503 Service Unavailable FOR NEW CUSTOMER

#1

Hi all…
The following message appears when I set up FLARE CDN .
{ This domain also has a dedicated IP.}
Https://PersianPool.ir
( ERROR 502 Bad gateway )
Why?

0 Likes

#2

I am getting a 502 now, here there should be some infos. Note that the error is on your server.

1 Like

#3

Confirmed.

Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 502
HTTP/2 502
< server: nginx
server: nginx
< date: Wed, 10 Apr 2019 17:22:35 GMT
date: Wed, 10 Apr 2019 17:22:35 GMT
< content-type: text/html
content-type: text/html
< content-length: 166
content-length: 166

3 Likes

#4

My Server administrator say that, is not our error.
please tell me, were is the issue?

0 Likes

#5

On your server. Nothing more than that is known from my end or from Cloudflare’s end. If the server gives that error the issue is on there.

@cscharff’s post shows the error of your server.

1 Like

#6

intodns’s Report this error:

Recursive Queries I could use the nameservers listed below to performe recursive queries. It may be that I am wrong but the chances of that are low. You should not have nameservers that allow recursive queries as this will allow almost anyone to use your nameservers and can cause problems. Problem record(s) are:
173.245.58.223
173.245.59.238

0 Likes

#7

Is it should to will change DNS Zone to cloudflare’s DNS?

0 Likes

#8

This is not a DNS problem. @cshcarff went straight to your server, and your server responded with a 502.

1 Like

#9

Once I’ve disabled the two below, the problem has been resolved.

in gtmetrix :
Using a CDN YSlow doesn’t recognize? Specify your CDNs in your User Settings. There are 73 static components that are not on CDN.

Does my domain fully use cloud servers?

0 Likes

#10

Trace:

tr

0 Likes

#11

Your site is not using Cloudflare at the moment because you disabled it by :grey:. However that isn’t what fixed your issue. Here is the error I received yesterday (didn’t share previously because you hadn’t exposed your origin IP). Note the 503 error direct to origin and the linux.avaserver.com in the certificate name.

curl -Ikv https://142.0.70.251 -H “Host:persianpool.ir”

  • Trying 142.0.70.251…
  • TCP_NODELAY set
  • Connected to 142.0.70.251 (142.0.70.251) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /usr/local/etc/openssl/cert.pem
    CApath: /usr/local/etc/openssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: OU=Domain Control Validated; OU=PositiveSSL; CN=linux.avaserver.com
  • start date: Oct 27 00:00:00 2018 GMT
  • expire date: Oct 27 23:59:59 2019 GMT
  • issuer: C=US; ST=TX; L=Houston; O=cPanel, Inc.; CN=cPanel, Inc. Certification Authority
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x7fda51809400)

HEAD / HTTP/2
Host:persianpool.ir
User-Agent: curl/7.62.0
Accept: /

  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
    < HTTP/2 502
    HTTP/2 502
    < server: nginx
    server: nginx
    < date: Wed, 10 Apr 2019 17:22:08 GMT
    date: Wed, 10 Apr 2019 17:22:08 GMT
    < content-type: text/html
    content-type: text/html
    < content-length: 166
    content-length: 166
    < x-xss-protection: 1; mode=block
    x-xss-protection: 1; mode=block
    < x-content-type-options: nosniff
    x-content-type-options: nosniff

Here is the output of the same command today.

curl -Ikv https://142.0.70.251 -H "Host:persianpool.ir"
*   Trying 142.0.70.251...
* TCP_NODELAY set
* Connected to 142.0.70.251 (142.0.70.251) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=linux.avaserver.com
*  start date: Oct 27 00:00:00 2018 GMT
*  expire date: Oct 27 23:59:59 2019 GMT
*  issuer: C=US; ST=TX; L=Houston; O=cPanel, Inc.; CN=cPanel, Inc. Certification Authority
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f81a7801e00)
> HEAD / HTTP/2
> Host:persianpool.ir
> User-Agent: curl/7.62.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< server: nginx
server: nginx
< date: Thu, 11 Apr 2019 13:05:22 GMT
date: Thu, 11 Apr 2019 13:05:22 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< vary: Accept-Encoding
vary: Accept-Encoding
< x-pingback: https://persianpool.ir/xmlrpc.php
x-pingback: https://persianpool.ir/xmlrpc.php
< link: <https://persianpool.ir/wp-json/>; rel="https://api.w.org/", <https://persianpool.ir/>; rel=shortlink
link: <https://persianpool.ir/wp-json/>; rel="https://api.w.org/", <https://persianpool.ir/>; rel=shortlink
< vary: Accept-Encoding
vary: Accept-Encoding
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-nginx-cache-status: EXPIRED
x-nginx-cache-status: EXPIRED
< x-server-powered-by: Engintron
x-server-powered-by: Engintron

<
* Connection #0 to host 142.0.70.251 left intact

Note the same hostname in the certificate name in both instances and tht this is bypassing Cloudflare in both cases. Yet the second request succeeds while yesterday it failed. So not sure what your host fixed and didn’t tell you about, but the issue was on the origin server.

1 Like