IIS Reverse Proxy + pm2 on Windows — Invalid request.ip after fixing trust proxy error

Pakpoom · August 15, 2025, 11:48am

Describe the problem/error/question

I’m running n8n on Windows Server behind IIS reverse proxy using pm2.

Flow:

Client → IIS → n8n (pm2)

When I first started and logged in, I got:

ValidationError: The 'X-Forwarded-For' header is set but the Express 'trust proxy' setting is false (default). 
This could indicate a misconfiguration which would prevent express-rate-limit from accurately identifying users.
See https://express-rate-limit.github.io/ERR_ERL_UNEXPECTED_X_FORWARDED_FOR/ for more information.

I found forum post #51208 recommending N8N_PROXY_HOPS=1.
That solved the first error.

What is the error message (if any)?

The new error after restart

After restarting pm2, I got another error: ERR_ERL_INVALID_IP_ADDRESS

ValidationError: An invalid 'request.ip' (49.49.33.138:48115) was detected.
Consider passing a custom 'keyGenerator' function to the rate limiter. 
See https://express-rate-limit.github.io/ERR_ERL_INVALID_IP_ADDRESS/ for more information.

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

Pakpoom · August 15, 2025, 12:23pm

This is my Config

w

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyToN8N" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:5678/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_PROTO" value="https" />
                        <set name="HTTP_X_FORWARDED_HOST" value="n8n.domain.com" />
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="https://n8n.domain.com" />
                <add name="Access-Control-Allow-Headers" value="Authorization,Content-Type" />
                <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Pakpoom · August 15, 2025, 12:23pm

n8n config

NODE_ENV: "production",
N8N_HOST: "n8n.domain.com",
N8N_PROTOCOL: "https",
N8N_PORT: "5678",
N8N_EDITOR_BASE_URL: 'https://n8n.domain.com/',
WEBHOOK_URL: 'https://n8n.domain.com/',
VUE_APP_URL_BASE_API: 'https://n8n.domain.com/',
N8N_RUNNERS_ENABLED: "true",
N8N_USER_FOLDER: "D:/n8n/users/",
N8N_SECURE_COOKIE: "true",
N8N_LOG_LEVEL: 'info',
N8N_TRUST_PROXY: "true",
N8N_PROXY_HOPS: 1, // One reverse proxy (IIS) between client and n8n
GENERIC_TIMEZONE: "Asia/Bangkok",

system · November 13, 2025, 12:24pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.