Step by Step Guide to solve n8n Proxy Configuration Errors
Who this is for: Developers and DevOps engineers running n8n behind a corporate proxy (Docker or npm installations). We cover this in detail in the n8n Installation Errors Guide.
Quick Diagnosis
Set the proxy variables before starting the container or running npm. Then restart n8n.
# Docker run (environment) docker run -d \ -e HTTP_PROXY="http://proxy.mycorp.com:8080" \ -e HTTPS_PROXY="http://proxy.mycorp.com:8080" \ -e NO_PROXY="localhost,127.0.0.1"
# Docker run (command) docker run -d --name n8n -p 5678:5678 n8nio/n8n
# docker‑compose (environment)
services:
n8n:
environment:
- HTTP_PROXY=http://proxy.mycorp.com:8080
- HTTPS_PROXY=http://proxy.mycorp.com:8080
- NO_PROXY=localhost,127.0.0.1
# npm proxy configuration npm config set proxy http://proxy.mycorp.com:8080 npm config set https-proxy http://proxy.mycorp.com:8080
After applying the above, restart the service. n8n will resolve external APIs and package registries without a proxy‑configuration error.
1. Why n8n Throws a Proxy Configuration Error
If you encounter any ssl certificate error n8n resolve them before continuing with the setup.
n8n uses two networking layers that each need proxy awareness:
| Layer | Why a proxy is required | Typical failure |
|---|---|---|
| Docker runtime | Pulling the image and calling external APIs (GitHub, Slack, etc.) | `Error: getaddrinfo ENOTFOUND` or “Could not resolve host” |
| npm / Node | Installing n8n or loading optional dependencies at runtime | `npm ERR! network request failed` or “self‑signed certificate” |
If the relevant environment variables are missing or malformed, n8n aborts with a *proxy configuration error*.
2. Configuring Proxy for Docker‑Based n8n
If you encounter any docker compose configuration error n8n resolve them before continuing with the setup.
2.1. One‑off docker run (quick test)
Purpose: Launch a single‑use container with the required proxy variables.
docker run -d \ --name n8n \ -p 5678:5678 \ -e HTTP_PROXY="http://proxy.mycorp.com:8080" \ -e HTTPS_PROXY="http://proxy.mycorp.com:8080" \ -e NO_PROXY="localhost,127.0.0.1" \ n8nio/n8n
EEFA tip: If the proxy requires authentication, store credentials in Docker secrets instead of hard‑coding them.
2.2. Persistent setup with docker‑compose.yml
Purpose: Keep the configuration under version control and reuse it.
version: "3.8"
services:
n8n:
image: n8nio/n8n
restart: unless-stopped
ports:
- "5678:5678"
environment:
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=admin
- N8N_BASIC_AUTH_PASSWORD=strongPassword
# Proxy settings (referenced from .env)
- HTTP_PROXY=${HTTP_PROXY}
- HTTPS_PROXY=${HTTPS_PROXY}
- NO_PROXY=${NO_PROXY}
volumes:
- ~/.n8n:/home/node/.n8n
Create a matching .env file (never commit it):
HTTP_PROXY=http://proxy.mycorp.com:8080 HTTPS_PROXY=http://proxy.mycorp.com:8080 NO_PROXY=localhost,127.0.0.1
2.3. Verify Docker’s proxy usage
Purpose: Confirm the container can reach the internet through the proxy.
docker exec n8n curl -I https://api.github.com
A 200 OK response means the proxy is correctly applied. If you see CONNECT ECONNREFUSED, double‑check the proxy URL and port—Docker does not process PAC files.
3. Configuring Proxy for npm‑Based n8n Installations
3.1. Global npm proxy settings
npm config set proxy http://proxy.mycorp.com:8080 npm config set https-proxy http://proxy.mycorp.com:8080
Validate the configuration:
npm config get proxy npm config get https-proxy
3.2. Project‑specific .npmrc (recommended for CI/CD)
Purpose: Keep proxy settings scoped to the n8n project.
proxy=http://proxy.mycorp.com:8080 https-proxy=http://proxy.mycorp.com:8080 # Only if the corporate proxy intercepts TLS strict-ssl=false
EEFA warning: strict-ssl=false disables certificate validation globally. Use it only in a controlled environment or, preferably, add the corporate root CA to Node’s trust store.
3.3. Installing n8n behind the proxy
npm install -g n8n # or, inside a project npm install n8n --save
If the install still times out, extend the retry window:
npm config set fetch-retry-maxtimeout 120000
4. Common Pitfalls & EEFA Checklist
| Symptom | Likely cause | Fix |
|---|---|---|
| `ENOTFOUND` when pulling Docker image | Proxy vars missing from Docker daemon | Add HTTP_PROXY/HTTPS_PROXY to docker run or docker‑compose.yml |
| `self‑signed certificate` from npm | TLS interception without corporate CA in Node | Import the CA (see §6.2) or temporarily set strict-ssl=false |
| `Proxy authentication required` | Credentials not supplied or stored insecurely | Use Docker secrets or npm’s auth endpoint |
| `npm ERR! network request failed` after setting proxy | Proxy URL typo or wrong port | Test with curl -x http://proxy:8080 https://registry.npmjs.org/ |
| Container still blocked after proxy vars set | `NO_PROXY` unintentionally excludes required hosts | Remove the host from NO_PROXY or leave the variable empty for testing |
EEFA Troubleshooting Checklist
- Confirm proxy hostname and port with IT.
- Test host connectivity from the machine:
curl -x http://proxy:8080 https://example.com. - Add
HTTP_PROXY,HTTPS_PROXY, andNO_PROXYto Docker environment. - Set proxy in npm globally or via a project‑scoped
.npmrc. - If TLS interception is used, import the corporate root CA into the container (see §6.2).
- Restart the Docker container or Node process after any change.
- Run a simple
curlornpm pinginside the container to verify connectivity.
5. When and How to Use NO_PROXY
NO_PROXY tells Docker/Node to bypass the proxy for listed hosts. Typical values:
NO_PROXY=localhost,127.0.0.1,::1,*.mycorp.internal
– Do not list external API domains (e.g., api.slack.com) unless they are reachable without the proxy.
– Use NO_PROXY for internal services that are not routed through the corporate proxy.
6. Advanced: Authenticated Proxies & Self‑Signed Certificates
6.1. Authenticated proxy syntax
export HTTP_PROXY="http://user:password@proxy.mycorp.com:8080" export HTTPS_PROXY="http://user:password@proxy.mycorp.com:8080"
EEFA security tip: Store credentials as Docker secrets instead of plain text.
secrets:
proxy_user:
file: ./secrets/proxy_user.txt
proxy_pass:
file: ./secrets/proxy_pass.txt
services:
n8n:
environment:
- HTTP_PROXY=http://$(cat /run/secrets/proxy_user):$(cat /run/secrets/proxy_pass)@proxy.mycorp.com:8080
6.2. Handling self‑signed proxy certificates
- Obtain the corporate CA certificate (
corp-ca.crt). - Extend the official image with the CA:
FROM n8nio/n8n:latest COPY corp-ca.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates
- Rebuild and redeploy:
docker build -t myorg/n8n-proxy . docker run -d -p 5678:5678 myorg/n8n-proxy
Now Node and curl trust the proxy’s TLS termination.
Conclusion
Setting HTTP_PROXY, HTTPS_PROXY, and NO_PROXY correctly is the cornerstone of running n8n behind a corporate firewall. Apply the variables at the Docker level and in npm (global or .npmrc). When the proxy performs TLS interception, import the corporate CA into the container or relax SSL only as a temporary measure. Following the EEFA checklist ensures a secure, repeatable configuration that works in real‑world production environments.
