New loadbalancer

Hello,
I created new LB and i need to test it now with one backend point.
All healthcheck and monitoring is green.
But when i try to open the LB new URL it gives me error as below

Error 521

Ray ID: 6613289562754e55 • 2021-06-18 08:30:56 UTC

Web server is down

LB URL
https://lb1.filesdna.com
Backend is running already if i go to it directly
https://prod.filesdna.com

Please advice.

Regards,
Mo

when i change the backend DNS to no proxy, then it will work better, but when i do many refresh then it will show sometimes

Error 526

Ray ID: 66140adf92d31f39 • 2021-06-18 11:05:25 UTC

Invalid SSL certificate

Here it loads fine → sitemeer.com/#https://lb1.filesdna.com and it generally loads fine for me too, though there are occasional 526s.

526s appear when you have a broken certificate and I assume one of your servers won’t be properly configured for SSL. Check if all your servers have the right certificate in this case.

Thanks,
At this stage im testing with only one server, and this server is working fine with SSL.
But i can not find what is the reason why on multiple refresh the SSL generate issue!
And that happened when i remove the DNS proxy, if i enable DNS proxy then i get server is down !

In that case double check that your load balancer setup actually really just makes use of that one server. Right now it really seems as if every second request went to a server with an invalid certificate, which is why you get the 526.


this is the setup now, what is wrong here?

Looks all right to me, but let’s call the cavalary :smile:@MVP

Right now it really appears as if there were at least two instances and the load balancer would proxy requests alternatingly, but from that screenshot it does seem as if you only had one configured. Maybe the fallback pool? Guessing here :slight_smile:

fallback pool is same bydefault, also the healthcheck is 100% up.
so maybe something else!

Could your server itself intermittently return no certificate? Did you check if you have any SSL errors on your server side?

yes i did check that, so if you test prod.filesdna.com with many hits you will not get any SSL issue

If you have ruled out SSL issues on your server and double checked that you only have that one server configured in your load balancer setup, then I’d be out of ideas I am afraid but support might be able to tell more from their logs, so I’d suggest to open a support ticket.

1 Like

I did that as well, so far i just got the bot answer :frowning:

Reply to the ticket saying that it did not fix the issue.

Also, post the ticket number here for @cloonan.

@cloonan , this is the support ticket #2187232

1 Like

The 526 I am seeing is coming from Always Online, so is not the current error.

Can you disable Always Online mode so that you start seeing the actual error from the Origin?

The certificate on the Origin is for the prod hostname, not for the lb1 hostname. What is your current SSL Mode, and over the course of your testing have you changed the SSL Mode a few times?

My guess is that your Origin is actually not always responding, but you are getting a copy of an old error from earlier in your testing when that happens. Disabling Always Online should make diagnosing that easier.

2 Likes

Good find :+1:t2: - noticed it and completely ignored it - but it does seem to be a current error. Check the time and IP address.

Where to check the time/IP ?

will do that and test, thanks

You rock !!
its working fine now when i disabled the always on :slight_smile:
So do i need to leave it like that always on = disabled, or there is solution for that?

Yes, yes I do.

But I’m not sure that is the solution. Can you explain how you are using Railgun with the LB?

And what is your SSL Mode?

1 Like