My IP address changed on my server (running an AWS machine on EC2). Everything was working great until that point. now it’s been about 3 days since I changed it (I did update the DNS records on CF). and parts of the site come up and parts get 521 errors. If I set it to bypass the proxy in CF DNS it works fine, coming in as http, but once I use CF proxy my SSL requests sometimes get the 521. I am set for Flexible ssl, so everything coming from cf is to my port 80.
If I turn off auto http redirects, and use regular non ssl http, it works great. If I hit it via the IP address, no problem. it’s when I start going ssl it’s hit and miss with the 521.
I am thinking it’s got something cached somewhere and trying to hit the old IP address at times. but its been a few days and I figured it would have worked itself out by then. I’ve purged my cache a bunch of times via the purge option here.
As I mentioned the only thing that’s really changed is the new IP.
The site is
Don’t avoid that. That is the most important thing you need to fix and you should not allow anyone to visit your site until you are using Full (Strict).
I don’t think that will solve the problem IMO. I’ve seen people with similar problems still having an issue.
Now here is a new wrinkle which might be useful for anyone in similar situation.
I am using an EC2 machine with AWS for my server, but by happenstance I have a few static IPs and servers of my own, so for grins I moved my software to one of these servers, switched cloudflare DNS to point to new server, and the problem disappeared. As another experiment I reset my AWS instance so it assigned me a new IP (maybe the IP I had was labelled somewhere as spammer), that didn’t fixed.
So running on AWS, intermittent 521’s (suddenly. worked before). move off AWS and no problem. Leads me to think:
-Maybe AWS is throttling me because somehow it thinks some cloudflare IPs are spammy.
-My AWS firewall settings (security groups) have gone wacky or something changed there. But eyeballing them shows port 80 and 443 open (along with some others).
-Maybe there’s an internal problem with either CF or amazon reaching my zone there (like maybe one of their servers is offline, but you’d think it would be fixed up by now)
The first thing is to fix your configuration and proceed as @epic.network and @Laudian suggested. Once that works, we can take a look at anything else. As long as you have a broken setup, there is no point in debugging anything.
I went for the strict mode. and it replaced the 521 with 520. though not as frequent. I notice if I purge the cache I’ll get a bunch of them for my image files then it will settle down and work.
Here’s another piece of the puzzle I just remembered. About 4 months back I experienced the same thing (running in flex mode btw). I had my server on a different ISP (not AWS) and it was working great. Then one day, the 521’s starting to hit all of a sudden. the firewall was open and there was no issues with that. After a week of trying I gave up and moved to an EC2 server on AWS and it worked great (new IP, New machine). I just blamed my ISP and thought nothing more of it.
Now it’s happened again, same thing. runs fine for months, then 521’s (generally on image files but also scripts and such fail). So now I am thinking, maybe CF is throttling me down a bit because I am on the free plan. It may be worth an experiment to upgrade to ‘paid’ to see if I get more love that way.
I am also considering deleting my CF domain completely and restarting, thinking maybe something is jammed up. I’m not in production so we can play around like this.
what’s also good is I can move my service between AWS and a server in my own datacenter (verizon) IP where I have full control over firewalls and such. so can do a lot of testing. btw the errors are 520 now,
have a ray ID of
7eb071c53ca93af3-IAD
switched to a paid plan. 520’s seemed to have dropped. well not as bad. but I’ll page through a bunch of pages then suddenly a bunch one 1 page. I’ll submit a bug ticket and report back
The paid plan should actually not make much of a difference, unless the issue is related to datacentres and the paid plan gives you a different routing. If that is the issue, then it will have been something with your server blocking certain Cloudflare datacentres.
yeah, I was excited initially when I switched to paid cause the first few pages came back w/o errors. then a little deeper in. trouble again. I had the same thought as you about my server blocking certain CF data centers, but I had the same trouble when I had the server on a different ISP before moving it to AWS. I may try moving it again to see if that clears it up, but the last time I moved it, it cleared up for a few months then trouble, so I anticipate the same thing.