I have migrated from GoDaddy to Cloudflare. I have changed the NS of my domain. I have a webserver proxied using NGINX Proxy Manager. I see that DNS A record for services is pointing to the correct public ip. When protection of Cloudflare is ON > Error 522. If i switch it to OFF > I can perfectly reach my internal webserver on port 443 which is behind the NGINX proxy. Please any advise ? The SSL on Cloudflare is FLEXIBLE. On NGINX i’m using ZERO SSL.
Flexible is insecure and connects to your origin over port 80. You’re connecting over 443 and saying it works, so you should change your SSL/TLS mode to Full (Strict) or Strict (SSL only)
SSL/TLS → Overview, make sure you’re on Full Strict or Strict SSL, otherwise Click Configure and select custom → Full (Strict)
Magic Link: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/configuration
Full (Strict) will connect to your origin over 443, when you connect to Cloudflare over 443.
I’m assuming you mean ZeroSSL here and not Zero SSL as in terms of no SSL. If you do lack a SSL Cert, Cloudflare has free ones up to 15 year expiration dates for origin servers under SSL/TLS → Origin Server
522 is Cloudflare’s generic cannot establish connection with web server.
The article here Community Tip - Fixing Error 522: Connection timed out goes over it, but in short:
You want to make sure you’re not blocking Cloudflare’s Ip, and if anything are specifically allowing them.
You said your site is servicesbalfin.info?
Are you on the same network as your nginx proxy/web server?
If so, it could be helpful to try from the outside. You can use curl resolve overrides like: curl --resolve domain.tld:443:HOST_IP https://domain.tld/ -vvv from a machine on the outside ouf you have one, to connect directly to your origin without disabling proxy. If you’re self hosting on a normal ISP, seen a lot of situations recently with providers and CGNAT disabling port forwarding but you’ve still got hairpinning on your router, so it looks fine to you but isn’t reachable from the outside.
I rolled back everything and went to GoDaddy. I transferred again the domain and this time without turning on the Proxy option in the DNS records. It is working fine. If i choose to turn on the proxy setting for the A record of my webserver is getting error 522 again.
