Intermittent 502 errors for websites hosted in FRA & AMS

We have multiple servers in multiple data centers in Frankfurt and Amsterdam, run by four different providers.

In the past week, our website monitoring services have been reporting a lot of 502 errors returned by Cloudflare. These “502 Bad Gateway” errors are the black and white Cloudflare-branded ones. None of this shows up in our server logs.

This is an interminent problem. We run tests every 5 minutes. These 502 Bad Gateway errors are reported around 10 times per day.

Has anyone else been getting 502 errors in Frankfurt and/or Amsterdam?

It won’t. That’s an error at Cloudflare, so that request won’t make it to your server. And there’s nothing in Cloudflarestatus.

Is there a way for you to get the full raw response when that happens? Like a curl -v output?

For example:

HTTP/1.1 502 Bad Gateway
Server: cloudflare
Date: Sun, 20 Jun 2021 12:40:15 GMT
Content-Type: text/html
Content-Length: 155
Connection: keep-alive
CF-RAY: 662510813f1f4a7a-FRA

502 Bad Gateway


cloudflare
1 Like

Thanks. I’ll bump this into the Escalation list.

1 Like

Can you share a link to reproduce this and additionally the output of whatever domain you are using suffixed by “/cdn-cgi/trace”. For example https://yourname.xyz/cdn-cgi/trace but with the yourname.xyz replaced by your domain name.

Edit: Also, do you have a ticket number for this already?

1 Like

This is an intermittent issue. So far today, we have seen the “502 Bad Gateway” error at these times:

01:58
02:10
02:24
09:50

We test 15 websites every 2 minutes, so these 4 errors were reported after running the test ~5,000 times.

I do not have a ticket number for this.

We have been seeing these errors since last week.

Our servers are in Frankfurt.

One of our domains where we’ve seen this issue is cinafilm.com.

Here’s the output of curl -v https://www.cinafilm.com/cdn-cgi/trace

* About to connect() to www.cinafilm.com port 443 (#0)
*   Trying 104.21.2.170...
* Connected to www.cinafilm.com (104.21.2.170) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=CA,C=US
*       start date: Aug 07 00:00:00 2020 GMT
*       expire date: Aug 07 12:00:00 2021 GMT
*       common name: sni.cloudflaressl.com
*       issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
> GET /cdn-cgi/trace HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.cinafilm.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 21 Jun 2021 11:39:24 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Server: cloudflare
< CF-RAY: 662cf4c44d774eaa-FRA
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Cache-Control: no-cache
<
fl=71f672
h=www.cinafilm.com
ip=178.162.193.20
ts=1624275564.21
visit_scheme=https
uag=curl/7.29.0
colo=FRA
http=http/1.1
loc=DE
tls=TLSv1.2
sni=plaintext
warp=off
gateway=off
* Connection #0 to host www.cinafilm.com left intact

Thank you for the information. Could you please open a ticket and, if possible, send a HAR file of when the error is replicated? I’m not seeing anything immediately in our logs here but it may be unique to a specific request. If this only happens on a specific URI please also indicate that.

Additionally, if you can replicate it, another way to get some insight into why the error is occurring is to send the same request to the origin and observe the output there.

In your ticket it would also be helpful to provide a few RayID for us to search for as well? Please post the ticket number and we’ll be sure to get it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.