Invalid origin error on Azure Container Apps - nginx reverse proxy solution needed

Questions
1

Running n8n on Azure Container Apps (ACA) behind corporate proxy. ACA strips the Origin header before it reaches n8n. n8n 1.87+ checks Origin strictly → “Invalid origin!” error → “Lost Connection” in editor.
Tried: N8N_DISABLE_ORIGIN_CHECK=true, N8N_ALLOWED_ORIGINS=*, N8N_TRUST_PROXY=1, N8N_PROXY_HOPS=1 → none work.
Confirmed with whoami test: ACA strips Origin and X-Forwarded-Host by default.
Now trying nginx reverse proxy in same ACA environment to set Origin header statically before forwarding to n8n. nginx is Running/Ready but ACA returns 404.

Describe the problem/error/question

Origin header does NOT match the expected origin. (Origin: “undefined” → “N/A”, Expected: “undefined” → “undefined”)
ResponseError: Invalid origin!

What is the error message (if any)?

Please share your workflow

no workflow

Share the output returned by the last node

Information on your n8n setup

    1. n8n version: latest (2.15.1)
    2. Database: PostgreSQL
    3. Running n8n via: Docker (Azure Container Apps)
    4. Operating system: Azure Linux
3

I would put n8n behind an nginx reverse proxy that becomes the public entrypoint and explicitly forwards/restores Host, X-Forwarded-Host, X-Forwarded-Proto, and Origin headers to n8n, because n8n’s reverse-proxy setup expects those forwarded headers and community reports show proxy_set_header Host $host; plus proxy_set_header Origin $http_origin; resolves the post-1.87 “Invalid origin” editor disconnect issue.

4

Your nginx sidecar idea is right, the 404 is almost certainly because ACA ingress is still pointing at n8n’s port instead of nginx’s — make sure ingress targets nginx (like port 80) and then nginx proxies to localhost:5678 with proxysetheader Origin https://your-domain; and proxysetheader Host your-domain;.

5

Has anyone successfully run nginx as a sidecar in the same container as n8n on ACA? nginx fails with getpwnam("nginx") failed because the n8n hardened image has no nginx user. How do you start nginx without the nginx user?"

6

Just change user nginx; to user root; at the top of your nginx.conf (or remove the user directive entirely), the default nginx config expects an nginx user that doesn’t exist in the n8n image so it chokes on startup.

7

@achamm worked perfectly, thanks!

Quick summary for anyone running n8n on Azure Container Apps:

  • Multi-stage Dockerfile: copy nginx binaries from nginx:alpine into n8nio/n8n:latest (with USER root, otherwise you get getpwnam("nginx") failed)
  • nginx on port 80, proxy_pass to localhost:5678
  • ACA ingress targeting port 80 (nginx), not 5678 (n8n)
  • proxy_set_header Origin https://your-aca-fqdn; → fixes the origin check since n8n 1.87
  • mkdir -p /var/cache/nginx/client_temp etc. — those directories are missing in the n8n base image
  • N8N_PUSH_BACKEND set to websocket instead of sse → no more “Lost Connection”

start.sh:

#!/bin/sh
nginx -g 'daemon off;' &
n8n start

All working now. Really appreciate how fast you get help here — that’s what makes this community so great. :flexed_biceps:

8

@glongo10

Your welcome! Feel free to put whoevers post as you want as the solution! Have a wonderful day! enjoy!