Hi there,
I’m having issues reaching my site when using Cloudflare proxy in the DNS setting for my subdomain.
When the proxy is disabled I can reach the site. I get 524 “A timeout occured” error in the browser.
What could be the reason for this problem. Cloudflare is hosting my SSL cert so the proxy needs to be ON for my site to works properly.
When the proxy is disabled and Cloudflare simply resolves the IP of my server my site loads instantly.
That does not seem to be accurate, as your site is seemingly not working on SSL.
Cloudflare is not “hosting SSL”, but what you described suggests you have not completed your setup and your site is still without encryption. You need to fix that first.
So leave the proxy disabled and talk to your host to get your site working on SSL. Then it will also work on Cloudflare.
As for the error, that’s when your server takes too long to respond is probably related to your broken configuration. Once you talked to your host and fixed the server, it should also work on Cloudflare.
To clarify, I can reach the site with the proxy disabled using HTTPS(SSL) since i’m using the Cloudflare Origin Certificate on my nginx instance, just need to ignore the browser warning.
I had set up Cloudflare to proxy traffic to my backend in DNS settings and use a Cloudflare issued and managed SSL cert.
When the proxy is enabled I get 524 “A timeout occurred”
With an Origin certificate your setup is actually secure.
As mentioned, the error indicates your server did not respond within the given period.
What’s the domain?
Also make sure that your encryption mode is Full Strict.
i agree, this seems an SSL problem. but not necessarily with the site certificate, as it works when proxy is disabled
there are some additional steps to take, if you want Cloudflare to present your custom domain certificate, or you can just use theirs
you can use a self-signed cert between you and Cloudflare, which eliminates some hassle if you don’t mind using their SSL, if you do this you will need to set the TLS verify to off in the Cloudflare, ok, i shut up now 
You definitely should not use such a certificate, as that would essentially drop your security. Please do not mislead the OP.
As the OP has a proper setup, the issue here won’t be SSL related, but rather network related.
there is nothing wrong with a self-signed certificate to connect to the tunnel.
And where did the OP mention Cloudflare Tunnel? Let’s please not derail this thread.
yes, you might be right about that, there is not a lot of information provided by the OP, i made some assumptions
The issue is a mentioned earlier
and
That’s something for the OP to debug and fix on his server side and once the server properly responds, the issue will be fixed. The linked article may also help here.
as i said, I’ve tested the connection to the server from an outside machine, both with curl and the browser:
When Cloudflare proxy is enabled I get the timeout
When the Cloudflare proxy is disabled and just resolves the dns name i get an immediate response
I’m using the corresponding Cloudflare certificates on the server and Cloudflare. both issued by Cloudflare
I use Full Strict mode in CF settings.
Firewall is disabled
on the VM instance and OS level
1 Like
In that case your server might be blocking Cloudflare addresses. Make sure IP Ranges is not blocked.
Also refer to the article you linked earlier.
I contacted the cloud provider, they assured me that they do not block CF IPs.
From the steps I’ve taken so far it seams like the issue stems from CF proxy failing to connect to my server.
I can run a test side by side with the CF proxy enabled, going to my site with the browser fails with timeout.
At the same time using Invoke-WebRequest from powershell or curl from bash going straight to the server’s ip, results in immediate response
1 Like
It turns out curl and Invoke-WebRequest also work going through CF proxy! Only browsers get the timeout on windows, linux and mobile
1 Like
clearing the cookies, fixed the issue
2 Likes
glad that worked out, thanks for sharing.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.