Cloudflare's domain timing out (522) with nginx proxy manager unless ip address is appended to url

Hi All,

After several days of failing to resolve my issue using independent research I am hoping to reach out to the community for some support on the following problem I am facing. The following is my configuration:

  • I have a simple domain name purchased through Cloudflare (e.g. domain.net).

  • I set up an A record to point my subdomain (e.g. sub.domain.net) to my WAN IP address. Proxy is selected to ‘on’.

  • SSL encryption mode is set to on Cloudflare is set to full (strict) security.

  • External ports are open in my router for this service (not 80 and 443 but for the same purpose e.g. 8082 and 8443) and forwarded to my internal ports on the host IP address. It may also be worth mentioning, I have another HTTPS service running on 443 from a different computer and based on my limited understanding of ports, using 443 for this service as well will not work.

  • NGINX proxy manager inside a Docker container is listening on those ports on the host end, and within the container on its per-designated ports per the docker-compose.yml. Checking for open ports using using canyouseeme.org for ports 8082/8443 indicates that forwarding is working as intended.

  • NGINX reverse proxy is set to point to an internal IP address and specific port for the above mentioned subdomain.

  • NGINX SSL certificate has been requested and issued through NGINX proxy manager and successfully issued by Lets Encrypt - Cloudflare to the subdomain, and added to the proxy.

Here is where the problem is:

  • If I try to reach sub.domain.net:8443, the site resolves, I am able to access it as expected.

  • If i try it without the port e.g. sub.domain.net the site never loads and I get the Cloudflare error pointing to the host with a timeout error of 522.

I tried a variety of suggested solutions to remedy this:

  • Disabling the “proxied” option in my A record.

  • Creating a wildcard subdomain e.g. (*.domain.net).

  • Removing/re-adding the proxy and a variety of different hosts and ports in NGINX proxy manager.

  • Re-issuing the certificates (yep, got that desperate).

This list goes on. I have run out straws to clutch and am totally lost for where else to look. I would be very grateful for help with this!

Many thanks in advance.

Use origin rules to tell Cloudflare to use port 8443 to connect to your origin for sub.domain.net

2 Likes

Two things:

  1. Use an Origin Rule instead where you define the port that Cloudflare uses to connect to your Origin.

  2. Even better, use a tunnel. It’s so much easier and better. You don’t have to open any ports. And you can even use default ports, as you can just use a 2nd tunnel for your 2nd PC.
    Cloudflare Tunnel · Cloudflare Zero Trust docs

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.