Telegram Docker WEBHOOK_URL connection refused

rudijs · May 11, 2025, 4:23pm

Hi,

I am trying to add Telegram API (on message) credentials.

I’m using n8n with docker, running fine on http://localhost:5678/

For the Telegram credentials, I’ve created a group and have added the Access Token.API

This is my docker command:

docker run -it --rm --name n8n -p 5678:5678 -v n8n_data:/home/node/.n8n 
--env WEBHOOK_URL=https://fd8c-zzz-zzz-zzz-107.ngrok-free.app 
docker.n8n.io/n8nio/n8n

I can view my n8n instance login page in my browser using the ngrok URL set as the WEBHOOK_URL

The issue is when I test the credentials in n8n I consistently get the error:

The service refused the connection - perhaps it is offline
connect ECONNREFUSED 127.0.0.1:443
connect ECONNREFUSED 127.0.0.1:443

That error confuses me, I’m expecting it to not use localhost and use the WEBHOOK_URL

Any ideas where I’m going wrong?

I’ve restarted and removed docker images, to ensure the env vars are correct.

Debug with this:

docker exec n8n printenv WEBHOOK_URL
https://fd8c-zzz-zzz-zzz-107.ngrok-free.app

So the docker env var looks set correctly.

ngrok is running with:

ngrok http http://localhost:5678

Hmmm… tips or suggestions much appreciated!

rudijs · May 12, 2025, 6:55am

OK, had to:

strip out traefik SSL stuff (so local connections do not use SSL)
set env var to not use ssl (OK for local, not for prod)
use a VPN, my local provider kept failing on DNS for api.telegram.org

Working now:

Local docker N8N
Telegram integration (on message) works.

Mark as resolved.

Jon · May 12, 2025, 7:40am

That will get you, If you are not using the reverse proxy and want to use a tunnel instead you can skip that part of running n8n.

You don’t need to set the option to not use ssl though that will be unrelated.

rudijs · May 12, 2025, 8:40am

Ah, so far this is what I’ve got - the provided docker file from the docs.

Commented out parts for local docker w/ ngrok (for external webhooks)

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      # - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      # - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      # - "--entrypoints.websecure.address=:443"
      # - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      # - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      # - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      # - "443:443"
    volumes:
      - traefik_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      # - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web #,websecure
      # - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      # - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      # - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      # - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      # - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      # - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      # - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      # - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      # - traefik.http.middlewares.n8n.headers.STSPreload=true
      # - traefik.http.routers.n8n.middlewares=n8n@docker
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=http
      # - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:
  traefik_data:

rudijs · May 12, 2025, 8:41am

I would like to not disable SSL locally, but so far I’ve had to.

I’ll continue to tinker with options on and off.

Jon · May 12, 2025, 8:44am

If you are using a tunnel all you will need is the below, The others are default values and would be fine. The n8n_protocol won’t do anything if you don’t have the certs coming from n8n but if you are using a reverse proxy or a tunnel this doesn’t matter as much as that will be handling the inbound SSL/TLS for you.

n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    environment:
      - WEBHOOK_URL=https://your_tunnel_url
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - TZ=${GENERIC_TIMEZONE}
    volumes:
      - n8n_data:/home/node/.n8n
      - ./local-files:/files

volumes:
  n8n_data:

rudijs · May 12, 2025, 9:03am

OK great, this works perfect.

So is it:

With ngrok = no traefik required

Without ngrok (cloud hosted) = traefik required

Jon · May 12, 2025, 9:30am

You got it, You could replace Traefik with Caddy or nginx as well or you could also host on a VPS and still use a tunnel so you don’t need to open any inbound ports.

system · May 19, 2025, 9:30am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.