Port 443 connection timeou tcode 522

What is the name of the domain?

mydomain.com

What is the error number?

code 522

What is the issue you’re encountering

Connection timed out Error code 522

What steps have you taken to resolve the issue?

Hello, I discovered that api.mydomain:8443 HTTPS GET/POST requests cannot be cached by Cloudflare, so I decided to run my backend on port 443.

My previous setup looked like this:

Client Browser <-> Cloudflare Edges <- Full (strict) -> Origin (socket port: 8443)

Everything worked well:

• api.MYDOMAIN:8443 was functioning correctly.

Then I changed the configuration:

• Made the origin run on port 443.
• Binded the WAN port 443 to the LAN port 443 on my router, similar to port 8443.

Client Browser <-> Cloudflare Edges <- Full (strict) -> Origin (socket port: 443)

However, I now get a Connection timed out - Error code 522 between Cloudflare edges and my origin running on port 443.

I can access my backend externally using WAN curl https: //<MY_IP>, and internally via LAN curl https://<MY_LOCAL_IP_IN_NETWORK>, and also using https: //0.0.0.0 as I am broadcasting on all interfaces. However, when using Cloudflare DNS (I manage my DNS through Cloudflare), I get a connection Connection timed out Error code 522

What I’ve tried:

• Checked iptables -L and ufw for any forbidden rules or firewalls that could be blocking Cloudflare edge connections to my origin. There is nothing blocking Cloudflare from connecting to my server.
• Tested different settings: Flexible, Full, and Full (strict) in the TLS/SSL settings in the Cloudflare dashboard.

DNS Settings in Cloudflare dashboard:

It will be almost impossible to offer any help without knowing the domain and your IP address. Would you mind sharing these via a private message?

Sure! I will share in DM

P.S: How can I send you a private message? I can’t find a button or anything on your profile. Will I be contacted via email?

I think you are having the same issue as me. I can access my backend by using my public IP but can’t using DNS. It works on 8443 but not with 443.

Restricted by the local ISP and port forwarding?

May I ask if you’ve considered running a tunnel instead?

I also tried setting up inbound traffic (port forwarding) to redirect port 443 to port 8869 on the LAN, for example. However, I am still having issues. I am inclined to think it might be related to a security policy from my ISP, but I am not sure 100%. I’ve already shared the domain and origin with Laudian, and I can share it with you as well, so you can take a look at what’s going on, maybe it is indeed ISP restriction.

As for tunneling, it seems like a very unconventional solution. I’ve never heard of anyone using it. Is it recommended for production use? Does Cloudflare cache it?

Yes it is.

Yes. No need to expose public IP address from your home or router. No need to open ports on router nor do port forwarding. You can bound your service to your localhost:443 or some other local IP address 192.168.xxx.xxx and local port for HTTP(S). More secure way to do it since you’re running service from home and want to have it available to you and someone else on the internet as hostname e.g. www.mywebsite.com.

curl -svo /dev/null https://sub.example.com --connect-to ::12.34.56.78
* Connecting to hostname: xxxxx
*   Trying xxxxx...
^C

No response directly via IP address either. So the Timeout is not a Cloudflare related problem, but most likely something by your ISP as @fritex mentioned.

Using a tunnel is definitely a great idea, as it doesn’t require you to configure port forwarding or anything else that opens your system up from the outside.

Indeed, I just checked using my phone’s IP via mobile internet, and it times out as well, but it works from my LAN devices (previously, I was only checking from the LAN -_-). This is why Cloudflare’s edge servers cannot reach the origin. Big thanks to @Laudian and @fritex for their help. I will look further into the tunneling docs if it suits my needs.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.