Need help with connection timed out 522 on Pi web server

Hello o/ There are a few posts like this floating around but none solve my issue. I read through the quick fix ideas in the documentation for the 522 error but no dice there either. The site in question is rhys-the-davies.com on a public IP address 51.6.82.168. Browsing gives me the pretty 522 error and curling gives me the less pretty 522 error.

This same error has happened before but it has been because the IP address of my Pi changed so I needed to change it in Cloudflare, it didn’t change this time.

I can still access my site using the public Ip address in the browser but not my domain which leads me to believe its not a resourcing thing. Plus its the only thing running on an 8GB Pi at the moment, so there’s that.

I’m not sure how I can make sure Cloudflare’s IPs are whitelisted but iptables isn’t set up on the pi and there’s no other firewall stuff active. Perhaps this is my issue and I’m misunderstanding? I could install something like fail2ban but I don’t think it would make a difference.

dig +short ns rhys-the-davies.com tells me I’m using Cloudflare name servers so that’s fine.

I can still ping and traceroute the domain without issue.

The only thing I’ve changed recently was to add a subdomain (blog.rhys-the-davies.com) as another A record in Cloudflare, but that points at a VPS instead of the Pi. I had it up and working perfectly fine and I was editing away when it threw me out the other day. When i try to go to that site now I get a 502 error, I’m assuming because of the 522 error. But I don’t know how to debug if this has screwed things up.

And finally https://www.cloudflare.com/diagnostic-center/ gets stuck “Running Diagnostics Test…”

Any ideas? Please treat me like an idiot.

Is Cloudflare allowed to connect to your Pi? (IP addresses)

Moreover, which port are you using on your VPS or Pi? (there are compatible ports with Cloudflare)

Have you tried checking and going through the steps as written on the below links:

1 Like

Hello, sorry to hear you are getting this error.

The link http://rhys-the-daives.com/ doesn’t return a cloudflare error, it returns this

Are you sure the URL is correct? Check if there is a typo in http://rhys-the-daives.com/ and tell me if it’s correct!

However the link http://blog.rhys-the-davies.com/ returns a cloudflare 502 bad gateway error, looking like this.

As @fritex said make sure that cloudflare IP’s are NOT blocked a list of cloudflare IP’s is available at IP Ranges | Cloudflare make sure they are set to bypass or whitelist.

The bad gateway error is usually indicates that one server on the internet received an invalid response from another server. In some cases, this error is returned by Cloudflare before contacting your origin server.

What have you tried? Hope to hear back soon, also to troubleshoot 5xx (server errors) visit Troubleshooting Cloudflare 5XX errors – Cloudflare Help Center Again, hope to hear back soon!

1 Like

Interesting, so @AppleSlayer, woops I linked with an incorrect URL, it should have been https:// not http:// … which returned the 522. I’m still unsure as to how to make sure the IP’s are NOT blocked. Working through @fritex 's suggestions:

Cloudflare is allowed to connect to the Pi, it has done so hundreds of times before the issue. And I tried running the iptable commands at the link suggested, i.e

iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT

and 

iptables -A INPUT -p tcp --dport http,https -j DROP

but I think there’s something wrong with them because iptables doesn’t recognise a few of the inputs. So I moved onto the next suggestion. The pi is listening on port 80 but listens to 443 if there are SSL incoming:

Listen 80

<IfModule ssl_module>
	Listen 443
</IfModule>

<IfModule mod_gnutls.c>
	Listen 443
</IfModule>

(from ports.config) In the virtual hosts config file for my site I tried changing it from 80 to 443 and back again but neither worked. And I went through each of the other links, the only thing I haven’t done as I’ve said is make sure the IP addresses are NOT blocked.

To make sure cloudflare IP’s are not blocked first open https://dash.cloudflare.com/ or https://cloudflare.com then click “log in” if needed, then click on the site you are having this issue on then click firewall, then click firewall rules. Then name your firewall rule. Then click IP address and set all cloudflare IP’s again you can see cloudflare IP’s at IP Ranges | Cloudflare

1 Like

I followed your instructions and added a rule that says:

When incoming request matches [Each IPv4 and IPv6 address on the IP ranges page] Then allow

But no dice, same error. Just to be sure I cleared the browser cache and the Cloudflare cache, but still 522 :frowning:

Hmm… screenshot? I’m getting a 502 error but your getting a different error so I need a screenshot of the error. Also maybe try pausing the site on cloudflare? Also maybe set to bypass as well?

Sure, screenshot:

Hmmm, I paused Cloudflare, cleared caches etc and got the same error. Not the same error actually, it just times out now instead like below. It must be an error on the Pi’s apache configuration side then I suppose.

Ok if you want, maybe invite me to access your account. I would have access to everything but membership and billing, my email address is {redacted}]. I’ll be looking forward to your invite!
`

Hey, now I’m getting a different bad gateway error.

@rhys.michael.davies I ran your sites on cloudflare diagnostic page and it has some issues!
The first site (http://rhys-the-daives.com/) returned these results.







So, yeah you’ve got problems on the first site.
Now the second site returned these results (http://blog.rhys-the-davies.com/)




So, it looks like your domain has a lot of problems, but your subdomain also has some! Hope to hear back soon!

So that’s not surprising since I stopped Cloudflare on the site. I only now re-enabled it. Could you try the diagnostics again and see what you get, if there are any more errors?

If there are please let me know, if not I’ll give you access to my account to poke around but given what we’ve seen it seems like it’s a server issue, not with Cloudflare.

Ok, I’ll run them again as soon as I can!

1 Like

Ok, diagnostic results for http://rhys-the-daives.com/ is below







So basically I’m getting the same results.
But the second link (http://blog.rhys-the-davies.com/) returns these results the second time




Can you show me DNS (domain name server) responce codes? If you need help on how to do that, you can ask me.
Also, 502 error still present on http://blog.rhys-the-davies.com/
And http://rhys-the-daives.com/ is still saying the same thing!

1 Like

Wow, that’s concerning, but also strange, when I try and access the site I get this again:

And could you help me with how to find the response codes? Is a simple ping enough or should I dig with specific options?

You can find DNS responce codes by first logging into your cloudflare account by visiting dash.cloudflare.com and then click the site you want to check, then click Analytics, then click DNS, it should show queries by responce code. Send me a screenshot of the results, also what’s the link your getting the 522 error on? I’m not getting that error. Also check to see if something maybe hogging up your resources, causing connections to time out. Also, allow my IP and I’ll see if I can get the same error (look at the screenshot where it says “Your IP”) please don’t post that screenshot anywhere else as it contains my IP!

Cetainly, so, response code screenshot:

The link I’m getting 522 on is https://rhys-the-daives.com still. 502 is on blog.rhys-the-davies.com for me.

A simple top in the server terminal shows me there’s nothing taking up more resources that I would expect:

And like before with the Cloudflare IPs I’ve added your IP to the allow list - not sure how long that takes to kick in

Well I still get this

Try going and seeing logs from when you started having this issue, you may get more responce codes that way

Hmm… https://httpstatus.io/ says this about your site.


And https://www.isitdownrightnow.com/ says this

Maybe you have firewall rules blocking access or timing out connections. Also, it’s weird how I can’t access the https://rhys-the-daives.com/ site can’t be accessed by me but I can access your subdomain (https://blog.rhys-the-davies.com/) but get an error 502. It could be my browser, so may I ask what browser are you using? If it’s different than my browser, than it maybe having issues accessing the domain, while you can. BTW: I’m using google chrome.

1 Like