Enabling the DNS proxy blocks access to the origin server

ccsalway · February 17, 2023, 11:28am

Origin server can be accessed when the DNS proxy is turned off, but when enabled, I get a 521.

I am not running a firewall in front of the AWS API Gateway.

curl -v https://api.hikingbritain.uk/
*   Trying 2606:4700:3031::6815:56a3:443...
* Connected to api.hikingbritain.uk (2606:4700:3031::6815:56a3) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.hikingbritain.uk
*  start date: Dec 28 18:24:26 2022 GMT
*  expire date: Mar 28 18:24:25 2023 GMT
*  subjectAltName: host "api.hikingbritain.uk" matched cert's "*.hikingbritain.uk"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: api.hikingbritain.uk]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x7febbe00fc00)
> GET / HTTP/2
> Host: api.hikingbritain.uk
> user-agent: curl/7.85.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 521 
< date: Fri, 17 Feb 2023 11:14:11 GMT
< content-length: 0
< cache-control: no-store, no-cache
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7tXDx%2BQ1i2TqTBT7KsQFza9aXqthTY%2Bl5XQaSe2m1UScdKjVjkVT8Mp8XRwTauE0WSAxD%2FzxVvH%2BNB0WfpeCZOifuSS%2FIs41MNN9RkTT3lWnO5l6tSX5P4Ro0tuIaLZZBEFgMpPzjCiJAalAP48kQWhcw%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 79ae19138d61dd87-LHR
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host api.hikingbritain.uk left intact

system · March 4, 2023, 11:29am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.