N8n behind Apache reverse proxy with HTTPS and WebSocket support – issues with push notifications

Hi everyone,

I’m trying to run n8n behind an Apache reverse proxy with HTTPS on port 8443, using the domain n8n.kurdak.eu.

n8n is running in Docker on a different local server (10.0.31.158) and exposed on port 5678. My reverse proxy is managed via ISPConfig and located at 10.0.0.3.

Everything works fine except for push notifications / WebSocket, which n8n uses for real-time updates (e.g. Telegram trigger testing). I’ve already added what I believe is the correct Apache config, but the browser dev tools show that WebSocket fails to connect.

Here’s my current Apache vhost config:

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://0.0.0.0:5678/$1 [P,L]

ProxyPass /rest/push ws://127.0.0.1:5678/rest/push
ProxyPassReverse /rest/push ws://127.0.0.1:5678/rest/push

ProxyPreserveHost On
ProxyRequests Off
ProxyAddHeaders On
SSLProxyEngine On

<Proxy *>
  Require all granted
</Proxy>

ProxyPass /rest/push ws://10.0.31.159:5678/rest/push
ProxyPassReverse /rest/push ws://10.0.31.159:5678/rest/push

ProxyPass / http://10.0.31.159:5678/
ProxyPassReverse / http://10.0.31.159:5678/

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Host "n8n.kurdak.eu"
RequestHeader set X-Forwarded-Port "443"

And my environment variables:

version: "3.7"

services:
  n8n:
    image: n8nio/n8n
    container_name: n8n
    restart: always
    ports:
      - "5678:5678"
    environment:
      - N8N_HOST=n8n.kurdak.eu
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_WEBHOOK_URL=https://n8n.kurdak.eu/
      - N8N_RUNNERS_ENABLED=true
      - N8N_SECURE_COOKIE=false
      - N8N_PROXY_HOPS=1
      - N8N_PUSH_BACKEND=websocket
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:

What am I missing to make WebSocket communication work? Is there a better way to handle this via Apache?

Thanks in advance!

I’ve managed to solve the problem myself after some testing and adjustments.

The key issue was related to WebSocket configuration through Apache reverse proxy. Here’s the working setup that now fully supports n8n behind Apache with HTTPS on port 8443, including real-time features like Telegram Trigger testing.
Working docker-compose.yml:

version: "3.7"

services:
  n8n:
    image: n8nio/n8n
    container_name: n8n
    restart: always
    ports:
      - "5678:5678"
    environment:
      - N8N_HOST=n8n.kurdak.eu
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_EDITOR_BASE_URL=https://n8n.kurdak.eu
      - WEBHOOK_URL=https://n8n.kurdak.eu
      - N8N_WEBHOOK_URL=https://n8n.kurdak.eu
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_PUSH_BACKEND=websocket
      - N8N_SECURE_COOKIE=false
      - N8N_SKIP_WEBHOOK_DEREGISTRATION_SHUTDOWN=true
      - N8N_DIAGNOSTICS_ENABLED=false
      - N8N_DISABLE_ORIGIN_CHECK=true
      - N8N_ALLOWED_ORIGINS=https://n8n.kurdak.eu
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:

Apache vhost (port 8443):

# WebSocket support for /rest/push
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /rest/push/(.*) ws://10.0.31.159:5678/rest/push/$1 [P,L]

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine On

<Proxy *>
  Require all granted
</Proxy>

ProxyPass /rest/push ws://10.0.31.159:5678/rest/push
ProxyPassReverse /rest/push ws://10.0.31.159:5678/rest/push

# Required headers for WebSocket
RequestHeader set Connection "upgrade"
RequestHeader set Upgrade %{HTTP:Upgrade}e env=HTTP_UPGRADE
RequestHeader set Host %{HTTP_HOST}e env=HTTP_HOST
RequestHeader set Origin "https://n8n.kurdak.eu"

# Main traffic
ProxyPass / http://10.0.31.159:5678/ nocanon
ProxyPassReverse / http://10.0.31.159:5678/

Everything now works as expected. Hopefully this configuration helps someone facing the same WebSocket issue with n8n behind Apache.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.