docs: cleanup project and update documentation for universal proxy

.env.example

@@ -36,8 +36,13 @@ N8N_PYTHON_NODES_ENABLED=false
 N8N_TASK_RUNNERS_ENABLED=false
 N8N_LICENSE_AUTO_RENEW_ENABLED=false
 N8N_LOG_LEVEL=error
-
 # -----------------------------------------------------------------------------
+# NETWORK — Outbound Proxy (Bypass HF Blocks)
+# -----------------------------------------------------------------------------
+# Your Cloudflare Worker URL (e.g. h8n-proxy.somrat.workers.dev)
+OUTBOUND_PROXY_URL=
+# Comma-separated list of domains to proxy. Use "*" to proxy everything.
+OUTBOUND_PROXY_DOMAINS=api.telegram.org,discord.com,discordapp.com
 # BUILD-TIME VARIABLE (HF Spaces: add as Variable, not Secret)
 # -----------------------------------------------------------------------------
 

DISCORD_PROXY_GUIDE.md

@@ -1,48 +0,0 @@
-# 🛠️ How to Create a Free Discord Proxy
-
-Hugging Face officially blocks outgoing connections to Discord's IP addresses on Free Tier Spaces to prevent spam. While our built-in DNS script cleanly bypasses blocks for Telegram and WhatsApp, Discord is blocked at the physical IP firewall level.
-
-This means the native n8n "Discord" node will always hang and fail with a "Connection closed unexpectedly" error.
-
-To work around this, you can easily create your own private Discord proxy using Cloudflare Workers. It takes about 2 minutes and is 100% free (allowing up to 100,000 requests per day).
-
-## Step-by-Step Guide
-
-### Step 1: Create a Cloudflare Worker
-
-1. Log into [Cloudflare](https://dash.cloudflare.com/) (create an account if you don't have one).
-2. On the left sidebar, go to **Workers & Pages**.
-3. Click **Create Worker** -> **Start with Hello World!**.
-4. Name it something memorable, like `discord-proxy`, and click **Deploy**.
-
-### Step 2: Add the Proxy Code
-
-1. Once deployed, click the **Edit Code** button.
-2. In the online code editor, delete the existing code and replace it entirely with this 6-line snippet:
-
-```javascript
-export default {
-  async fetch(request) {
-    const url = new URL(request.url);
-    url.hostname = 'discord.com';
-    return fetch(new Request(url, request));
-  }
-}
-```
-
-1. Click **Save and Deploy** in the top right corner. Cloudflare will generate a unique URL for you (e.g., `https://discord-proxy.yourname.workers.dev`).
-
-### Step 3: Use the Proxy in n8n
-
-Because the native Discord Node hardcodes connections to `discord.com` when using Bot tokens, you must use the **Webhook** method.
-
-1. Add the standard **Discord** node to your n8n workflow.
-2. Under "Authentication", select **Webhook**.
-3. Take your normal Discord Webhook URL and replace `discord.com` with your new worker domain.
-   * *Original:* `https://discord.com/api/webhooks/123456/abcdef`
-   * *New:* `https://discord-proxy.yourname.workers.dev/api/webhooks/123456/abcdef`
-4. Create a new Discord Webhook Credential in n8n and paste that **New URL** into the "Webhook URL" field.
-5. Setup your message (e.g., set the text to "Hello World") and click **Execute Node**. Your message will instantly appear in Discord!
-
----
-*Note: If you ever upgrade your Hugging Face Space to a paid hardware tier, the outgoing firewall restriction is removed, and you can go back to using the native n8n Discord node directly!*

OUTBOUND_PROXY_GUIDE.md

@@ -0,0 +1,41 @@
+# 🌐 Outbound Proxy Guide
+
+Hugging Face Spaces officially blocks outgoing connections to specific services like **Telegram**, **WhatsApp**, and **Discord** on the free tier. 
+
+Hugging8n includes a built-in **Transparent Outbound Proxy** that allows you to bypass these restrictions using a single Cloudflare Worker.
+
+---
+
+## 🚀 Setup in 2 Minutes
+
+### Step 1: Deploy your Cloudflare Worker
+1. Log in to [dash.cloudflare.com](https://dash.cloudflare.com/).
+2. Go to **Workers & Pages** -> **Create Worker**.
+3. Name it (e.g., `h8n-proxy`).
+4. Paste the code from [outbound-proxy-worker.js](./outbound-proxy-worker.js) into the editor.
+5. Click **Deploy**.
+6. Copy your Worker URL (e.g., `h8n-proxy.yourname.workers.dev`).
+
+### Step 2: Configure Hugging8n
+Go to your Space **Settings** -> **Variables** and add:
+
+1. **`OUTBOUND_PROXY_URL`**:
+   - Value: `h8n-proxy.yourname.workers.dev` (You can omit the `https://`).
+
+2. **`OUTBOUND_PROXY_DOMAINS`** (Optional):
+   - **Default**: Proxies Telegram and Discord only.
+   - **Wildcard Mode**: Set this to `*` to proxy **every single request** n8n makes to the outside world. This is the most reliable way to ensure no node ever gets blocked.
+
+### Step 3: Restart Space
+Hugging8n will now automatically intercept all requests to the blocked domains and route them through your worker. **You do not need to change any URLs inside your n8n workflows.**
+
+---
+
+## 🛠️ How it Works
+
+1. **DNS Fix**: Hugging8n uses a built-in DNS-over-HTTPS (DoH) resolver to get the real IPs of blocked domains, bypassing HF's sinkholed DNS.
+2. **SNI Bypass**: The transparent proxy changes the "label" (SNI) of your traffic to match your Cloudflare domain. Hugging Face sees you connecting to Cloudflare (allowed) instead of Telegram/Discord (blocked).
+3. **Universal Routing**: Using the `x-target-host` header, one single worker can handle multiple different services dynamically.
+
+---
+*If you upgrade to a paid Space, these firewalls are removed and you no longer need this proxy.*

README.md

@@ -22,6 +22,7 @@ secrets:
 - 💾 **Persistent Backup:** Workflows and credentials back up automatically to a private HF Dataset.
 - 🔐 **Secure by Default:** Uses n8n v2's built-in user management. No more insecure environment variables.
 - 🌐 **Premium Dashboard:** Live status monitoring, uptime tracking, and integrated keep-alive tools.
+- 🛠️ **Built-in Connectivity Fixes:** Automatic DNS-over-HTTPS (DoH) and Transparent Outbound Proxying to bypass platform networking blocks.
 - ⏰ **Built-in Keep-Alive:** Easily setup UptimeRobot directly from the dashboard UI.
 - 🐳 **Optimized Infrastructure:** Clean startup logs, minimal resource usage, and production-ready proxy.
 
@@ -51,6 +52,8 @@ You can customize Hugging8n using Environment Variables (Settings > Variables):
 | `SYNC_INTERVAL` | `180` | Backup frequency in seconds. |
 | `GENERIC_TIMEZONE` | `UTC` | Timezone for n8n. |
 | `N8N_LOG_LEVEL` | `error` | Set to `info` for more verbose logs. |
+| `OUTBOUND_PROXY_URL` | - | Your Cloudflare Worker URL (to bypass Discord/Telegram blocks). |
+| `OUTBOUND_PROXY_DOMAINS` | (default) | Comma-separated list of domains to proxy. Use `*` to proxy everything. |
 | `SPACE_HOST_OVERRIDE` | - | Override the detected host if using a custom domain. |
 
 ## 🔐 Authentication & Security
@@ -68,10 +71,10 @@ Hugging8n automatically creates and maintains a private dataset in your Hugging
 
 ## ⚠️ Known Limitations & Workarounds
 
-**Discord Webhooks**
-Hugging Face officially blocks outgoing connections to Discord on Free Tier Spaces. To use the Discord node, you must route your traffic through a simple, free proxy.
+**External Connectivity (Telegram/Discord/WhatsApp)**
+Hugging Face officially blocks outgoing connections to specific services on Free Tier Spaces. Hugging8n includes a transparent proxy system to bypass this automatically.
 
-👉 **[Read the Guide: How to Create a Free Discord Proxy in 2 minutes](./DISCORD_PROXY_GUIDE.md)**
+👉 **[Read the Outbound Proxy Guide](./OUTBOUND_PROXY_GUIDE.md)**
 *(Upgrading to a paid Space removes this firewall restriction entirely).*
 
 ## 🏗️ Architecture

TASK_SUMMARY.md

@@ -1,55 +0,0 @@
-# Task Summary: Fixing Outbound Connectivity on Hugging Face Spaces
-
-## Objective
-Enable `n8n` (running on Hugging Face Spaces) to connect to blocked external services like Telegram API and Discord, bypassing the platform's network restrictions.
-
-## Paths Explored
-
-### 1. DNS Resolution Fix (DoH)
-- **Problem**: HF Spaces intercept standard UDP/TCP DNS queries and return sinkholed IPs or `ENOTFOUND` for specific domains (Telegram, WhatsApp, Discord).
-- **Solution**: Implemented a `dns-fix.js` preload script using `NODE_OPTIONS="--require /opt/dns-fix.js"`.
-- **Method**: Monkey-patched `dns.lookup` to fall back to **DNS-over-HTTPS (DoH)** via Cloudflare (`1.1.1.1`) when system DNS fails.
-- **Result**: Successfully resolved the correct IP addresses for `api.telegram.org`.
-
-### 2. Forced DoH & IPv4 Priority
-- **Observation**: Even when DNS worked, connections often failed with `ECONNRESET` or `SSL alert 0`.
-- **Exploration**: Forced DoH for known blocked domains even if system DNS seemed to work (to bypass sinkholed IPs) and set `--dns-result-order=ipv4first`.
-- **Result**: DNS was correct, but TCP/TLS handshakes were still being dropped by the HF firewall.
-
-### 3. Transparent Application-Level Proxy
-- **Idea**: Use Node.js 22's native `fetch()` (based on `undici`) which handles HF's networking better (Happy Eyeballs).
-- **Method**: Monkey-patched `http.request` and `https.request` to route blocked domains through `fetch()`.
-- **Result**: Encountered `Maximum call stack size exceeded` due to recursion between the patch and n8n's `axios`/`follow-redirects` library.
-
-### 4. Comparison with HuggingClaw
-- **Context**: The user pointed to `HuggingClaw` as a working example.
-- **Analysis**: HuggingClaw uses an identical `dns-fix.js` and `Dockerfile` configuration.
-- **Finding**: HuggingClaw's networking works because it likely connects to services that aren't strictly blocked or uses a different internal routing that `n8n` (a larger app) might be disrupting.
-
-### 5. Transparent Application-Level Proxy (Implemented)
-- **Status**: ✅ **Partially Fixed** (Requires External Worker)
-- **Method**: Implemented `outbound-fix.js` which patches `https.request` to redirect blocked traffic through a single **Universal Cloudflare Worker**.
-- **Multi-Service Support**: The patch adds a `x-target-host` header to the request. The Worker reads this header to determine the final destination (Telegram, Discord, etc.), allowing one Worker to handle all blocked services.
-- **Why it works**: By changing the target hostname to your custom Cloudflare Worker, we change the SNI (Server Name Indication). Since Cloudflare is not blocked by HF, the connection succeeds.
-- **Recursion Guard**: Uses a private property `_proxied: true` on the options object to ensure requests aren't intercepted twice.
-
-## Final Conclusion & Recommendations
-
-The connectivity issue on Hugging Face Spaces for `n8n` is now fully understood and has a working solution:
-1. **DNS Layer**: **Fixed** via `dns-fix.js` (DoH).
-2. **Network/SNI Layer**: **Addressed** via `outbound-fix.js` (Transparent Proxy).
-
-### Next Steps for User
-1. **Deploy Cloudflare Worker**: Use the code provided in `outbound-proxy-worker.js`.
-2. **Set Environment Variable**: In HF Space Settings, set `OUTBOUND_PROXY_URL` to your worker's URL (e.g., `https://my-proxy.somrat.workers.dev`).
-3. **Restart Space**: The `n8n` instance will now automatically route all Telegram and Discord requests through your proxy without needing to change any workflow nodes.
-
-## Current State of Repository
-- `dns-fix.js`: Robust DoH fallback with recursion guards.
-- `outbound-fix.js`: Transparent SNI-bypass proxy with `x-target-host` support.
-- `outbound-proxy-worker.js`: Universal Cloudflare Worker code for any blocked target.
-- `Dockerfile`: Configured to preload both fixes.
-- `access.md`: Contains test tokens and execution logs.
-
-> [!IMPORTANT]
-> The current setup fixes the **DNS issue**, but the **Firewall/SNI issue** remains. Future work should focus on implementing a lightweight outbound proxy or using a service like Cloudflare Tunnel if possible.