Subject: Telegram Trigger not receiving events behind Cloudflare Tunnel & Access (Dashboard is working)

Questions
1

Environment:

  • OS: Ubuntu

  • Setup: Docker-compose (Dockge)

  • Access: Cloudflare Tunnel + Cloudflare Access (Zero Trust)

  • n8n Version: Latest Docker

Current Situation:

My n8n dashboard is now fully accessible at https://n8n.e*******.site. The Cloudflare Tunnel is active and stable. However, the Telegram Trigger node is not receiving any messages/events from Telegram.

What has been configured:

  1. Environment Variables:

    • ​N8N_HOST=n8n.e*******.site

    • ​N8N_PROTOCOL=https

    • ​WEBHOOK_URL=https://n8n.e*******.site/ (Verified that n8n generates HTTPS webhook URLs).

  2. Network Routing:

    • ​Cloudflare Tunnel points to the Docker Bridge IP 172.17.0.1:5678.

    • ​Dashboard loads perfectly, so the tunnel-to-container path is working.

  3. Cloudflare Access Policy:

    • ​I have a Zero Trust Access policy protecting the dashboard.

    • Question: I suspect this policy is blocking Telegram’s incoming Webhooks. Should I add a Bypass Policy specifically for the /webhook/* path?

  4. Bot Testing:

    • ​Bot token is correct.

    • ​Manually reset webhooks via deleteWebhook API.

    • ​No errors shown in n8n UI, but the “Test Step” just waits forever for an event.

Specific Questions:

  1. ​Is a Bypass Policy for path /webhook/* enough to let Telegram through Cloudflare Access?

  2. ​Are there any specific Cloudflare WAF or Bot Fight Mode settings that usually block Telegram’s servers?

  3. ​Should I use 172.17.0.1 or the container name for better stability in this specific tunnel setup?

​Thanks for the help!

2

Hi @el_azhari_akram

cloudflare is blocking your webhooks before they reach n8n. it adds an auth
challenge and telegram just gives up.

you need two bypass rules in cloudflare - one for /webhook/* (active workflows)
and one for /webhook-test/* (manual testing). both paths, not just one.

also check bot fight mode in the cloudflare security tab - it sometimes
mistakes telegram requests for bots and blocks them.

for docker - use the container name like n8n:5678 instead of 172.17.0.1.
that IP changes every time the container restarts, so your tunnel breaks.
the container name stays stable.

Hopefully it should work once those are set.

1 Like
3

Yeah cloudflare access is definitely blocking telegram’s webhooks since telegram can’t authenticate against your zero trust policy. You need to create a separate access application for the webhook paths with a bypass rule set to everyone, and make sure it’s ordered above your main protected application in the tunnel config so it takes priority. Also worth checking if bot fight mode is on in security settings since that can block telegram too, and the free tier version can’t be bypassed with WAF rules so you’d need to disable it entirely or whitelist telegram’s IP ranges (149.154.160.0/20 and 91.108.4.0/22) in firewall tools.

1 Like