Problem with availability origin in AWS configured as CNAME of AWS LB

I setup my domain as CNAME of LoadBalancer in AWS.
If you look at world availability host report - Check website performance and response: Check host - online website monitoring
you can see that from 60% places site reurn 404 ( it’s ok), but from 40% places site have connection timed out.
I have another domain in AWS in the same region - And i have no problem with this domain.
Looks like some Cloudflare Edges have’nt acces to some AWS ip addresses.
Whats problem ? for example 522 - Ray ID 6a6f010d59d9da42

Not sure what’s happening here, but have you tried to bypass Cloudflare? You can for example temporarily switch the DNS record for your “test” subdomain to “Proxy status: DNS only” (grey-clouded) in the Cloudflare DNS configuration. Cloudflare will then return your load balancer IPs directly to the visitor, meaning that the HTTP requests won’t be going through Cloudflare. That could give you another data point for your troubleshooting.

Then I guess you could try accessing the load balancer DNS name ( through that same “check-host” test as well.

This should hopefully tell you whether the Cloudflare setup is contributing to the problem or not. If it points to AWS, I would look at the set of IP addresses returned when resolving the load balancer DNS name. You could for example use curl to send a request to each IP address with the Host header set to your “test” domain. It’s possible that a load balancer or security group misconfiguration could contribute to the problem depending on which availability zone the request ends up in (as determined by the load balancer IP).

1 Like

If i switched off proxy mode - i got full availability. But i need proxy mode, coz i integrated with through CF Workers.

It is possible to debug this case through ray-id? I write it in my first message.

Unfortunately, we have no insight into your account or connections, including Ray ID.

You mentioned CF Workers. Do you have a Worker enabled for that route?

Now workers is disabled. But i need to enable it, after solving availability problem

Your nginx origin server seems to be misconfigured for HTTPS as the 404 error page is coming from nginx 404 served page. non-HTTPS works fine to do a redirect to HTTPS but direct HTTPS access = 404 not found nginx served page. So either nginx origin HTTPS vhost is misconfigured or the AWS Loadbalancer is i.e. sending the wrong HOST header to origin nginx server where such incorrect HOST header referenced hostname doesn’t exist on origin nginx server.

1 Like

Both virtual hosts ( and not configured right now on nginx, coz it’s host created for show my problem to community. And 404 is ok answer.
I configured my production hosts as a A record for one of working IP on AWS LB. But ip pereodicaly chnaged and need to change it manualy in CF DNS.
I want to solve problem with CNAME.

That’s interesting. I guess you’re saying that the “check-host” website returns successful results (well, 404 as expected) from all locations in that scenario.

And having Workers enabled or disabled when proxying was on didn’t matter I guess.

Please let me know if my assumptions above are incorrect in any way.

A record isn’t a good option in this case as you know, but did one of the options (A or CNAME record) work better in terms of “check-host” results? (Ignoring the fact that an underlying IP address might leave the load balancer IP pool) Just curious :smiley:

I solved problem with availability. Thanks for all.
I created NLB instead Classic LB and assign ElasitIP. All works good with A records on Origin to static IP.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.