Cdn error 520
Hi!
I have had a CDN set up for a little while now. But somehow since I turned on my PC today the cdn is not longer working. I am getting 520 errors.
I share the cdn with someone else who has the exact same cloudflare setup as me and is able to use it just fine.
He even just linked another domain with the cdn and it worked fine, using the same settings I have on my cloudflare. Does anyone know what could cause the issue?
27 Replies
If you're still having trouble, 520 is a really generic connection issue: https://community.cloudflare.com/t/community-tip-fixing-error-520-web-server-is-returning-an-unknown-error/44205 could be as wide as routing/firewall/etc.
The most simple explaination/thing to check is your SSL/TLS mode under SSL/TLS -> Overview. If set to "Flexible" would be trying to connect over http which your origin may not support vs your other configs being Full or Full Strict
Hi! My SSL is set to full, I'll try full strict now 🙏
I have nothing special set on my cloudflare dashboard except the steps required to use "zipline" which is the program used to manage the CDN. This being the DNS record and an origin rule rerouting every request to cdn.nicolodbrok.nl to port 3000
Worth mentioning it could be the other way, really depends what you mean by "the exact same setup"
The exact same setup being the origin rules (but ofc for my domain instead of his) and the DNS record as well as the SSL setting to be on full
and you're sure port 3000 is open/if you skip Cloudflare it responds fine?
so you mean the server's IP:3000?
That works fine as my friend is still using the server on his domain, I am now using one of his domains to share my screenshots. It is just my domain that is having an issue
yea, whatever the A record for
cdn.nicolodbrok.nl is pointing at. Is it properly responding with https on that port?I believe so, going to verify it now
Affirm that resolves to the right thing
and it's https and not http? What's your exact origin rule?
Whoops 1 sec
looks like your origin for
cdn.nicolodbrok.nl is now serving a redirect to https://client.sillydev.co.uk/login?Yeah that is now the next issue. I changed the origin rule to:
https://cdn.nicolodbrok.nl/
But now it is redirecting me to another service running on the same server😅
Silly Development
Free & Paid 24/7 hosting
And if you do a curl override like
curl --resolve cdn.nicolodbrok.nl:3000:serverIP https://cdn.nicolodbrok.nl:3000/ -vvv
Do you see that redirect?I am on my phone unfortunately so can't try that
eh it was just a simply way to verify the origin rule is working right and hitting port 3000
The response is coming from your origin. What's running on port 3000? If it's nginx or something reading hostname it's either misconfigured for your hostname
cdn.nicolodbrok.nl, or it's not configured at all and is hitting fallback, or 3000 isn't the right service lolIt shouldn't be configured for any specific hostname. Port 3000 is definitely the right port as the IP:3000 resolves me to the cdn
Well the other thing you can do in Cloudflare is The "Trace" option under your Account, https://dash.cloudflare.com/?to=/:account/trace/search, throw in
https://cdn.nicolodbrok.nl and make sure it's hitting just your origin rule and nothing else/not a worker/etc
I also had my friend run the curl command just now, here's the result:
"is this what u wanted?" Was part of his message, apologies
careful just leaked origin IP & opps I see why you had Full instead of Full Strict now, would have to -k the end of it to get a proper response and ignore ssl issues
Thanks for mentioning it. Removed the message. That is a great point I'll put it back to full and see if that fixes it😅
https://cdn.nicolodbrok.nl/ seems to load zipline now
Silly Development
Free & Paid 24/7 hosting
Full vs Full (Strict) wouldn't do that, maybe old cache or something though
Hmmm it still loads silly development for me...
probably just local browser cache? Try https://cdn.nicolodbrok.nl/dashboard
You are an absolute saint. I guess the issue in the end was the origin rule not being set to https. It's weird though as my friend doesn't specify https either :shrug:
Either way it's fixed now. The 520 is gone and it resolves properly