DDNS on LEDE OpenWRT not working with CDN enabled on DNS page, get 522 connection timed out

dns
wordpress

#1

Hi, first, thanks for cloudflare, and thanks for the forum, and those who post & answer things here. It’s a relief.

I have an Arm7 Odroid XU4 microcomputer running Docker containers at home, for learning.

I’ve wordpress with a heavy theme installed in a container. It’s working perfect, but it’s unable to handle traffic, my uplink is only max 2mb/second and the CPU is a tiny Arm one, so it’ll go down in flames with any interest, let alone an attack.

My problem:
When I enable the ‘orange cloud’ cdn on the DNS page for the a-record, the public page goes down. Due to a cache bypass rule, I can still access the /wp-admin page even though the main public page is down. When I say ‘page is down’ I mean this:

Error 522 Connection Timed Out - Browser working, Cloudflare working, Host Down.

If I click the cdn off on the DNS page, a minute later everything is working and the site comes back up.

The catch: My router is LEDE (openWRT) and I’m using the Cloudflare DDNS plugin. It also works perfectly, the IP is updated reliably, no errors in logs, and the portforward 80 to 80 is solid.

I’m guessing Cloudflare DDNS isn’t compatible with the Cloudflare CDN caching?

I’ve turned off all wordpress plugins and set Cloudflare settings to pretty much everything off, and the fault still occurs. Tested on Edge, Crhome, IE, Safari, across tablets & PCs on different source IPs - from some IPs it seems turning of the CDN takes a while to fix it.

Lastly, given this is just a home level investigation / trial of CDN, I’m using the free Cloudflare. I’m a tech so I can probably do anything asked, but prefer not to recompile kernels or have to call Microsoft :wink:

Best,
xenek


#2

Hey, after a few hours of trying over a day or two, only after posting the above did I remember my ISP has a firewall. I’ve not noticed because my other testing devices were on the same wifi (phones that I thought were using mobile data were on same IP, same with PCs) or using non-blocked ports.

Increased protection against intrusion attempts to your broadband router or server:

  • Blocks web, telnet, ssh and proxy ports (80, 443, 22, 23, 8080, 3128) inbound (to you) only.

It’s likely the explanation for the issue, will report back once the firewall turn off request is processed.
x


#3

This topic was automatically closed after 14 days. New replies are no longer allowed.