522 timeout
Hey everyone! Earlier I installed a docker image and set it up to be behind a proxy with nginx. The problem now is that cloudflare keeps giving me a 522 error. I've restarted the origin (raspberry pi) and nginx. I don't think it's with nginx because I also deleted the modified configuration. I'm all out of ideas and I don't know what else to try. If someone has any ideas that would be great.
https://ryglassman.com
114 Replies
Everything was up and running until i restarted nginx and added the DNS entry
filestash.ryglassman.comthese logs are from earlier i dont know if they'll help
You have a reverse proxy set up with nginx? How is it configured?
It's basically complaining that there's nowhere to forward traffic to
which file do you want to look at. the main configuration or for a reverse proxy
Also yes, the reverse proxy has been set up
thats nginx.conf
this is one of my reverse proxy files
im not sure what went wrong because everything was working until i added the DNS entry and restarted nginx, after that it all stopped working.
i reverted the changes and i still cant get it to work
Do you have a server entry for the domain you mentioned? This is for ssh.
You need an entry specifically for filestash.ryglassman.com
What's "it"?
Anything
I can't visit anything under my domain
It all raises error 522
Do you have a server entry for your domain?
Yes
Show
In cloudflare, is ssl set to full or flexible?
the only thing i changed with nginx was a file which has since been deleted
where do i find that?
Go to the domain settings in the dashboard, open the domain, and on the left click on ssl
i might have found it
flexible
i havent touched that at all
Hm
Ok try running
systemctl status nginxLast I ran that it didn't report anything but I'll see if it does this time
And you said you tried restarting the nginx service, right?
correct
And i assume you're on a home network. Have you confirmed that the public ip hasn't chnaged?
yes i have
Can you run
ls /home/control/sites/www and show me the output
I'm wondering if the www-data user can cd to that directory since it's in your home directory
You might want to check the perms of all teh folders in teh path as well as all the files in the www directory
okay, i'll try that
wait i changed it to root instead of www-data
which let it in everything it needed
when i had permission issues previously nginx would respond with 404 not found
when i just type the local ip address of the raspberry pi it responds with 404 not found
Yea b/c the ip doesn't match anything
So the files are owned by root?
no they're owned by control
So what did you change to root?
the first line of nginx.conf
the only other thing i did was setup docker-compose and downloaded an image and ran it
That's dangerous
If you get breached then the hacker has unrestricted access to your entire system
The best way to take care of this is to make sure all the folders from home to www have perms 744 i believe
Anyways i made my case. How did you run the docker image?
docker-compose up -d
Something like that
Ok I'll look into resolving that
Ok can you post your compose file
I would but I'm not home and I can't ssh into the server
I used my home ip and it said connection timed out
So I think it's more then cloud flare
sorry for taking long
anywasys here it is
Np. I wasn't sitting here waiting for you.
was this docker container supposedt to be served on filestash.ryglassman.com?
Also IP for sure wont' work b/c it follows the nginx default server config, not the config for any domain
Yes
Wdym? It worked earlier?
I'm just confused that's all
I'm probably not seeing all the relevant configs. But for ip to work, iirc you need a server entry without server_name
(on port 80)
Did you set up a virtual server like this for filestash.ryglassman.com?
Yes
And you changed the port to 8334?
Not the listen port, but the proxy to http://localhost:8334
Also can you run
ls /etc/nginx/conf.d/ and show me the outputYep
No output
The current problem is the entire domain is no longer working and I don't know what else to do. I reverted all the configuration and it still gives 522 error
I also can't access ssh with my external ip
I think I'm going to try a fresh reinstall of everything
I also want to upgrade it so I'll do that as well.
I did a fresh reinstall of the entire OS and it still returns error 522
only thing I have on it is nginx.
Here's my config file
agh
nginx.conf
https://agh.ryglassman.com
What's 10.0.0.246?
Also does it work with proxy turned off?
No
I'm starting to think its cloud flare
Not if it doesn't work with proxy turned off
You need to wait a couple hours after turning proxy on/off though to test
And you haven't anwered my question about the ip address
It's a different device that runs the adguard home console
On the same network i'm presuming
Is this all at home?
yes
either its that or something changed with my network at the same time i updated dns
More likely
Port forwarded? (80)
Also in termainal, run
curl ifconfig.me and compare that to the ip address in the A Record in Cloudflare DNS records for the domainsthat gave me an ipv6 address
im only using ipv4
Ok then google "whats my ip address"
Your isp doesn't give you an ipv4 at all?
it does
i have it
80 is still forwarded
Ok compare that with the cloudflare dns records for the domain
didnt change
Make sure the server internal ip address also hasn't changed
also didnt change
Compare the port forward settings with the results of
ip addr showhow so
The destination ip in the port forward settings
hold up hetrixtools said a host is now up
https://agh.ryglassman.com is now up
https://ryglassman.com is redirecting
Nice
oh it has nothing set oops
Yea
i have no idea what happened...
Proxy being turned off kicked in
oh so its a certificate issue
But how is it https 🤔
Yea b/c your host doesn't have a cert
i thought cloudflare was giving me certs through google?
We established that ssl is set to flexible, right?
Yes, but not when not proxied
i changed it to full for testing purposes
should i change it back to flexibl
Yea
B/c your origin server doesn't have certs
Unless you use certbot on it to install certs
oh
when i previously didnt use certbot i didnt need to tho?
cloudflare provided https for me
when it was proxied
Yes. That's normal
When proxied, the A Record for yoru domain is set to CF's servers
So when I request ryglassman.com, I look up ryglassman.com in DNS and I get CF's servers, then the computer makes the request to CF's servers, then the CF servers apply filtering rules and other rules then forwards my request to your server (called origin host)
When unproxied, the CF servers are completely bypassed
So CF's https is between me and CF's servers, and from CF server to your server is http when flexble. When on full, it's https on both segments, but that requires you to have a cert installed on your server for each domain and for port 443 to be forwarded
ohh ok
i turned proxy back on
Ok good
Ssl is back to flexible?
yea
i dont know what happened honestly
i only added a dns entry
Also try again in an hour or two, and check nginx error.log if it still throws 522
alright
i get notified when downtimes occur via hetrixtools
thats how i was told agh.ryglassman.com was up
Ah nice. Ok
I should look into that
Free Uptime Monitor & Blacklist Monitor- HetrixTools
The simple and effective solution for Uptime Monitoring and Blacklist Monitoring.
its free
i love it
Have you tried uptime kuma?
Tha's what i'm using currently
idk if that wants to load but if it does you can see the monitors
Not loading :/
one second i needed to turn off proxy
status.ryglassman.com is the only one not working but thats just a CNAME record
Master Status - Powered by HetrixTools
Master Status - Uptime Status
Nice. I may have to play around with this
everything is apparently up according to hetrixtools
just going to reconfigure everything
Hm
So even with proxy it's fine??
Seems like it
Can hetrix be selfhosted?
no
i dont think that'd be possible because of how it works
alright now everythings mostly up but im getting error 404. user is currently www-data and i gave the following permissions in the /home/control/sites directory
i was told this will help with solving permission errors
Yea fair. Uptimekima is selfhosted. Unfortunately I'd probably use it too much to qualify for the free tier
You have to set 755 perms for every directory in the path, not just the sites directory
nope
free users get 15 monitors
Oh i'll pass 15 for sure
Just the # of services i have in docker across 3 VPSs will surpass 15
its not going too well
i think i got it
Ok run
ls -l in home, control, and sites and make sure control, sites, and www all are 755oh wait they all have to be that?
there we go everything is up
thank you so much for your assistance. i genuinely have no idea what caused all this
Yea i wouldn't recurse it to everthing, just those specific folders
Sure. It seems to have been a coincidence
Have you added virtual servers for the other domains in sites-enabled yet?
And also, if you want to try out the docker again, i'm here
oh oops
uhh
lemme fix rq
fixed that
yep everythings running correctly
Good
im updating the host before i install docker
👍
i got filestash installed and docker installed. i'm trying to use nginx to allow me to use filestash.ryglassman.com
This, but http://localhost, and change the port after that
and also change the server_name
According to this it's port 8334
oops it needs to be http
Alguem ja pegou esse erro só acontece quando sai no colo do Rio de janeiro se tentar em outra maquina funciona normal, porem quando bate Rio de janeiro ele da o erro 522
Obs acessando por IP vai normal o acesso entao o problema não seria pelo Host
Has anyone ever encountered this error, it only happens when you go to Rio de Janeiro, if you try on another machine it works normally, but when you hit Rio de Janeiro it gives error 522
Observe by IP whether access is normal or the problem would not be due to the Host
Don't hijack threads. Create your own