AWS EC2 Plesk, enabling Proxied mode drops site 521 error
#Environment
AWS EC2 instance
Plesk Obsidian 18.0.6.7 with Nginx + Apache
Cloudflare for DNS and proxy
#Issue Description
When using Cloudflare in DNS-only mode, site loads perfectly fine. However, when switching to Proxied mode A and CNAME - www, I consistently get a Cloudflare 521 error (Web server is down).
#Troubleshooting Steps Already Taken
AWS Security Configuration:
Inbound security groups allow all traffic (0.0.0.0/0) on ports 80 and 443
No network ACLs are blocking connections
#Server Configuration:
Disabled ModSec, Fail2Ban and mod_reqtimeout in Plesk
Verified Nginx is listening on all interfaces:
Copyss -tulpn | grep nginx
tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=3639309,fd=45),("nginx",pid=3639308,fd=45))
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=3639309,fd=46),("nginx",pid=3639308,fd=46))
Confirmed no iptables rules are blocking traffic:
Copyiptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#Nginx Configuration:
Added listening directives for all interfaces in both server.conf and domain.conf:
listen 80;
listen 443 ssl http2;
Verified configuration with nginx -t and restarted Nginx
#Cloudflare Configuration:
Using "Flexible", "Strict", "Full" SSL/TLS mode all gives 521
Properly configured A records
No custom Page Rules affecting the site
#What I've Verified
The site works perfectly in DNS-only mode
Nginx is properly listening on all interfaces for ports 80 and 443
No firewall rules are blocking traffic
I have issued CFlare SSL certificate, installed on the domain at Plesk, still 521
1 Reply
The issue solved!