Cloudflare Developers•2w ago

all requests through cloudflare proxy give 500 error

hi, I'm having a serious problem where all my requests are suddenly giving a 500 error. I havent touched this setup in months and have had no issues till right now When I go to my origin server directly with the same URL otherwise, the request completes succesfully. I have no idea how to troubleshoot this. I don't see any error logs or a way to see 500 error logs in Analytcs & Logs->Http Traffic section I am not using any caching features. I have a second subdomain pointing to a different origin server on the same domain and that one is working fine somehow thanks for any help

23 Replies

Walshy•2w ago

url?

drew-fcOP•2w ago

https://dev-api.fitcraft.app/api/GetConfig

Walshy•2w ago

Origin is returnin 500

drew-fcOP•2w ago

what is the origin that you have? I can see it here

drew-fcOP•2w ago

and origin URL works fine https://fitcraft-dev1.azurewebsites.net/api/GetConfig

Walshy•2w ago

fitcraft-dev1.azurewebsites.net

wrong field, yep see the same

drew-fcOP•2w ago

when you click this link, you get a 500? because it works fine for me on multiple devices https://fitcraft-dev1.azurewebsites.net/api/GetConfig

Walshy•2w ago

does work for me that's fun

drew-fcOP•2w ago

yeah. I haven't touched cloduflare settings in months, no idea how this could be possible

Walshy•2w ago

$ curl https://dev-api.fitcraft.app/api/GetConfig --connect-to ::xxx.xxx.xxx.xxx -v 2>&1 | grep '< HTTP/2'
< HTTP/2 526

$ curl https://dev-api.fitcraft.app/api/GetConfig --connect-to ::xxx.xxx.xxx.xxx -v 2>&1 | grep '< HTTP/2'
< HTTP/2 526

I'm seeing a 526 trying to connect directly to the IP with that host oh doi the 525 is due to internal stuffs

curl https://dev-api.fitcraft.app/api/GetConfig --connect-to ::xxx.xxx.xxx.xxx -v 2>&1
* Connecting to hostname: xxx.xxx.xxx.xxx
*   Trying xxx.xxx.xxx.xxx:443...
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: xxx
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl https://dev-api.fitcraft.app/api/GetConfig --connect-to ::xxx.xxx.xxx.xxx -v 2>&1
* Connecting to hostname: xxx.xxx.xxx.xxx
*   Trying xxx.xxx.xxx.xxx:443...
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: xxx
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

It's not got a valid SSL cert covering this hostname it seems why this is throwing 500 though I actually have no idea

drew-fcOP•2w ago

but im using the cert I got from Cloudflare, and havent changed it, and there's no way it expired

Walshy•2w ago

oh you're using a cf origin cert?

drew-fcOP•2w ago

yeah and its working just fine on my other sub domain

Walshy•2w ago

yeah ok that won't show as valid when hit directly

drew-fcOP•2w ago

https://api.fitcraft.app/api/GetConfig works fine

Walshy•2w ago

Hmm

drew-fcOP•2w ago

how can I run the same curl command? what IP are you using?

Walshy•2w ago

the origin one - you can resolve the cname target and get it I can get a 200 from origin on our edge this is weird my thinking is there's some rule - transform rule, origin rule, something at play ah ha i see a transform rule is firing @drew-fc can you disable that transform rule and try again?

drew-fcOP•2w ago

yes, that was it! but why did this suddenly start happening, any ideas?

Walshy•2w ago

no idea, something at your origin doesn't like that request header

drew-fcOP•2w ago

hot damn, well thanks a ton for your help so my certs and everything should be good, right? or is there still some action I need to take there regarding that? because you were saying there was some SSL error from curl

Walshy•2w ago

yep it's all good, cf origin cert is meant to be only verifable from cf i just wasn't aware you were using that

drew-fcOP•2w ago

well thanks, you saved me tonight

Gaming

Programming

all requests through cloudflare proxy give 500 error

Did you find this page helpful?