Heroku SSL 502


#1

I’ve followed this guide:

unfortunatelly I’m getting a 502 error… Any help is appreciated, thanks!


#2

“Full” or “Full (strict)”?

Can you open the actual address under https?


#3

It’s set to “Full” and I can open the address under https.


#4

Forgot to add earlier “without any warning messages”, right?

Hmm, anyhow though, as you havent set it to “Full (strict)” it should probably work regardless of the certificate’s validity. You also wrote the status is “active”, so it shouldnt be a missing certificate on Cloudflare’s side either.

502 shouldnt be a TLS error however, but rather a generic one regarding the uplink. Have you made sure and/or verified the origin server is reachable from Cloudflare (no firewall entries)?


#5

Thanks for your help, it’s much appreciated!

No warning message, the app is running on heroku and uses the wildcard cert from herokuapp.com.

I don’t see a reason why there would be any firewall entry on heroku side, and this exact setup must be working for some as I simply followed this guide


#6

Firewall-wise I was merely guessing :slight_smile:

Assuming you dont need to keep the origin server hidden (or do you?) could you post the two URLs?


#7

I can’t really share the 2 urls publicly, but I modified the origin for testing purpose: https://azvlcpqfbkxpsnyxdglmpuqxgzubdl.herokuapp.com/

here is the error I’m getting on my domain:


#8

I am afraid that would require more in-depth knowledge of which hosts are involved. My advice at this point would be to contact Cloudflare’s support.


#9

The actual site is returning a 502 error (there’s no content there at the moment).

curl -Ik --resolve crowsrock.yourdomain:443:your.ip.address https://crowrock.yourdomain
Connection: keep-alive
Server: Cowboy
Date: Tue, 29 May 2018 13:24:04 GMT
Content-Length: 2476
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store

If you curl the heroku instance you see it in the response as well:

curl -v http://somethingsomething.herokuapp.com

< HTTP/1.1 502 Bad Gateway
< Connection: keep-alive
< Server: Cowboy
< Date: Tue, 29 May 2018 13:27:47 GMT
< Content-Length: 2476
< Content-Type: text/html; charset=utf-8
< Cache-Control: no-cache, no-store
<

<html>
  <head>
    <title>Heroku | Welcome to your new app!</title>
    <style type='text/css'>
  body {
    background-color: white;
    color: #333333;
      font-family: Arial, sans-serif;
    margin: 0;
    padding: 36px;
    line-height: 1;
    font-size: 14px; }

#10

For future reference, does Cloudflare rewrite such origin errors with its own error dialog?


#11

For errors like a 502 yes.


#12

Is a 502 then always passed through from origin or could it also originate from Cloudflare? If it is the latter, it might be good to have something to distinguish them.


#13

There is a difference. If the origin throws a 502, you get the pretty Cloudflare 502 pathway screen.

If Cloudflare throws a 502, you get the ugly plain 502 screen.


#14

Thanks. Well, not that it would make sense :wink: but it is distinguishable. I would have expected it the other way round to be honest.


#15

This topic was automatically closed after 14 days. New replies are no longer allowed.