522 Error while using CloudFlare proxy (works fine when not)

I am very new to CloudFlare, and don’t really understand how it works. However, i got an issue : when I try to access my website using CloudFlare proxy, I get 522 error, telling me that my server isn’t responding ; I read as much as I could to fix that issue, but all that was said didn’t matched with my problem : my tls certificate is fine (even if self-signed), my server (docker containers+nginx) runs correctly, and the most absurd : I am able to access to my website if I use DNS Only option. My SSL/TLS configuration is on Full, so it would fix the problem, but it doesn’t. Finally, when i disable TLS for try, it doesn’t work. Also, I can access the website from IP while i think CloudFlare should unable it. Here is my nginx configuration :

#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
server_name example.com;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
server_name example.com;
listen 443 ssl;
listen [::]:443 ssl;
ssl_protocols TLSv1.3;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_dhparam /path/to/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://localhost:5000;
}
}
}

TLS config : Full
DNS : AAAA pointing to my server’s ip

I hope this issue is fixable

Cloudflare can not fix that your Website is reachable over its IP. When you want you can drop all Packets to your Webserver that are not from Cloudflare IPs with a Firewall like IPTables. Just make sure you dont drop your SSH Packets as well.

Are you sure that there is not any Firewall in Place that could drop or Ratelimit Packets from Cloudflare IPs?

Also you could use a Cloudflare Origin Certificate for this. Then you can set the SSL Settings to Full Strict which will be safer.

Thanks you for trying to help me ; there is no firewall rules (wich is really unsecure).

Do you see incoming connections from Cloudflare on your server when you try to access the website via Cloudflare? For example, on Linux you can use the command: netstat -tapen to view all TCP connections.

It seems that there is no differences in TCP connections when trying to access to the website and when not doing anything

When you dont mind you could share the Domain you are trying to access. Then other People could try to connect if it is working for them

1 Like

You could try iptstate as well. Its a Linux Package that shows you the Infos from netstat in realtime. So that it is easier to see if there is a new Connection. Just in case there is a Connection but its to short to see them with netstat

What is the domain name?

Hopefully you have the SSL certificate at your host/origin.

Do you have port 80 and 443 open at your host/origin?
Port 80 and 443 are both compatible as others as follows on the article below:

I see you use Nginx and proxy your app over port 5000.

Have you allowed the Cloudflare IP addresses to connect to your host/origin?

A good way to check with the steps as written below:

Thank you for your help ; I realized that my anti-virus’ firewall was blocking all TCP connections ; i fixed it.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.