N8n proxy error

Laxusjee · August 11, 2025, 9:39pm

Hello n8n commuity!

Im facing an issue with n8n proxy. I am trying to build n8n compose file with n8n, traeffik and squid to proxy openai requests to my VPS (openai restricts access from my country). I have set up domain and linked DDNS (Dynamic dns) to my PC. The issues im getting is somthing like this:

[No Error] (TLS code: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED)

SSL handshake error (SQUID_TLS_ERR_CONNECT)

Basically, i tried almost every possible configuration with squid. I also tried different proxies like 3proxy, tinyproxy but they all return about the same error. However, if i try to send request to proxy by myself using Code node with axios and https-agent-proxy it works all fine. Also it works when i send request with curl -x. Seems like n8n cause this error the way it send request with proxy. I have spent several days solving this problem with no result. I hope you can help me solving this issue

Please share your workflow

Dockerfile

networks:
  n8n-network:
    external: true  

volumes:
  n8n_data:
  traefik_data:
  
services:
  traefik:
    image: traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "8080:8080"
      - "80:80"
      - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    dns:
      - 8.8.8.8
      - 1.1.1.1
    networks:
      -  n8n-network
      
  n8n:
    build:
        dockerfile: ./dockerfile
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=psql
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=postgres
      - DB_POSTGRESDB_PASSWORD=password
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - NODE_TLS_REJECT_UNAUTHORIZED=0
      - N8N_METRICS_ENABLED=false
      - NODE_FUNCTION_ALLOW_EXTERNAL=*
      - HTTP_PROXY=http://squid:3128
      - HTTPS_PROXY=http://squid:3128
    volumes:
      - n8n_data:/home/node/.n8n
      - ./key.pem:/home/node/.n8n/key.pem
      - ./cert.pem:/home/node/.n8n/cert.pem
    networks:
      - n8n-network
    dns:
      - 8.8.8.8
      - 1.1.1.1
      
  squid:
    image: ubuntu/squid:latest
    volumes:
      - ./squid.conf:/etc/squid/squid.conf
    ports:
      - "3128:3128"
    networks:
      - n8n-network
    dns:
      - 8.8.8.8
      - 1.1.1.1
      
  mongo:
    image: mongo:latest
    ports: 
      -  "4232:4232"
    networks:
      -  n8n-network
      
  psql:
    image: postgres:latest
    ports:
      -  "4233:5432"
    environment:
      -  POSTGRES_PASSWORD=password
    networks:
      -  n8n-network

Squid

http_port 3128

acl SSL_ports port 443
acl Safe_ports port 443

acl CONNECT method CONNECT

http_access allow CONNECT SSL_ports
http_access allow SSL_ports
http_access allow all

always_direct allow all
sslproxy_cert_error allow all

n8n version: 1.81.4
Running n8n via Docker,
Operating system: Windows, WSL (Ubuntu)

jabbson · August 11, 2025, 10:49pm

Here is mine if you wish to compare notes:

SQUID Config file

# =========================
# Squid explicit forward proxy (privacy-hardened)
# =========================

# Listen on the default proxy port
http_port 3128

# ---- ACLs: limit who can use the proxy ----
# Replace the subnet below with your Docker user-defined bridge subnet.
# Find it with: docker network inspect <stack>_proxy_net
acl localhost src 127.0.0.1/32 ::1
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16

# ---- Ports & methods considered safe ----
acl SSL_ports port 443 8443
acl Safe_ports port 80              # http
acl Safe_ports port 443             # https
acl Safe_ports port 8443            # alt https
acl Safe_ports port 1025-65535      # high ports often used by APIs
acl CONNECT method CONNECT

# ---- Privacy: do not leak client identity/IP ----
# Never add X-Forwarded-For, and remove if the client sent one
forwarded_for delete
# Suppress proxy identity
via off

# Strip common client-IP forwarding headers if clients try to send any
request_header_access X-Forwarded-For deny all
request_header_access Forwarded deny all
request_header_access Via deny all
request_header_access X-Real-IP deny all
request_header_access True-Client-IP deny all
request_header_access CF-Connecting-IP deny all
request_header_access X-Client-IP deny all
request_header_access X-Cluster-Client-IP deny all
request_header_access Fastly-Client-Ip deny all
request_header_access X-Forwarded deny all
request_header_access X-Original-Forwarded-For deny all

# (Optional) also strip proxy headers from responses coming back
reply_header_access Via deny all

# ---- Basic safety controls ----
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

# ---- Act as a pure proxy (no caching) to avoid data retention ----
cache deny all
cache_mem 0 MB
maximum_object_size 0 KB
maximum_object_size_in_memory 0 KB

# ---- Logging ----
access_log stdio:/var/log/squid/access.log
cache_log  stdio:/var/log/squid/cache.log

# ---- Housekeeping ----
coredump_dir /var/spool/squid

Docker Compose service

  squid:
    image: sameersbn/squid:latest
    container_name: squid
    restart: unless-stopped
    networks: ['n8n-infra']
    hostname: squid
    ports:
      - "3128:3128"
    volumes:
      - ./squid/squid.conf:/etc/squid/squid.conf:ro
      - ./squid/cache:/var/spool/squid
      - ./squid/logs:/var/log/squid

Then in HTTP Request node I use the Proxy option:

Laxusjee · August 12, 2025, 8:39pm

Hi @jabbson ! Thank you for your reply. I finally sloved the problem. It appeared to be n8n version problem. Docker decided to use older version of n8n container while build.

system · November 10, 2025, 8:39pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.