home%/%user%/web/%domain%/document_errors/;
	}

	location /vstats/ {
		alias   %home%/%user%/web/%domain%/stats/;
		include %home%/%user%/web/%domain%/stats/auth.conf*;
	}

	proxy_hide_header Upgrade;

	include /etc/nginx/conf.d/phpmyadmin.inc*;
	include /etc/nginx/conf.d/phppgadmin.inc*;
	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}
2

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
3
EXPRESS_TRUST_PROXY true
GENERIC_TIMEZONE Europe/Lisbon
N8N_HOST flow.xxx.eu
N8N_PORT 5678
N8N_PROTOCOL https
N8N_RELEASE_TYPE stable
N8N_VERSION 1.42.1
NODE_ENV production
NODE_ENV production
NODE_ICU_DATA /usr/local/lib/node_modules/full-icu
NODE_VERSION 18.20.2
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL /bin/sh
VUE_APP_URL_BASE_API https://flow.xxx.eu
WEBHOOK_TUNNEL_URL https://flow.xxx.eu
WEBHOOK_URL https://flow.xxx.eu
YARN_VERSION 1.22.19

In the n8n container Log i get:

ValidationError: The 'X-Forwarded-For' header is set but the Express 'trust proxy' setting is false (default). This could indicate a misconfiguration which would prevent express-rate-limit from accurately identifying users. See https://express-rate-limit.github.io/ERR_ERL_UNEXPECTED_X_FORWARDED_FOR/ for more information.
    at Object.xForwardedForHeader (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:166:13)
    at Object.wrappedValidations.<computed> [as xForwardedForHeader] (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:338:22)
    at Object.keyGenerator (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:593:20)
    at /usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:644:32
    at /usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:625:5 {
  code: 'ERR_ERL_UNEXPECTED_X_FORWARDED_FOR',
  help: 'https://express-rate-limit.github.io/ERR_ERL_UNEXPECTED_X_FORWARDED_FOR/'
}

In Nginx error.log i get:

2024/06/01 16:27:07 [error] 41902#41902: *1797 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: flow.xxx.eu, request: "GET /rest/push?pushRef=8lrgw4nrbdu HTTP/1.1", upstream: "http://[::1]:8002/rest/push?pushRef=8lrgw4nrbdu", host: "flow.xxx.eu"
2024/06/01 16:27:44 [error] 41902#41902: *1830 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: flow.xxxx.eu, request: "GET /rest/push?pushRef=8lrgw4nrbdu HTTP/1.1", upstream: "http://[::1]:8002/rest/push?pushRef=8lrgw4nrbdu", host: "flow.xxx.eu"
2024/06/01 16:28:20 [error] 41902#41902: *1853 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: flow.xxx.eu, request: "GET /rest/push?pushRef=8lrgw4nrbdu HTTP/1.1", upstream: "http://[::1]:8002/rest/push?pushRef=8lrgw4nrbdu", host: "flow.xxx.eu"
5

This worked for me:

server {
listen xxx.xxx.xxx.xxx:443 ssl;
server_name sub.domain.com;

root /home/user/web/sub.domain.com/public_html;
index index.php index.html index.htm;

ssl_certificate /home/user/conf/web/sub.domain.com/ssl/sub.domain.com.pem;
ssl_certificate_key /home/user/conf/web/sub.domain.com/ssl/sub.domain.com.key;

ssl_stapling on;
ssl_stapling_verify on;

include /path/to/user/web/sub.domain.com/nginx.hsts.conf*;

location / {
    proxy_pass http://127.0.0.1:5678;  
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
}

location /error/ {
    alias/path/to/user/web/sub.domain.com/document_errors/;
}

include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /path/to/user/web/sub.domain.com/nginx.ssl.conf_*;

}
EXPRESS_TRUST_PROXY true
GENERIC_TIMEZONE Europe/yourcountry
N8N_HOST sub.domain.com
N8N_PORT 5678
N8N_PROTOCOL https
N8N_RELEASE_TYPE stable
N8N_VERSION 1.42.1
NODE_ENV production
NODE_ICU_DATA /usr/local/lib/node_modules/full-icu
NODE_VERSION 18.20.2
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL /bin/sh
VUE_APP_URL_BASE_API https://sub.domain.com
WEBHOOK_TUNNEL_URL https://sub.domain.com
WEBHOOK_URL https://sub.domain.com
YARN_VERSION 1.22.19
1 Like
6

I just checked the n8n container log and this error persists:

ValidationError: The ‘X-Forwarded-For’ header is set but the Express ‘trust proxy’ setting is false (default). This could indicate a misconfiguration which would prevent express-rate-limit from accurately identifying users. See Page Redirection for more information.
at Object.xForwardedForHeader (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:166:13)
at Object.wrappedValidations. [as xForwardedForHeader] (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:338:22)
at Object.keyGenerator (/usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:593:20)
at /usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:644:32
at /usr/local/lib/node_modules/n8n/node_modules/express-rate-limit/dist/index.cjs:625:5 {
code: ‘ERR_ERL_UNEXPECTED_X_FORWARDED_FOR’,
help: ‘Page Redirection
}

7

Hey @Nuno,

It is important to note that we don’t support HestiaCP so you may need to work with them to get some things working correctly. With the error you are seeing can you try adding N8N_PROXY_HOPS to your env options and setting the value to 1 and seeing if that helps, You will need to stop and start (not restart) the container for this to work.

8

Hi Jon, thank you very much for the time spent.
It works. the error disappeared from the log.

Thank you! And congrats to the team, the n8n is getting better and beautifull each version released.

1 Like
9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.