🇪🇺 Fixed egress for n8n HTTP Request nodes

🇪🇺 Static IP for n8n

When an n8n workflow calls an API that whitelists IPs, Cloud's rotating egress breaks it. Route your HTTP Request nodes through two fixed static EU IPs and the whitelist keeps working.

n8n HTTP Request node

// env: HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

// an HTTP Request node calling a whitelisted API

return await this.helpers.httpRequest({

  method: 'POST',

  url: 'https://api.partner.com/orders',

  headers: { Authorization: 'Bearer ..' }

})

Why n8n workflows keep losing their IP

n8n is bidirectional, but the part that breaks is the outbound leg: workflows calling APIs that only trust specific source addresses.

HTTP Request nodes hit whitelists

Payment, banking, CRM, and B2B partner APIs often restrict access to known IPs. An n8n HTTP Request node calling them from an unknown address just returns 403, and the workflow fails mid-run.

n8n Cloud egress moves

Cloud instances scale across shared infrastructure, so the outbound IP shifts over time. A workflow that passed a whitelist on Monday can be blocked by Friday with no change to the nodes.

Self-hosted behind NAT or VPN

Self-hosted n8n often runs in a private network or behind a NAT that partners can't whitelist. Teams end up punching holes or running custom proxies just to give partners a predictable address.

Many workflows, no single identity

A typical setup runs dozens of workflows across dev and prod. Without a fixed egress, there is no one address to hand a partner or to point at in an audit of where automation traffic originates.

When a partner asks

"Give us the IP address your automation will call from."

You want one fixed answer that holds across every workflow run, not "whichever Cloud worker served the execution."

The Solution

Send n8n's outbound requests through one fixed EU IP

n8n workflow

HTTPS Proxy

(Static EU IP)

Whitelisted API

Every HTTP Request node in every workflow leaves from the same pair of EU addresses. Two IPs back the account, and if one is down the other takes over.

No node redesign. Set the proxy once and every HTTP Request node picks it up, including the n8n REST API client and custom code nodes.
Works for n8n Cloud and self-hosted alike, so the same fixed address follows your automation from staging into production.
TLS passes straight through, so API keys, tokens, and the data your workflows move stay unreadable at the proxy.

What this gives an n8n setup

Two fixed EU addresses to whitelist, with automatic failover between them. You hand partners one stable thing to trust instead of a rotating list.
Stable across Cloud scaling and self-hosted restarts. The address holds whether a workflow runs once a day or a thousand times an hour.
EU egress for automation traffic, which lines up with how GDPR-minded teams want workflow data to leave their infrastructure.
No rework of nodes. The proxy is an environment setting, so your existing HTTP Request and webhook-based workflows keep their logic intact.
Plays nicely with the n8n REST API itself: calls you make to manage workflows (with your X-N8N-API-Key) also go out through the same fixed pair.

Who it's built for

Automation engineers

Building n8n workflows that call partner APIs behind IP whitelists and need those calls to keep passing.

Ops & DevOps teams

Running self-hosted n8n behind NAT who need a predictable external address without maintaining their own proxy.

Integration specialists

Connecting CRMs, ERPs, and B2B systems through n8n where the partner demands a fixed source IP.

Compliance-minded teams

Accountable for where automation data goes, who want a documented EU egress rather than an ever-changing address.

Implementation

Set HTTPS_PROXY and your workflow's outbound requests leave through your fixed EU IP. No node redesign.

n8n HTTP Request node

n8n honours the standard proxy environment variables, so an HTTP Request node calling a whitelisted partner API already leaves through your static IP once HTTPS_PROXY is set on the host.

# env on the n8n host (Cloud env vars or self-hosted docker)
HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

// inside an n8n HTTP Request node (Code node form)
return await this.helpers.httpRequest({
  method: 'POST',
  url: 'https://api.partner.com/orders',
  headers: { Authorization: `Bearer ${$env.PARTNER_TOKEN}` },
  body: items[0].json,
});

Calling the n8n REST API itself

Managing workflows programmatically? Calls to the n8n REST API (authenticated with X-N8N-API-Key) also route through your static IP.

# .env
HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443
N8N_API_KEY=n8n_api_xxx

import requests

# requests reads HTTPS_PROXY from the environment automatically
r = requests.get(
    "https://your-instance.app.n8n.cloud/api/v1/workflows",
    headers={"X-N8N-API-Key": os.environ["N8N_API_KEY"]},
)

n8n Cloud, self-hosted Docker, Kubernetes

Set the variable where your n8n runs. Never paste the proxy string in plaintext.

# self-hosted n8n in docker-compose: load a .env file
services:
  n8n:
    image: n8nio/n8n
    env_file:
      - .env

# Kubernetes: pull it from a Secret
env:
  - name: HTTPS_PROXY
    valueFrom:
      secretKeyRef:
        name: outboundgateway-proxy
        key: proxy-url

# n8n Cloud: set as a custom environment variable
HTTPS_PROXY=${OUTBOUNDGATEWAY_PROXY_URL}

Two IPs, so a workflow run doesn't depend on one box

Your account comes with two static IP addresses (for example 51.xx.xx.10 and 51.xx.xx.11). Register both wherever you whitelist a source IP. If one proxy node is briefly unavailable, traffic shifts to the other, so a scheduled n8n execution isn't the thing that fails because of a proxy blip.

📖 Want the longer version? Worked examples, error handling, and other languages are in the Python SSL Proxy Guide, Node.js Guide, and the rest of the docs.

EU egress for automation traffic

Workflows move real business data. Controlling where that traffic leaves from is part of keeping it compliant.

European infrastructure

The proxy runs in EU data centres, so your workflow's outbound calls leave from European infrastructure rather than wherever a Cloud worker happens to be scheduled.

GDPR-conscious by design

Because TLS passes straight through, the proxy never decodes your tokens or the records your workflows move. It forwards encrypted bytes; it doesn't read them.

No transatlantic detours

Traffic doesn't bounce through US infrastructure on its way to a partner API, which removes a common wrinkle from GDPR data-transfer reviews.

An egress you can name

When a partner or auditor asks where your automation calls from, the answer is two fixed EU addresses, not a list that changes with Cloud scaling. The failover pair covers maintenance windows.

Why teams route n8n through OutboundGateway

A pair of fixed IPs

Two addresses to register, with automatic failover, so your workflow traffic isn't riding on a single point of failure.

No node redesign

Set one env var and your existing HTTP Request nodes start routing through the proxy. The workflow logic is untouched.

Cloud and self-hosted

The same fixed pair follows n8n from a Cloud instance to a self-hosted deployment, so partners see one address.

Covers the REST API too

Calls you make to manage workflows and executions (with your X-N8N-API-Key) go out through the same stable pair.

Encrypted end to end

TLS passthrough means the proxy can't read your traffic. Tokens, API keys, and records stay private the whole way.

Flexible plans

Starting from €29/month. Flexible plans for every scale. Cancel anytime.

Give your n8n workflows a fixed EU egress

Stop letting Cloud scaling and NAT decide which IP your workflows call from. Put n8n's outbound traffic behind one stable, GDPR-conscious address.

€29/month starter plan • 7-day refund policy • Direct founder support

Frequently asked questions

Does this cover inbound Webhook nodes too?

It covers the outbound side. Webhook nodes in n8n are inbound triggers that other services call into your n8n instance, so a forward proxy doesn't affect them (they need your instance to be reachable, optionally behind n8n's own Basic/Header/JWT auth). The proxy is for the HTTP Request nodes and REST API calls that your workflows send out to other APIs.

Does it work for self-hosted n8n, not just Cloud?

Yes. Self-hosted n8n honours the same HTTPS_PROXY environment variable, whether you run it in Docker, Kubernetes, or directly on a VM. That's useful for self-hosted setups behind a NAT or VPN where partners can't whitelist your private address: you give them the fixed EU proxy pair instead.

Will an IP whitelist keep working as Cloud scales?

That's the main reason teams add the proxy. n8n Cloud's outbound address shifts as instances scale across shared infrastructure, which would normally break an IP whitelist over time. By routing outbound calls through a fixed pair of EU addresses and registering both, the whitelist keeps passing no matter which worker serves a given execution.

Still weighing it up?

Happy to talk through how a two-IP egress fits your specific n8n setup, whether it's Cloud, self-hosted, or a mix.

Contact Our Founders →