520: Web server is returning an unknown error

Today, my VPS expired, so I decided to take this opportunity to choose another offer from OVH. I configured the nginx server properly and unexpectedly I am receiving ‘520: Web server is returning an unknown error’ despite the fact that the server configuration is correct (I used the same one as on the previous VPS).

I use Node.js. My application requires a quite long Bearear authorization key. I increased the limit in the Nginx configuration, of course, but it didn’t help at all. Only when I remove references to ‘ssl’: large_client_header_buffers does it start working normally, and ultimately everything works correctly.

Currently, I have 2 VPS servers running on IDENTICAL nginx configurations, with 1 server working correctly and the other not. What could be the reason for this?

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name waw01-cf-mirror.sefinek.net;

    # Logs
    access_log          /var/log/nginx/mirror.sefinek.net/access.log;
    error_log           /var/log/nginx/mirror.sefinek.net/error.log;

        # Other
        large_client_header_buffers 4 21k;

    # SSL
    ssl_protocols             TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve            secp384r1;
    ssl_session_cache         shared:SSL:10m;
    ssl_session_timeout       1h;
    ssl_session_tickets       off;
    ssl_stapling              on;
    ssl_stapling_verify       on;
    ssl_trusted_certificate   /etc/ssl/mirror/origin.pem;
        ssl_certificate           /etc/ssl/mirror/origin.pem;
    ssl_certificate_key       /etc/ssl/mirror/private.key;


    # Cloudflare
    set $var 0;
    if ($host = 'waw01-cf-mirror.sefinek.net') {
        set $var 1;
    }

    if ($var = 0) {
        return 444;
    }

    real_ip_header CF-Connecting-IP;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:5091;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location ~ /\.ht {
        deny all;
    }
}

Is SSL/TLS set to full strict here…?
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

Is the origin certificate a full CA SSL one, the Cloudflare origin certificate, or something else?

[add]
You also mention large_client_header_buffers, are you sending very large headers? That can cause a problem, see #2 here…


https://cdn.sefinek.net/static/03.01.2024/brave_lfQmxMRC9fyD.png
video: https://cdn.sefinek.net/static/03.01.2024/WindowsTerminal_PuZy6HbHAns6.mp4
second video: https://cdn.sefinek.net/static/03.01.2024/NVIDIA_Share_CJ4n0Jhv3E1L.mp4

Sincerely, I don’t know what the cause is. After all, this VPS has the same NGINX configuration as the previous one. Everything works normally on the first VPS, but not here

I would be grateful for help. I really don’t want to change the way of authorization…

At last, I found the solution. The cause of the error was http2 in the listen directive in the configuration file of my other site. It was this specific setting that made the large_client_header_buffers completely non-functional in my case.

WindowsTerminal_ilPFCcrQuPfY

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.