Hi folks!
I’m trying to run n8n on a self-managed VPS using Docker with CyberPanel (OpenLiteSpeed) as the web server. Since recent n8n versions require a secure WebSocket (WSS) connection for push updates, I’m trying to get that working behind CyberPanel.
Unfortunately, OpenLiteSpeed does not support wss:// proxying natively (only ws://), and all my attempts at getting this to work — or fall back to polling — fail due to cookie/session/authentication issues.
I’m open to any working solution — whether that’s using OpenLiteSpeed directly or putting something like Traefik/Caddy/Nginx in front of n8n — as long as:
login works reliably
session cookies arrive
n8n frontend works with either polling or WSS
What is the error message (if any)?
If using websocket backend (N8N_PUSH_BACKEND=websocket), browser shows:
Firefox can’t establish a connection to the server at wss://n8n.sceneryworkshop.nl/rest/push?pushRef=xyz
NS_ERROR_WEBSOCKET_CONNECTION_REFUSED
If using polling backend, browser shows:
401 Unauthorized on /rest/login and /rest/push
Set-Cookie rejected by browser due to invalid or missing domain
No active session; login does not persist
Please share your workflow
This issue happens before any workflow is run — it occurs at the login stage, so no canvas or nodes are loaded.
Share the output returned by the last node
N/A — login itself fails due to session problems. No node ever runs.
Information on your n8n setup
n8n version: 1.90.2 (latest at time of writing)
Database: Default (SQLite)
n8n EXECUTIONS_PROCESS setting: own (standalone container), also tried queue mode
Running n8n via: Docker
Operating system: Ubuntu 22.04 on self-managed VPS
Docker version: 28.0.4
Docker Compose version: v2.33.1
Reverse proxy environment
Main web server: CyberPanel with OpenLiteSpeed 1.7.19
SSL: Managed via CyberPanel (Let’s Encrypt)
WAF / ModSecurity: Disabled
Domain: n8n.sceneryworkshop.nl
What I’ve tried
External App + Context in OLS configured to proxy / to 127.0.0.1:5678
Added required proxy headers like:
RequestHeader set Host %{HTTP_HOST}e
RequestHeader set X-Real-IP %{REMOTE_ADDR}e
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}e
RequestHeader set X-Forwarded-Proto https
RequestHeader set Cookie %{HTTP_COOKIE}e
Attempted to allow Set-Cookie in response via both:
Header set Set-Cookie %{HTTP:SET_COOKIE}e
addResponseHeader in the vHost rewrite rules
Verified that n8n is fully running and accessible directly via curl:
curl -v http://localhost:5678/rest/push
> Returns 401 (expected without session)
Browser dev tools confirm:
No Set-Cookie header received at login
Cookie rejected for invalid domain
Tried to run Traefik in Docker as a sidecar (on ports 8880/8843), but ran into port conflicts or no change in outcome
n8n still works in itself — but login/sessions/push break down behind OLS
What I’m looking for
A working n8n + WSS setup behind CyberPanel / OLS
Or a supported/predictable fallback using polling that works with session cookies
Either using OpenLiteSpeed directly or adding a reverse proxy like Nginx/Caddy/Traefik in front — I’m open to any solution that “just works”
Thanks a lot in advance — and happy to provide logs, screenshots, config snippets, or docker-compose files as needed!
— Hielke