Nginx Reverse Proxy Setup for self hosted n8n

saadeddine · September 3, 2025, 6:02am

For those who are struggling configuring selfhosted n8n with nginx reverse proxy setup. here is my final working conf file configuration.

# =========================

# Map WebSocket Upgrade

# =========================

map $http_upgrade $connection_upgrade {

 default upgrade;

 '' close;
}

# =========================

# Reverse Proxy (HTTPS)

# =========================

server {

 # Use 443 for standard HTTPS. If you must use a custom port, change both here and in the HTTP->HTTPS redirect below.

 listen 443 ssl http2;

 server_name EXAMPLE.COM;


 # Let's Encrypt cert paths for EXAMPLE.COM

 ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem;

 ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem;

 include /etc/letsencrypt/options-ssl-nginx.conf;

 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


 # (Optional) OCSP stapling — enable if you’ve set it up

 ssl_stapling off;

 ssl_stapling_verify off;


 # Security headers

 add_header X-Frame-Options "SAMEORIGIN" always;

 add_header X-XSS-Protection "1; mode=block" always;

 add_header X-Content-Type-Options "nosniff" always;


 # Access log (generic name)

 access_log /var/log/nginx/EXAMPLE.COM.access.log;


 location / {

 # Upstream app (private network or container IP)

 proxy_pass http://10.0.0.10;

 proxy_http_version 1.1;


 # Preserve headers

 proxy_set_header Host $host;

 proxy_set_header X-Real-IP $remote_addr;

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 proxy_set_header X-Forwarded-Proto $scheme;

 proxy_set_header X-Forwarded-Port $server_port;

 proxy_set_header X-Original-Host $host;


 # (Optional) origin passthrough if your app needs it

 proxy_set_header Origin $host;


 # WebSocket support

 proxy_set_header Upgrade $http_upgrade;

 proxy_set_header Connection $connection_upgrade;


 # Timeouts for long-running requests

 proxy_read_timeout 36000s;

 proxy_send_timeout 36000s;


 # Disable buffering/caching for streaming/WS

 chunked_transfer_encoding off;

 proxy_buffering off;

 proxy_cache off;

 }

}


# =========================

# HTTP -> HTTPS Redirect

# =========================

server {

 listen 80;

 server_name EXAMPLE.COM;


 # Redirect all HTTP to HTTPS (adjust port if you use a non-standard HTTPS port)

 return 301 https://$host$request_uri;

}