CD
Cloudflare Developers•15mo ago
reidlab

Website beyond slow / timing out when proxying enabled

My server has been running fine for a couple months - but today when I tried to commit to my Gitea service - it times out. This is very strange as it came out of the blue and I don't know what's causing it. With proxying disabled, the site is fast and snappy as should be. With proxying enabled, only basic media assets load and takes a literal 15.4-15.6 extra seconds while the index times out Anything anyone can think of that can solve this? (I've tried restarting server, renewing cert, double-checking my namecheap + cloudflare config)
10 Replies
Erisa
Erisa•15mo ago
Are you able to run mtr 1.1.1.1 on the server? https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#perform-a-mtr Also, where is it hosted (if at home, which ISP)
reidlab
reidlabOP•15mo ago
im using XFINITY and heres the mtr output 
                                                 My traceroute  [v0.95]
nixos-server-reid (192.168.1.141) -> 1.1.1.1 (1.1.1.1)                                         2023-10-23T17:02:01-0700
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                               Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. _gateway                                                                  0.0%   152    2.8   3.9   1.6  41.1   6.2
 2. 10.54.150.130                                                             0.0%   151   12.4  19.5  10.4  54.6   7.7
 3. po-307-327-rur201.corvallis.or.bverton.comcast.net                        0.0%   151   27.1  19.4   9.1  72.0   9.5
 4. 24.124.129.30                                                             0.0%   151   18.7  20.4  10.0  68.8   9.5
 5. po-200-xar02.corvallis.or.bverton.comcast.net                             0.0%   151   22.7  19.8   9.9  70.6   8.7
 6. ae-71-ar01.troutdale.or.bverton.comcast.net                               0.0%   151   69.4  29.2  14.2  75.0  12.6
 7. 69.252.236.134                                                            0.0%   151   57.7  38.2  19.2 133.1  20.2
 8. one.one.one.one                                                           0.0%   151   18.9  25.4  17.0  93.9   8.9
                                                 My traceroute  [v0.95]
nixos-server-reid (192.168.1.141) -> 1.1.1.1 (1.1.1.1)                                         2023-10-23T17:02:01-0700
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                               Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. _gateway                                                                  0.0%   152    2.8   3.9   1.6  41.1   6.2
 2. 10.54.150.130                                                             0.0%   151   12.4  19.5  10.4  54.6   7.7
 3. po-307-327-rur201.corvallis.or.bverton.comcast.net                        0.0%   151   27.1  19.4   9.1  72.0   9.5
 4. 24.124.129.30                                                             0.0%   151   18.7  20.4  10.0  68.8   9.5
 5. po-200-xar02.corvallis.or.bverton.comcast.net                             0.0%   151   22.7  19.8   9.9  70.6   8.7
 6. ae-71-ar01.troutdale.or.bverton.comcast.net                               0.0%   151   69.4  29.2  14.2  75.0  12.6
 7. 69.252.236.134                                                            0.0%   151   57.7  38.2  19.2 133.1  20.2
 8. one.one.one.one                                                           0.0%   151   18.9  25.4  17.0  93.9   8.9
Erisa
Erisa•15mo ago
Also another one, curl https://reidlab.online/cdn-cgi/trace mostly interested in the colo and fl lines, if you show the whole thing note that it includes your IP address (which I don't need)
reidlab
reidlabOP•15mo ago
fl=119f136
colo=PDX
fl=119f136
colo=PDX
Erisa
Erisa•15mo ago
Thanks
With proxying disabled, the site is fast and snappy as should be.
Does it work for other users as well when you do that? If you're on the same local network as the server, it will route traffic internally over LAN and ignore any rules on firewalls and etc. while it may fail from outside that network. It feels in this case like some kind of firewall (either at the server, router, or ISP level) is blocking or throttling incoming connections to those ports. I tried curl to the origin IP behind that site both from a Cloudflare server and from my local machine but neither of them succeed to connect. Since you're on the same network that firewall or whatever is blocking/throttling wouldn't apply and may cause you to believe it's working when it isn't. This kind of problem is unfortunately common for consumer ISPs, in those scenarios I would personally recommend using Cloudflare Tunnel with an outbound connection which has a much easier time: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ https://erisa.dev/exposing-a-web-service-with-cloudflare-tunnel/
reidlab
reidlabOP•15mo ago
oh weird, you are correct, i wonder why it just stopped accepting outside connections ill ask my dad for the router password and see if i can configure some firewall settings there
Erisa
Erisa•15mo ago
No problem, hope you get it sorted in the end
reidlab
reidlabOP•15mo ago
damn, seems to be an issue with xfinity as we have our firewall disabled :( ill just keep proxying off for the time being
Erisa
Erisa•15mo ago
My understanding was that even with proxy off it still only works within your network And my recommendation for hosting at home would be setting up Cloudflare Tunnel
reidlab
reidlabOP•15mo ago
yeah i thought it didn't, but you're right i'll go ahead and mark this as solved because we know the root issue, thanks for the help! i had to turn off "Generate firewall rules automatically (UPnP)" and "Generate firewall rules automatically (Port Forwarding)" and then turn it back on again 😅😅 at least i fixed it

Did you find this page helpful?