Hi dear Cloudflare Team, hi @sdayman, please help me,
I buy a KVM VPS with an IPv6/64 subnet and put Linux Containers (LXD) on it and put WordPress Sites inside the containers and webmin (right now a possible answer to where the problem comes from). Each container gets a universally routable ipv6 from the subnet from the managed bridge that LXD makes available. Packets get routed from the hosts eth0 to the bridge lxdbr0 and from the bridge to the container. The software inside the containers restores the original ip from each visitor with some NGINX conf lines. I also use UFW/iptables legacy on the host and inside the container, but have made sure that Cloudflare IPs are not limited or blocked. Also the Hosting Stack does not block the Cloudflare IPs. I use let’s encrypt (setup with Cloudflare Proxy enabled) to have SSL from the host to Cloudflare. Also I utilize the IPv6 to IPv4 Gateway Cloudflare provides, as my Containers are IPv6 only.
I can also rule out all the other points mentioned here: Community Tip - Fixing Error 522: Connection timed out
Most of the time the connection is just fine, but sometimes and here it comes: only for specific IPs or maybe areas I get an 522 Error from Cloudflare or an Alarm from one of the Uptime Monitoring Services I use on the sites. The site usually is down 5 minutes or longer and then comes back up again by itself.
The server is not under heavy load and the sites can still be reached fine from another connection, for example from a VPN connection using only IPv4 or by accessing the IPv6 directly in the browser or from speed testing sites like GTMetrix or Google Pagespeed Insights.
If you could have any clue that helps me, I would be extremely thankful!
Thanks for taking on this issue!