Getting error 521 stating web server is down; it's definitely not.
If I edit my hosts file to point to my server's IP address when I type the hostname, it loads just fine. Worked for about an hour earlier when I first enabled CloudFlare, before ceasing to work and giving that error.
I am using a Docker application that runs a web server on port 9000, and then a nginx reverse proxy with LetsEncrypt certificate to enable the https:// page. SSL settings in CloudFlare are set to Flexible. Can anybody assist? I just created an account and am trying to get the CDN function to work
53 Replies
If you are the owner of this website: Contact your hosting provider letting them know your web server is not responding.lol. I am the host, it's my VPS and I configured it all myself. I am going to set it back to "DNS only" for now since it renders my site completely useless to my visitors, any help would be appreciated
no response is no response. your server is not responding to the cloudflare proxy.
I configured it all by myselfthen you should know how to fix it as well
What port(s) does the proxy listen on? It responds to me if I turn off CloudFlare proxy.
And no, I clearly don't know how to fix it or I wouldn't be asking for help. I'm just saying CloudFlare's comment about "ask your host" doesn't help because I AM the host.
Cloudflare Docs
Network ports · Cloudflare Fundamentals docs
Learn which network ports Cloudflare proxies by default and how to enable Cloudflare’s proxy for additional ports.
my server is using 443
let me paste the nginx reverse proxy config
http on port 80, https on port 443
it might help to look at logs of your reverse proxy or docker container...
hm
or run a trace from your cloudflare dashboard
wait, how do I do that
I'm literally new to this whole thing, just signed up yesterday
the HTTP is running on port 9000, not 80. But the reverse proxy makes it HTTPS on 443
which should be fine?
this is ok if your server responds to https traffic
yes
that's why I'm confused at the 521 error
like it works fine if I turn the proxy off and use it as straight DNS
time to start debugging
make sure you are not being served a cached response
🤔
So here is my nginx config
No idea why that says 88, it works on 443
but it's literally just doing proxy_pass from 9000
nginx access logs not showing anything past 10:31 🤔
rebooting it so it forces it to make new logfiles
Yeah uh, there's nothing in the nginx access log at all once I turn the cloudflare proxy on
It's like cloudflare isn't even trying.
If I bypass DNS, page loads just fine and I see my requests in the log.
you guys got any ideas @Hard@Work | R2 @Idle ? The web server is totally responsive on 443, like I said if I use my hostsfile to bypass DNS it loads just fine. But somehow CloudFlare is just not trying at all, it gives the error 521 and doesn't even attempt to load any content from the page, hence nothing showing up in the access logs
what's your hosting provider
Contabo
It's a VPS, running Debian 12
yeah this is so weird
https://scanner.drfsupercenter.info/static/favicons/navbar.png
what does your cloudflare trace look like
this is just a picture
works fine if I bypass proxy
check the ray id
???? how
go to security
all I saw was this btw
tells me nothing
events
search by Ray id
all I see is the blocks
I set it to block people not in the US
💀
look at the
service
header as well
every block is from a custom rule
Maybe check those...where is that?
I turned my rules off just to make sure it's not an issue, but I still get the 521
🦗
is 172.58.120.13 one of the CloudFlare proxy IPs?
I see a bunch of these in the nginx logs
Nope:
How the frick is somebody getting my site to load????
I still get the 521 cloudflare page.
Do you have any ideas? This is bugging me and I'm close to just turning proxy off and abandoning the whole thing
If there's an issue with my nginx config, lmk and I'll fix it
What if you disable SSL on your origin?
hmm
ok, so it proxies to port 88 (HTTP) and 443 (HTTPS). If I turn CloudFlare proxy off, both work. If I turn CloudFlare proxy on, the :88 doesn't work if I set SSL/TLS to "flexible"
I don't think it works when I turn it off either, it just says "error too many redirects"
are you saying I should do port 80 binding?
actually I might try that, hold on
I can't figure out how to make it not auto redirect to HTTPS 😐
hey ok, so I finally figured out how to disable SSL. Bad news, still isn't working. When I use hostfile trick, works just fine using http:// but on every other machine it still tries to redirect to https:// and then gives a browser error for "too many redirects"
I don't even get why...
Tried on a different IP, it's not redirecting to https but still gives ERR_TOO_MANY_REDIRECTS
OH! I think I figured it out. Flexible "Enable encryption only between your visitors and Cloudflare. This avoids browser security warnings, but all connections between Cloudflare and your origin are made through HTTP."
Since the origin server wasn't doing HTTP, and only HTTPS, that explains it
Yeah, I meant leave Cloudflare on Flexible, but completely remove SSL from your origin
Yeah, I got it
Do you know how I can make other ports work? With CloudFlare proxy on, only 80 and 443 work, if I try to load my-domain:9001 for example it doesn't load.
Cloudflare Docs
Network ports · Cloudflare Fundamentals docs
Learn which network ports Cloudflare proxies by default and how to enable Cloudflare’s proxy for additional ports.
Configure a Spectrum application for the hostname running the server. Spectrum supports all ports. Spectrum for all TCP and UDP ports is only available on the Enterprise plan. If you would like to know more about Cloudflare plans, please reach out to your Cloudflare account team.so basically no? I'm not paying for enterprise I don't get why it can't just "grey cloud" stuff outside the standard ports
Because you either use Cloudflare for everything on a given subdomain, or you use it for nothing
You can't tell a client to use Cloudflare for these ports, and your server for these other ports
I get that, but why can't it just point straight to my server (bypassing the cloud cache) for ports it doesn't support?
Instead of just blocking traffic
Because the IPs that Cloudflare uses to serve your traffic are shared by many other customers. You can sort which customer should receive which request with HTTP, but you can't do that with arbitrary TCP/UDP services
Which means you need to dedicate an IP to each customer that wants this service(which is what Spectrum does)
what? I thought the whole point of CloudFlare was to cache content on multiple servers. You should be able to bypass it and just connect directly to the host server, like what I did by modifying the hosts file
You can selectively bypass the cache, but you can't selectively bypass the proxy. This is the same as with nginx
ok but with nginx you can just tell it to listen on more ports...
Yes, but if 2k customers all share the same IP address, and I receive a connection on port 9000, how do I know how to route it to your server?
the same way it knows to load assets directly from my server when they aren't cached 🤔
🍎 == :orange: ?
You can do SRV records to redirect all ports used to another subdomain
Is what you normally do on mc to run the website protected but have joinable mc server without spectrum
mc?
Minecraft