We had been getting reports from a few of our users that they were getting the Cloudflare 522 error screen for our sites, but we could not repeat the error. Upon investigation via the logs in the CF dashboard, we have found that a small number of requests from the LAX data center are returning the 522 error, e.g. 100 out of 15,000 in the past 24 hours for the LAX data center.
Looking into this further, it appears only to be occurring with the LAX data center as all the other data centers we have checked have had 0 reports of this error in the past 24 hours, e.g. LHR had 130,000 requests and 0 522 errors. Also, it appears to be occurring across all our domains.
Has anyone else experienced this and have any idea how to resolve it?
A  error happens when a TCP connection to the web server could not be established. This typically happens when Cloudflare requests to the origin (your webserver) get blocked. When this happens, you’ll see “ERR_CONNECTION_TIMED_OUT”.
->Make sure that you’re not blocking Cloudflare IPs in .htaccess, iptables, or your firewall.
->Since you If observed 522 errors from certain locations only, it means you likely forgot to allow one of our ranges that corresponds to these locations, so double check to ensure all our IPs are allowed appropriately.
→ It may be there was a temporary problem on the path or at your origin preventing connections from completing. If they are no longer happening, here are two actions to take:
a) Check with your origin infra team to see if they had any issues with packet loss or if your server was under load at the time the errors happened .
b) Confirm that all Cloudflare IP ranges are fully exempt from any rate limits.
Probably should have mentioned that the connection to the web servers (docker swarm cluster) is via an Access Tunnel using the cloudflared daemon, so nothing should be blocked by the firewall. There is no packet loss, excessive load or rate limits at our end.
Looking at the logs on the Dashboard it has been a consistent problem with LAX for at least the past week:
So 636 522 errors in the past 7 days but out of 501.5k total requests via the LAX data center, so a very low percentage, but still enough for users to have noticed and reported it to us.
To add to this, all requests via the LAX data center seem to be extremely slow, so even when it is working the response times are between 15 to 25 seconds for every request, again only with LAX. If I connect via a different DC, e.g. Seattle, United States (SEA), the response times are sub 1 second and there are 0 522 errors from SEA in the past 7 days.
Does anyone know if we can exclude a DC from our setup, e.g. re-route traffic that would have connected to LAX to a different US west coast DC like SEA?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.