Cloudflare 524 for only some hosts

We are trying to debug an issue and I’m not sure where to start. We have a Cloudflare tunnel that only works for some hosts.

For example:

(1) Macbook in Sunnyvale Office

curl -m 5 'https://server-host.com/ping' # returns a small JSON
curl: (28) Operation timed out after 5004 milliseconds with 0 bytes received

(2) Different Macbook in Sunnyvale Office

curl -m 5 'https://server-host.com/ping' # returns a small JSON
curl: (28) Operation timed out after 5003 milliseconds with 0 bytes received

(2) Linux Machine in Sunnyvale Office

curl -m 5 'https://server-host.com/ping' # returns a small JSON
{"uptime":"21h 42m 45s 907ms 799us 786ns","ok":true}

(3) Server in Ohio:

curl -m 5 'https://server-host.com/ping'
{"uptime":"21h 49m 21s 297ms 983us 259ns","ok":true}

In both timeout cases, if we remove the curl timeout we eventually get a Cloudflare 524, and likewise in the dashboard we also see a spike in 524:

What doesn’t seem to make sense is why are some hosts seeing 524 and others seeing a successful response despite the fact that both machines seem to be able to connect to Cloudflare just fine?

If you run cloudflared tunnel with --loglevel debug you should see a log per request handled there. If you do not see logs for the failed/timed out requests, then this is worth raising with support. If you do see logs for the failed/timed out requests in a timely fashion, then the problem is between cloudflared and your origin.

Restarting cloudflared seems to have alleviated the issue for now so it doesn’t look like I can get debug logs.

If you do see logs for the failed/timed out requests in a timely fashion, then the problem is between cloudflared and your origin.

The origin and cloudflared sit on the same host and the endpoint itself is pretty simple. I can’t rule this out 100% without the debug logs but it would be unlikely for the origin to timeout based on where the client connection is coming from (especially because as far as the origin is concerned, all the traffic is coming from one place).