QuotaGuard and n8n Integration Guide
Table of contents
QuotaGuard and n8n Integration Guide
QuotaGuard Static IPs allow your n8n workflows to send outbound HTTP requests through a load-balanced pair of static IP addresses. Once configured, you can use QuotaGuard’s IPs to connect to firewalled APIs, enterprise databases, and services that require IP allowlisting.
You do not need QuotaGuard for internal n8n operations or connections to services that don’t require IP whitelisting. QuotaGuard is specifically for reaching external services that block requests from unknown IP addresses.
Why n8n Workflows Get Blocked
When you run a workflow on n8n Cloud or a self-hosted instance on a cloud provider, your outbound traffic comes from shared, rotating IP addresses. These IPs are often flagged by:
- Enterprise firewalls and WAFs (Cloudflare, Akamai)
- Corporate APIs with IP allowlisting requirements
- Google Workspace Context-Aware Access policies
- Financial services and healthcare APIs with strict access controls
- Database providers like MongoDB Atlas or Amazon RDS
The result is 403 Forbidden or ECONNREFUSED errors that have nothing to do with your workflow logic. Your API keys are valid. Your code is correct. The target service is simply blocking cloud IP ranges.
QuotaGuard gives your n8n workflows a fixed, verifiable identity that partners can add to their firewall allowlists once.
Getting Started
After creating a QuotaGuard account, you will be redirected to your dashboard where you can find your proxy credentials and static IP addresses.
Choose the right proxy region: Select a QuotaGuard region close to your n8n deployment to minimize latency:
| n8n Hosting Location | Recommended QuotaGuard Region |
|---|---|
| US (AWS, DigitalOcean) | US-East |
| Europe | EU |
| Asia-Pacific | AP-Southeast or AP-Northeast |
Your proxy URL will look like this:
http://username:password@us-east-static-01.quotaguard.com:9293
This URL contains your credentials and the proxy hostname. You’ll use this to route n8n requests through your static IPs.
Finding Your Static IPs: Your two static IPs are displayed in the QuotaGuard dashboard. Both IPs are active simultaneously for high availability. Add both to any firewall allowlists you’re configuring on the target service side.
Configuring n8n
n8n supports proxy configuration at multiple levels depending on your deployment type and needs.
Option 1: HTTP Request Node (Recommended for Most Users)
The simplest approach is configuring the proxy directly in individual HTTP Request nodes. This works for both n8n Cloud and self-hosted instances.
Step 1: Open your HTTP Request node in the n8n workflow editor.
Step 2: Click Add Option at the bottom of the node configuration panel.
Step 3: Select Proxy from the options list.
Step 4: Enter your QuotaGuard proxy URL:
http://username:password@us-east-static-01.quotaguard.com:9293
Step 5: Execute your workflow. All requests from this node will now route through your static IP.
This method is ideal when:
- You’re using n8n Cloud
- You only need static IPs for specific API calls
- Different nodes need different proxy configurations
Option 2: n8n Credentials (Reusable Proxy Configuration)
For workflows where multiple HTTP Request nodes need the same proxy, you can store your QuotaGuard credentials as an n8n credential and reference it across nodes.
Step 1: Go to Settings > Credentials in your n8n instance.
Step 2: Click Add Credential and select HTTP Request.
Step 3: Configure the credential with your proxy details. In the Additional Options, enable Proxy and enter your QuotaGuard URL.
Step 4: In your HTTP Request nodes, select this credential instead of entering the proxy URL manually each time.
Option 3: Global Environment Variables (Self-Hosted Only)
For self-hosted n8n instances, you can configure the proxy globally so all outbound HTTP requests route through QuotaGuard automatically.
Docker Compose:
Add these environment variables to your docker-compose.yml:
version: '3'
services:
n8n:
image: n8nio/n8n
environment:
- HTTP_PROXY=http://username:password@us-east-static-01.quotaguard.com:9293
- HTTPS_PROXY=http://username:password@us-east-static-01.quotaguard.com:9293
- NO_PROXY=localhost,127.0.0.1
# ... rest of your configuration
npm/Node.js Installation:
Set the environment variables before starting n8n:
export HTTP_PROXY="http://username:password@us-east-static-01.quotaguard.com:9293"
export HTTPS_PROXY="http://username:password@us-east-static-01.quotaguard.com:9293"
export NO_PROXY="localhost,127.0.0.1"
n8n start
Important: The NO_PROXY variable prevents internal n8n traffic from routing through the proxy. Without it, internal health checks and local connections may fail.
Option 4: n8n Desktop App
The n8n desktop application supports proxy configuration through the HTTP Request node options (Option 1 above). You can also run a local tunnel using QuotaGuard’s qgtunnel wrapper for development testing.
For desktop testing with the proxy:
- Configure the proxy in your HTTP Request node as described in Option 1
- Or set system-wide proxy environment variables before launching the desktop app
Database Connections (SOCKS5)
For non-HTTP protocols like PostgreSQL, MySQL, or MongoDB connections from n8n, use QuotaGuard’s SOCKS5 proxy with QGTunnel.
When to Use SOCKS5
Standard HTTP proxies only handle HTTP/HTTPS traffic. If your n8n workflow uses:
- PostgreSQL node
- MySQL node
- MongoDB node
- SSH node
- FTP node
- Any raw TCP connection
You’ll need SOCKS5 proxying.
Setting Up QGTunnel for Self-Hosted n8n
Step 1: Download QGTunnel to your n8n server:
curl https://s3.amazonaws.com/quotaguard/qgtunnel-latest.tar.gz | tar xz
Step 2: Configure your tunnel in the QuotaGuard dashboard:
Navigate to Settings > Setup > Tunnel > Create Tunnel.
Example PostgreSQL configuration:
| Setting | Value |
|---|---|
| Remote Destination | tcp://your-database.example.com:5432 |
| Local Port | 5432 |
| Transparent | true |
| Encrypted | false |
Step 3: Start n8n with QGTunnel:
bin/qgtunnel n8n start
Or in Docker Compose:
version: '3'
services:
n8n:
image: n8nio/n8n
entrypoint: ["/app/bin/qgtunnel", "n8n"]
environment:
- QUOTAGUARDSTATIC_URL=http://username:password@us-east-static-01.quotaguard.com:9293
volumes:
- ./bin:/app/bin
- ./vendor:/app/vendor
With transparent mode enabled, your n8n database nodes can connect to the original hostname while traffic routes through the tunnel transparently.
n8n Cloud Database Limitations
n8n Cloud does not support QGTunnel or SOCKS5 proxy configuration. If you need static IPs for database connections on n8n Cloud, consider:
- Using a self-hosted n8n instance with QGTunnel
- Creating an API wrapper service that proxies database queries through HTTP
- Using cloud database providers that support VPC peering instead of IP allowlisting
Common Use Cases
Connecting to Firewalled APIs
Many enterprise APIs require IP allowlisting. Configure the proxy in your HTTP Request node, then provide your QuotaGuard static IPs to the API provider for their allowlist.
Google Workspace Context-Aware Access
If your organization uses Google Workspace with Context-Aware Access policies, n8n Cloud requests may be blocked because they come from unauthorized IPs. Route your Google API requests through QuotaGuard, then add your static IPs to the Context-Aware Access policy.
Webhook Receivers with IP Restrictions
Some services only accept webhooks from known IP addresses. Configure your outbound webhook calls through QuotaGuard, then add your static IPs to the destination service’s allowlist.
Avoiding Rate Limiting by Cloud IP Reputation
Cloud provider IP ranges are sometimes rate-limited more aggressively because they’re associated with automated traffic. QuotaGuard’s dedicated static IPs have a cleaner reputation profile.
Testing Your Implementation
Create a simple workflow to verify your proxy configuration:
Step 1: Add an HTTP Request node.
Step 2: Set the URL to:
https://ip.quotaguard.com
Step 3: Configure the proxy option with your QuotaGuard URL.
Step 4: Execute the workflow.
Expected response:
{"ip":"52.34.188.175"}
The returned IP should match one of your two static IPs shown in the QuotaGuard dashboard. Run the workflow multiple times to see both IPs in action (load-balanced).
Workflow Testing Example
Here’s a complete test workflow structure:
- Manual Trigger - Start the workflow manually
- HTTP Request - Call
https://ip.quotaguard.comwith proxy configured - Set - Extract the IP from the response
- IF - Check if the IP matches your expected QuotaGuard IPs
This gives you a reusable workflow to verify proxy configuration is working.
Latency Considerations
Using QuotaGuard adds a network hop to your requests:
| Configuration | Added Latency |
|---|---|
| Same region (n8n US + QuotaGuard US-East) | 10-20ms |
| Cross-region | 50-100ms |
For high-volume or latency-sensitive workflows, select a QuotaGuard region that matches your n8n hosting location.
Troubleshooting
403 Forbidden Errors
If you’re still seeing 403 errors after configuring the proxy:
- Verify the proxy is active: Test with
ip.quotaguard.comto confirm traffic routes through QuotaGuard - Check the destination allowlist: Ensure both of your QuotaGuard static IPs are added to the target service’s firewall
- Confirm authentication: Double-check your proxy URL credentials are correct
See our detailed guide: How to Fix 403 Forbidden Errors in n8n HTTP Request Nodes
407 Proxy Authentication Required
Your proxy credentials are incorrect. Verify your username:password in the proxy URL matches your QuotaGuard dashboard credentials.
Connection Timeout
- Check that your n8n instance can reach external networks
- Verify the QuotaGuard proxy hostname is correct
- Ensure no firewall rules are blocking outbound connections to port 9293
Wrong IP Address in Response
The proxy URL may not be configured correctly in your HTTP Request node:
- Check that you entered the full URL including the protocol (
http://) - Verify the proxy option is enabled in the node
- Try creating a new HTTP Request node with fresh configuration
n8n Cloud Proxy Not Working
n8n Cloud supports proxy configuration only at the HTTP Request node level (Option 1). Global environment variables are not available on n8n Cloud.
If the node-level proxy isn’t working:
- Ensure you’re configuring the Proxy option, not Headers
- Double-check the URL format includes credentials
- Test with a simple
ip.quotaguard.comcall first
Nodes Other Than HTTP Request
Most n8n app nodes (Slack, Gmail, Salesforce, etc.) make HTTP requests internally but don’t expose proxy configuration. For these nodes:
- Self-hosted: Use global environment variables (Option 3) to proxy all traffic
- n8n Cloud: These nodes cannot be proxied. Contact the service provider to discuss IP allowlisting options or consider using the HTTP Request node with the service’s raw API instead
QuotaGuard Static vs QuotaGuard Shield
QuotaGuard offers two products for static IPs:
| Feature | QuotaGuard Static | QuotaGuard Shield |
|---|---|---|
| Protocol | HTTP/SOCKS5 | HTTPS/SOCKS5 over TLS |
| Encryption | Standard proxy | SSL Passthrough (E2EE) |
| Best for | General API access | HIPAA, PCI-DSS, regulated data |
| Starting price | $19/month | $69/month |
For most n8n workflows, QuotaGuard Static provides everything you need. Choose Shield if you’re handling protected health information (PHI), payment card data, or have specific compliance requirements.
Ready to Get Started?
Get in touch or create a free trial account.
Read: How to Fix 403 Forbidden Errors in n8n