OH, POOH! What to do? Recieving a 522!

Intro to Error 522:

I am attempting to host a website from my man-cave. It had been out of commission during fall semester, but now I have rebuilt the site and re-enabled dynamic dns, I am getting the 522 error. The setup is exactly the same from what I can tell. The only difference is that instead of updating my ip with dynamic dns on my router, I am now updating it from the actual server that is hosting the site, and it is updating it correctly.

I have:

  1. Enabled keepalive and extended the keepalive_timeout to 135 secs on the host server.

  2. Whitelisted all of Cloudflare’s ip network ranges in my firewall configuration.

  3. Stopped and disabled all other unnecessary processes on the server that could possibly put additional strain on the system.

  4. Checked all of my firewall policies on both firewalls.

  5. Ran traceroute from the source server.

  6. Checked that the dynamic dns is updating correctly.

The only potential issue is that one of the external network hops drops a lot of packages. It belongs to telephonica.com, which is not even in the same country as me.

I am running out of ideas. Anyone have any suggestions?

This is not clear to me. The fundamental question is, are you updating the IP address each time on Cloudflare? And does this work, have you verified it?

The answer to both is, Yes.

When I say, “everything is the same”, what I mean is that the gateway used is the same, the routers used in the network are the same, the rule set for those routers are the same, the host serving the site is the same.

The “same” as?

Does the site work when you pause Cloudflare?

Sandro,
I believe that I am having a much larger problem than I first realized. Putting cloudflare aside, I cannot contact the site from my external IP address. I believe that my ISP is blocking incoming connections to my servers. When I perform a traceroute to my external IP the trace ends abruptly when it reaches the gateway of my ISP. As show below:

     Hostname/IP                                                  Loss:      #:   OTHER...:
     --------------------------------------------------------------------------------------------------------------------------
     1. 10.0.a.x                                                     0.0%      4    0.6   0.5   0.3   0.6   0.1
     2. 10.0.b.y                                                     0.0%      4    1.0   1.3   1.0   1.6   0.3
     3. 180.sub-FF-AGD-AGE.myISP.com                 0.0%      4   33.5  40.4  33.5  50.1   7.2
     4. (waiting for reply)

Of coarse I manually obfuscated my real IP, but you get the point. I might have to institute a vpn with a static IP address to circumvent this limitation or permanently run an instance of ngrok.

Well, that would explain the 522 :slight_smile:

Yes sir,
it most definitely would. Since my network runs off of a multi-wan and since today we had an extended period where one of those wan connections was down, it gave me an opportunity to retest my site, and it worked beautifully. So now, I need to find a way to circumvent this restriction and forward my site.