Fix n8n proxy configuration for OpenLiteSpeed compatibility

- Change N8N_HOST to 0.0.0.0 (internal bind address, not domain) - Simplify VHost extraHeaders to ONLY set Origin header - Remove duplicate X-Forwarded-* headers (OLS adds these automatically) - Remove N8N_ALLOWED_ORIGINS and N8N_ALLOW_CONNECTIONS_FROM (not needed) The key issue was duplicate X-Forwarded-Host headers. OpenLiteSpeed proxy contexts automatically add X-Forwarded-* headers, so explicitly setting them creates duplicates that cause n8n validation to fail. Only the Origin header needs explicit configuration in extraHeaders. This works with the patched OLS binary (MD5: b9c65aa2563778975d0d2361494e9d31) that forwards Origin headers from the client.
2026-05-06 07:46:20 +02:00 · 2025-11-08 00:32:16 +05:00
parent fd6c8a337a
commit 61bc08d36c
1 changed files with 5 additions and 12 deletions
--- a/plogical/DockerSites.py
+++ b/plogical/DockerSites.py
@@ -308,9 +308,8 @@ extprocessor docker{port} {{
                logging.writeToFile("Context already exists, skipping...")
                return True

-            # Add proxy context with proper headers for n8n
-            # NOTE: Do NOT include "RequestHeader set Origin" - OpenLiteSpeed cannot override
-            # browser Origin headers, which is why NODE_ENV=development is required
+            # Add proxy context with proper headers for n8n (OLS adds X-Forwarded-*; Origin set for n8n)
+            # NOTE: OpenLiteSpeed cannot override browser Origin headers; NODE_ENV=development may be required
            proxy_context = f'''

 # N8N Proxy Configuration
@@ -321,11 +320,7 @@ context / {{
  websocket               1

  extraHeaders            <<<END_extraHeaders
-  RequestHeader unset X-Forwarded-For
-  RequestHeader set X-Forwarded-For $ip
-  RequestHeader set X-Forwarded-Proto https
-  RequestHeader set X-Forwarded-Host "{domain}"
-  RequestHeader set Host "{domain}"
+  RequestHeader set Origin "https://{domain}"
  END_extraHeaders
 }}
 '''
@@ -1410,7 +1405,7 @@ services:
                'DB_POSTGRESDB_DATABASE': self.data['MySQLDBName'],
                'DB_POSTGRESDB_USER': 'postgres',
                'DB_POSTGRESDB_PASSWORD': self.data['MySQLPassword'],
-                'N8N_HOST': f"{self.data['finalURL']}",
+                'N8N_HOST': '0.0.0.0',
                'N8N_PORT': '5678',
                'NODE_ENV': 'development',  # Required for OpenLiteSpeed compatibility - OLS cannot override browser Origin headers which n8n v1.87.0+ validates in production mode
                'N8N_EDITOR_BASE_URL': f"https://{self.data['finalURL']}",
@@ -1423,9 +1418,7 @@ services:
                'DB_POSTGRESDB_SCHEMA': 'public',
                'N8N_PROTOCOL': 'https',
                'N8N_SECURE_COOKIE': 'true',
-                'N8N_PROXY_HOPS': '1',
-                'N8N_ALLOWED_ORIGINS': f"https://{self.data['finalURL']}",
-                'N8N_ALLOW_CONNECTIONS_FROM': '*'
+                'N8N_PROXY_HOPS': '1'
            }
        }