Has anyone experienced errors with Cloudflare workers causing other URLs on the same hostname that don’t go to the worker also having the same error?
I have setup a Cloudflare worker as a reverse-proxy to return content from an origin server.
This worker is restricted to only work on a specific file-path, both using the worker route, and by the code in the worker checking the file-path of the request.
If the call to the origin server fails, then the call to the reverse-proxy worker on Cloudflare also fails with a HTTP error code of 526.
This is expected behavior, and not the problem. The problem is that if the reverse-proxy call fails with a 526 error, then the very next call to Cloudflare, regardless of file-path, will also fail with a 526 error. If I reload the URL again it will complete successfully, until I call the reverse-proxy worker and it returns a 526 error again.
Here’s an example of the problem (with fake URLs):
www.mydomain.org is setup in Cloudflare DNS, with Proxy enabled.
I setup a reverse-proxy worker assigned to the route DOMAIN FOR SALE
The reverse-proxy worker is calling an origin server with the wrong SSL certificate.
There are no other workers or routes that match the other calls I make.
The problem can be reproduced with the following steps:
Reload the URL from #2 as many times as you want and it will load successfully.
Until you reload the URL from #1 and get the 526 again, at which point any URL will return a 526 error once.
Why would the call to the reverse-proxy failing result in all other calls to Cloudflare to fail?
I can fix the error in step #1 by installing the correct SSL certificate in the origin server, but I want my setup to be robust enough so the whole website is not brought down because the reverse-proxy is failing.
I have opened ticket #2197715 and not received a response, other than instructions to respond to this post with @MoreHelp.
I also wanted to clarify that this is not an issue with our Worker code - this is working as expected when it returns a 526 HTTP error in response to issues with the origin server.
The problem is that even though the Worker is assigned to a specific file-path, when it returns an error any other proxied calls (on any file-path) to return the same 526 HTTP error.
I cannot replicate the 526 you are seeing, I did notice an error on the origin certificate WRT the SAN. Do you still see the error if you proxy the A record that is named the same as your domain?
I updated the A record for ‘unrelentingsky.xyz’ (my domain) to be proxied, but am still seeing the issue.
I also looked through the Community Tip you linked, but none of that applies. To clarify, the issue is not with the Worker itself returning a 526 error. That is expected behavior and we can fix that by updating the origin server to return the correct SSL certificate. The problem is the Worker returning a 526 error causing the next call to the same hostname, regardless of file-path, to also return a 526 error.
You can repeat these steps as many times as you want and can see that the Worker responding with a 526 error is causing the very next call to the hostname, regardless of file-path to also return a 526 error.
Here’s a screenshot of my Route / Worker settings showing that the Worker should only be executing for the specific file-path:
This is most likely related to how Always Online is responding to the 526 being returned by the worker and attempting to serve a cached copy of the site. If you disable AO on the unrelentingsky.xyz site are you still able to reproduce this issue?
I have been communicating directly with customer support and we have determined that disabling Always Online stops this error.
However, I have not been provided with an explanation as to why the Always Online functionality results in this behavior - it does not make sense that a Worker returning a 526 error would result in all other calls to the same hostname returning a 526 error, and only for the next call.
I will continue to work directly with my customer support contact.
the 