N8n on Server A, Apache Reverse Proxy on Server B

Questions
1

I have self-hosted n8n in a Docker container, installed it on server A, and got it up and running. When I go to http://1.2.3.4:5678, I can access and execute everything.

Now I want to make n8n accessible at https://n8n.example.com. So I set up a reverse proxy on server B, where the domain is also located.
But when I now call up https://n8n.example.com, I can see the interface and manage everything, but I cannot execute any workflows. I then get the message “Lost connection to server”.

My compose.yaml looks like this:

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_PROXY_HOPS=1
      - N8N_RUNNERS_ENABLED=true
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:

And my virtual host looks like this:

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://1.2.3.4:5678/
ProxyPassReverse / http://1.2.3.4:5678/

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Host  "n8n.example.de"
RequestHeader set X-Forwarded-For   "%{REMOTE_ADDR}s"

Information on your n8n setup

  • n8n version: 1.119.1
  • Database: SQLite
  • Running n8n via: Docker
  • Operating system: Debian, self-hosted

What am I doing wrong? :smiley:

2

n8n relies on WebSockets for real-time communication between the server and the browser UI, and your Apache reverse proxy is not configured to handle WebSocket connections properly.

Extra work have to be done in order to accomplish that… requires to add WebSocket support to your Apache virtual host configuration.

Here you can find similar issue:

3

Why do you have SSLProxyEngine On in your Apache vhost? It’s not being used, is it?

It would be good if we could configure n8n to listen on https://1.2.3.4:5678/. Then we wouldn’t need N8N_SECURE_COOKIE=false.

Unfortunately, I haven’t managed to get n8n to work with a self-signed certificate either.

4

Here is a really good explanation :clap: :