Error 522 even I configure iptables and firewall

Hello, I’m new to the topic.

I configure a webserver:
However, I have Error 522 when I access to the subdomain but no errors when I access to my WAN IP.
I have allowed Cloudflare’s IP adresses like on the link: on iptables and on firewall
Thanks for helping!

This is the error message when I access to the subdomain.

Did you remember to restart iptables? :wink:

If I may add a note here, hopefully the OP went with iptables-save (even ip6tables-save) to apply the changes, otherwise there could be some issues later (possibly the same again?).

I am not familiar with restarting iptables service, but maybe you were refering to restart the networking service? (not needed if saved, later checked with iptables -L or some other way around)

Later on, for further possible system reboots, if iptables aren’t been saved or applied after the reboot, therefore you would have to use some kind of like iptables-persistent package (just in case).

Just in case if you already did not read, may I suggest looking into below articles (if not already) due to the specified issue of 522 timeout:

May I ask was the naked domain and also the sub-domain working over HTTPS before moving to Cloudflare?

If so, do you have an valid SSL certificate installed at your origin host / server which covers both your naked (root) domain any any other needed sub-domain like www, mail, etc.?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

If so, have you tried contacting your hosting provider, if there was or still is some kind of possible network maintenance (just in case)?

1 Like

The naked domain is:
I have a www sub-domain but not using actually.
I have only my naked domain and the www sub-domain before I move to Cloudflare.

I think I have an SSL certificate installed on my server but I don’t remember.

I have the Flexible option.

I have checked firewall, nothing change.

I use UFW, which is based on iptables, and it requires you to restart/reload to apply changes - something I may have forgotten to do once or twice :sweat_smile:. I just assumed iptables requires you to do the same but perhaps not?


Kindly, could you please re-check and confirm this one?

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare Origin CA Certificate:

In terms of security and some possible issues like redirection loops, or other HTTPS (SSL) errors I would just like to add a note here regarding Flexible SSL in the below two articles and also a tutorial of how to properly setup the SSL for your domain with Cloudflare:

I re-check and I have SSL certificate (* and

I set to Full Strict but I have a Error 523 instead of Error 522.

May I ask is the correct IP address set under the and the sub-domain actually exist at the server?

Or rather to ask, is the vhost configuration file for that (sub)domain being properly configured at the server?

Regarding Cloudflare returning 523 error, kindly see the suggestions on the below article:

The correct IP is:
I need to use the 8100 port for my server.

Hm, can be used if you proxy it via Nginx to some of the compatible and supported with Cloudflare :orange: (proxy mode) - or if using Kemp Load balancer for example.

Or possible if you use Cloudflare Specturm and pay for it, but it could be a quite expensive.

Nevertheless, ports list compatible and supported when using :orange: cloud (proxy mode) on Cloudflare can be found here:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.