Troubleshooting accessing webhook URL on port 5678 docker instance of N8N behind Cloudflare

Describe the problem/error/question

I have a standard docker self hosted community version of n8n Ver 1.82
running on ubuntu 22.04
dedicated server with no other function.
using DNS it is available as subdomain

Works great for years

Recently moved it behind Cloudflare by changing hostname to Cloudfalre

use Cloudflare DNS (no proxy) to the subdomain.- everything works


Now when I try and create a new google credential I have an issue.
Cloudflare does not pass port 5678 through.

My oauth redirect URL is

When i sign in with google to grant access to the app. I get almost to the end and then after displaying what permissions I wish to grant. it then errors out with the

this is because Cloudflare is not passing the URI through.

Iā€™m confused because i thought cloudflare in DNS mode only should allow this.

However having exhausted that avenue I wonder how we might configure the N8N oauth uri to be using port 2083 rather than 5678.

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

hi @Paul_H

Usually, callbacks are on port 443, why do you need it on port 2083?
Check if the redirect URI matches the URI you have set in Google account.
And check if the certificate for your site is valid

Good advice

Here is the URI in n8n auth connection setup. As provided by n8n

Here is the uri in the google site

Cert on is valid.

When i try to authenticate from the n8n credentias setup. I get to the app consent screen and approve all access. Then it fails.

I know cloudflare does not allow port 5678

Why do we have that in the uri above. can it be safely removed?

port 5678 is the default port that n8n is listening to. You can change it with the environment variable N8N_PORT. There is also a separate variable for webhooks URL either, but dunno if it works for credentials.

But listening the 443 port directly is not safe as your n8n service will be explicitly available to public. Generally, n8n is placed behind the proxy/ALB and the schema will look like this:

  • ALB/proxy is listening the HTTPS port (publicly available), then it sends all the requests to the n8n on port 5678.
  • n8n is not accessible from the outside and receive traffic only form that ALB/proxy. So everybody is happy :slight_smile:
1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.