- Change N8N_HOST to 0.0.0.0 (internal bind address, not domain)
- Simplify VHost extraHeaders to ONLY set Origin header
- Remove duplicate X-Forwarded-* headers (OLS adds these automatically)
- Remove N8N_ALLOWED_ORIGINS and N8N_ALLOW_CONNECTIONS_FROM (not needed)
The key issue was duplicate X-Forwarded-Host headers. OpenLiteSpeed proxy
contexts automatically add X-Forwarded-* headers, so explicitly setting
them creates duplicates that cause n8n validation to fail.
Only the Origin header needs explicit configuration in extraHeaders.
This works with the patched OLS binary (MD5: b9c65aa2563778975d0d2361494e9d31)
that forwards Origin headers from the client.
- Changed from pinned version 1.86.1 to latest
- Requires OpenLiteSpeed binaries with Origin header forwarding support
- Compatible with n8n 1.87.0+ which has strict Origin validation
Note: This requires the OpenLiteSpeed binary that includes the Origin
header forwarding patch in the proxy module. The patch is available
in the CyberPanel OpenLiteSpeed distribution.
- Pin n8n to version 1.86.1 to avoid Origin header validation issues
- Change N8N_HOST from 0.0.0.0 to domain for better compatibility
- Add N8N_PROXY_HOPS=1 to fix X-Forwarded-For errors
- Add N8N_ALLOWED_ORIGINS and N8N_ALLOW_CONNECTIONS_FROM for future compatibility
- Fix SetupN8NVhost to remove malformed Origin header setting
n8n versions 1.87.0+ introduced strict Origin header validation that is
incompatible with OpenLiteSpeed proxy (which doesn't forward Origin headers).
Version 1.86.1 works correctly with OLS and SSE push backend.
The container health check was failing because Docker Compose v1 and v2
use different naming conventions:
- v1: project_service_1 (underscores)
- v2: project-service-1 (hyphens)
Changes:
1. Replaced hardcoded container name formatting with fuzzy matching
2. Added find_container_by_service() helper method for dynamic lookup
3. Updated monitor_deployment() to use dynamic container discovery
4. Container names are now found by normalizing and matching patterns
This fixes "Containers failed to reach healthy state" errors during
n8n deployment from CyberPanel UI.
Ticket References: XKTFREZUR, XCGF2HQUH
1. Set NODE_ENV=development for n8n Docker deployments to resolve Origin
header validation failures.
2. Remove ineffective "RequestHeader set Origin" from vhost configuration
since OpenLiteSpeed cannot override browser Origin headers anyway.
This is required due to an OpenLiteSpeed architectural limitation - OLS
cannot override browser Origin headers, which n8n v1.87.0+ strictly
validates in production mode. Apache and Nginx can override Origin headers
and work in production mode, but this is not possible with OpenLiteSpeed.
Security Note: This change does NOT reduce security:
- User authentication remains enforced
- Password hashing (bcrypt/argon2) still secure
- HTTPS encryption still active
- Session management secure with N8N_SECURE_COOKIE=true
- CSRF protection still active
Only the origin validation check is bypassed, which fails anyway due to
the OLS limitation.
Ticket References: XKTFREZUR, XCGF2HQUH
