When using n8n 1.119.1 deployed via Docker + Nginx, many users encounter the following message in the frontend:
You have a connection issue or the server is down. n8n should reconnect automatically once the issue is resolved.
Additionally, the browser console or container logs may show errors like:
wss://your-n8n-domain.com/rest/push?pushRef=xxxx failed to connect
Origin header does NOT match the expected origin.
ResponseError: Invalid origin!
These issues typically involve SSE / WSS push connection failures, preventing the frontend from receiving real-time updates.
1. Symptoms
-
n8n frontend loads normally, but real-time updates fail.
-
Browser shows connection errors; logs indicate WebSocket or SSE failures.
-
Container logs report
Invalid originorOrigin: undefined.
2. Root Causes
2.1 SSE replaces WebSocket
-
From n8n v1.90+, the
/rest/pushendpoint uses Server-Sent Events (SSE) instead of WebSocket. -
The frontend still tries WSS initially but falls back to SSE if it fails.
-
Adding WebSocket
Upgrade/Connectionheaders in Nginx is no longer needed and may break the connection.
2.2 Origin header validation
-
n8n SSE validates that the request’s
Originmatches the container’sN8N_HOSTandWEBHOOK_URL. -
If the request is missing the correct
Originheader, SSE is rejected:
Origin header does NOT match the expected origin.
ResponseError: Invalid origin!
2.3 Nginx/hosting interference
-
Default PHP includes (
enable-php-00.conf) may intercept/rest/push. -
Rewrite rules or root settings can override SSE paths.
-
Nginx buffer settings can interrupt long-lived SSE connections.
3. Solution
3.1 Configure Docker environment variables
Set the following in your docker-compose or container environment:
N8N_HOST=your-n8n-domain.com
N8N_PROTOCOL=https
N8N_PORT=5678
WEBHOOK_URL=https://your-n8n-domain.com/
N8N_PUSH_BACKEND=sse
# Optional: temporarily disable origin check for cross-domain access
# N8N_DISABLE_PUSH_ORIGIN_CHECK=true
Notes:
-
Container port remains
5678; HTTPS is handled by Nginx. -
N8N_PUSH_BACKEND=sseenables SSE. -
N8N_DISABLE_PUSH_ORIGIN_CHECK=truecan temporarily bypass origin validation if needed.
3.2 Nginx configuration (example)
server {
listen 80;
server_name your-n8n-domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name your-n8n-domain.com;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
error_page 404 /404.html;
error_page 502 /502.html;
access_log /var/log/nginx/n8n-access.log;
error_log /var/log/nginx/n8n-error.log;
location / {
proxy_pass http://127.0.0.1:5678;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Optional: force Origin header for cross-domain
proxy_set_header Origin https://your-n8n-domain.com;
# SSE settings
proxy_set_header Cache-Control 'no-cache';
proxy_set_header Accept 'text/event-stream';
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 3600;
}
# Disable interference from default PHP / rewrite / root
# include enable-php-00.conf;
# root /var/www/html;
# include /etc/nginx/conf.d/rewrite.conf;
location ~ .*\.(js|css|png|jpg|jpeg|gif|bmp|svg|ico|webp)$ {
expires 30d;
access_log off;
error_log off;
}
location ~ \.well-known { allow all; }
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) { return 404; }
}
3.3 Deployment Steps
- Apply and restart Nginx:
nginx -t
systemctl restart nginx
- Update docker-compose environment variables and restart n8n:
docker-compose down
docker-compose up -d
-
Open n8n in the browser → F12 → Network →
/rest/push-
Status: 200 OK
-
Content-Type:
text/event-stream -
Connection remains
CONNECTING/OPEN→ SSE works properly
-
-
If
Invalid originpersists, check thatN8N_HOSTmatches the accessed domain or enableN8N_DISABLE_PUSH_ORIGIN_CHECK=true.
3.4 Notes
-
Do not use WebSocket
Upgrade/Connectionheaders; SSE replaces WSS. -
Keep
N8N_PORTas 5678; SSL is handled by Nginx. -
Comment out PHP includes, rewrite rules, and root directives to avoid intercepting SSE.
-
Origin check can be temporarily disabled for testing.
4. Summary
-
The “You have a connection issue or the server is down” message usually indicates SSE push is blocked.
-
n8n 1.119.1 uses SSE instead of WebSocket.
-
Correct Docker environment variables and Nginx SSE configuration are critical.
-
Origin validation is the most common reason SSE push fails.
-
With proper setup, frontend real-time updates will work and the connection message disappears.
This configuration ensures SSE push works reliably, and the n8n frontend reconnects automatically without showing connection errors.