N8N behind Apache Reverse Proxy

Describe the problem/error/question

I have n8n in a docker container behind an Apache reverse proxy acting as a gateway. Connections come in via Cloudflare proxy which sorts out the HTTPS stuff, and into the apache reverse proxy on port 443 then finally to N8N on 5678.

The following is the Apache vhost config

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName n8n.forwen.com
        ProxyRequests Off

        # setup the proxy
        <Proxy *>
            Order allow,deny
            Allow from all
        </Proxy>

        ProxyPreserveHost On
        ProxyPass / http://192.168.0.45:5678/
        ProxyPassReverse / http://192.168.0.45:5678/
        RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerName n8n.example.com
        ProxyRequests Off

        # setup the proxy
        <Proxy *>
            Order allow,deny
            Allow from all
        </Proxy>

        ProxyPreserveHost On
        ProxyPass / http://192.168.0.45:5678/
        ProxyPassReverse / http://192.168.0.45:5678/
RewriteEngine on
[END,NE,R=permanent]
</VirtualHost>
</IfModule>

I am running the n8n docker container with the following

sudo docker run -it -d --rm \
 --name n8n \
 -p 5678:5678 \
 -e GENERIC_TIMEZONE="Asia/Singapore" \
 -e N8N_PROTOCOL="https" \
 -e N8N_HOST="n8n.example.com" \
 -e VUE_APP_URL_BASE_API="https://n8n.example.com/" \
 -e TZ="Asia/Singapore" \
 -e WEBHOOK_URL="https://n8n.example.com/" \
 -e N8N_SECURE_COOKIE="false" \
 -v n8n_data:/home/node/.n8n \
 docker.n8n.io/n8nio/n8n

Everything works perfectly if I access using http://192.168.0.45:5678. But if I access using https://n8n.example.com/ I get just a blank page with the following errors

However weirdly, if i login using http://192.168.0.45:5678 then open https://n8n.example.com/workflows directly, everything works. However pages load marginally slower than if I use IP directly.

Also things like Test Workflow will fail with the following errors

They work well if done via the IP.

Webhook works though. Ive connected various services like MS, FB and more.

I’ve read around people say might be due to the VHOST config in APACHE. Could someone please suggest what I might have missed?

Thanks!

Information on your n8n setup

  • n8n version: 1.42.1
  • Database (default: SQLite): SQLITE
  • n8n EXECUTIONS_PROCESS setting (default: own, main): own, I guess.
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
  • Operating system: Ubuntu

Hey @chizuoka,

Welcome to the community :cake:

We consider self hosting n8n to be an advanced configuration option and we rely on your knowledge of the services you want to use around n8n this would include your reverse proxy of choice.

As a starting point though the example below is a minimal example of what needs to be done for Apache.

<VirtualHost *:80>
        ServerName n8n.yourdomain.tld

        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /(.*)           ws://172.17.0.1:5678/$1 [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket [NC]
        RewriteRule /(.*)           http://172.17.0.1:5678/$1 [P,L]
        ProxyPassReverse /          http://n8n.yourdomain.tld
</VirtualHost>

You may be able to find more information in the posts below:

1 Like

I did try the websocket thing and tried the following as suggested by chatgpt too but the whole site goes blank again if access through the domain.

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName n8n.example.com
        ProxyRequests Off

        # setup the proxy
        <Proxy *>
            Order allow,deny
            Allow from all
        </Proxy>

        ProxyPreserveHost On
		
		# ProxyPass and ProxyPassReverse for HTTP
        ProxyPass / http://192.168.0.45:5678/
        ProxyPassReverse / http://n8n.example.com
		
		# Request header to forward the original scheme
        RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
		
		# Rewrite rules to handle WebSocket connections
		RewriteEngine On
		RewriteCond %{HTTP:Upgrade} =websocket [NC]
		RewriteRule /(.*) ws://192.168.0.45:5678/$1 [P,L]

		# Rewrite rule for other HTTP requests
		RewriteCond %{HTTP:Upgrade} !=websocket [NC]
		RewriteRule /(.*) http://192.168.0.45:5678/$1 [P,L]

</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerName n8n.example.com
        ProxyRequests Off

        # setup the proxy
        <Proxy *>
            Order allow,deny
            Allow from all
        </Proxy>

        ProxyPreserveHost On
		
        # ProxyPass and ProxyPassReverse for HTTP
        ProxyPass / http://192.168.0.45:5678/
        ProxyPassReverse / http://n8n.example.com
		
		# Request header to forward the original scheme
        RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
		
		# Rewrite rules to handle WebSocket connections
		RewriteEngine On
		RewriteCond %{HTTP:Upgrade} =websocket [NC]
		RewriteRule /(.*) ws://192.168.0.45:5678/$1 [P,L]

		# Rewrite rule for other HTTP requests
		RewriteCond %{HTTP:Upgrade} !=websocket [NC]
		RewriteRule /(.*) http://192.168.0.45:5678/$1 [P,L]

</VirtualHost>
</IfModule>

That gives me loads of 522 errors instead such as below:

Hey @chizuoka,

I would probably not take advice from ChatGPT on configuration, It is good but you need to also make sure you know what the settings are doing and check that the options provided are current in the documentation and not legacy settings.

Looking at your example have you tried something like the below?

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName n8n.example.com
	
		# Rewrite rules to handle WebSocket connections
		RewriteEngine On
		RewriteCond %{HTTP:Upgrade} =websocket [NC]
		RewriteRule /(.*) ws://192.168.0.45:5678/$1 [P,L]

		# Rewrite rule for other HTTP requests
		RewriteCond %{HTTP:Upgrade} !=websocket [NC]
		RewriteRule /(.*) http://192.168.0.45:5678/$1 [P,L]

</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerName n8n.example.com

		# Rewrite rules to handle WebSocket connections
		RewriteEngine On
		RewriteCond %{HTTP:Upgrade} =websocket [NC]
		RewriteRule /(.*) ws://192.168.0.45:5678/$1 [P,L]

		# Rewrite rule for other HTTP requests
		RewriteCond %{HTTP:Upgrade} !=websocket [NC]
		RewriteRule /(.*) http://192.168.0.45:5678/$1 [P,L]

</VirtualHost>
</IfModule>
1 Like

Thanks. This almost works! … almost. Its like its unstable. It would work for awhile, and out of the blue, 522 starts occurring all over. Refreshing the page helps, but might need one or 2 refreshes. So it seems it works, but stability is that issue.

These are some samples of the errors i get.

2024-06-07_16h20_53

Hey @chizuoka,

A 522 is a connection timeout so could be anything really, It might be worth checking your configuration again and making sure you have cleared your browser cache to see if that helps.

I tried it on incognito , tried it in a brand new browser edge… and still getting these 522s. Strange is sometime if I try with a refresh, then it passes without any error, leading me to believe there is some instability in the connection or something. Anything else I can try. I would like to note my connection is passing through a cloudflare proxy which manages the https part of the connection