How to troubleshoot 522 errors
Hello,
I am getting 522s when connecting to my webserver using proxied A Records for my domain.
My setup:
Proxied A Record with Cloudflare points to my public IP. My router port-forwards to a Windows box on my home network.
Requests to https://{publicip}:port route properly, and all is good.
Requests through the proxied A Record fail with the 522. If I turn off proxying in cloudflare (so it's a regular A Record), everything routes properly. I have tested by turning off Windows Firewall, and I get the same result (522 if proxy is enabled, 200s if it's DNS only). I've read the
Requests to https://{publicip}:port route properly, and all is good.
Requests through the proxied A Record fail with the 522. If I turn off proxying in cloudflare (so it's a regular A Record), everything routes properly. I have tested by turning off Windows Firewall, and I get the same result (522 if proxy is enabled, 200s if it's DNS only). I've read the
Troubleshooting 5XX errors page, and am confident that Cloudflare IPs aren't being blocked, and that there's no load or rate-limiting issues.
So, my question: How do I troubleshoot this further?6 Replies
Are you using one of the ports listed on this page which Cloudflare supports with proxying:
https://developers.cloudflare.com/fundamentals/reference/network-ports/
Is this regular HTTP/HTTPs traffic you're trying to proxy?
Network ports · Cloudflare Fundamentals docs
Learn which network ports Cloudflare proxies by default and how to enable Cloudflare’s proxy for additional ports.
It's regular HTTPS on 443
Also of note: I have 'SSL/TLS encryption mode' set to
FlexibleYeah you should set that to full/full (strict) if you want Cloudflare to make a connection to your origin via HTTPS
Wow. I can't believe I didn't try that....I guess I made the assumption that I'd start less-secure to get it working, then tighten it up once it's working.
That was it. Thanks.
Haha awesome! Glad you got it working 😄
...I think I just realized that I did try Full initially, but I was using a non-standard port at that time...then I came across the article about ports, and changed to 443, but by that time I had already changed to Flexible. SMH.
Thanks