Proxied mode results in 521 error on site

wozniak88 · March 26, 2025, 11:16pm

What is the name of the domain?

procom-me<.>com

What is the error number?

521

What is the error message?

Error number 521

What is the issue you’re encountering

When enabling proxied mode on A and www records, site goes down with 521 error

What steps have you taken to resolve the issue?

#Environment
AWS EC2 instance
Plesk Obsidian 18.0.6.7 with Nginx + Apache
Cloudflare for DNS and proxy

Issue Description
When using Cloudflare in DNS-only mode, site loads perfectly fine. However, when switching to Proxied mode A and CNAME - www, I consistently get a Cloudflare 521 error (Web server is down).

troubleshooting Steps Already Taken

AWS Security Configuration:

Inbound security groups allow all traffic (0.0.0.0/0) on ports 80 and 443
No network ACLs are blocking connections

#Server Configuration:

Disabled ModSec, Fail2Ban and mod_reqtimeout in Plesk
Verified Nginx is listening on all interfaces:
Copyss -tulpn | grep nginx
tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:((“nginx”,pid=3639309,fd=45),(“nginx”,pid=3639308,fd=45))
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:((“nginx”,pid=3639309,fd=46),(“nginx”,pid=3639308,fd=46))

Confirmed no iptables rules are blocking traffic:
Copyiptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

nginx Configuration:

Added listening directives for all interfaces in both server.conf and domain.conf:

listen 80;
listen 443 ssl http2;

Verified configuration with nginx -t and restarted Nginx

⁠No Access Configuration:

Using “Flexible”, “Strict”, “Full” SSL/TLS mode all gives 521
Properly configured A records
No custom Page Rules affecting the site

#What I’ve Verified

The site works perfectly in DNS-only mode
Nginx is properly listening on all interfaces for ports 80 and 443
No firewall rules are blocking traffic
I have issued CFlare SSL certificate, installed on the domain at Plesk, still 521

What are the steps to reproduce the issue?

Enable Proxy mode for A and CNAME - www records

Working with Plesk support they

wozniak88 · March 29, 2025, 5:35pm

This has been solved, there was a rule on Cloudflare to redirect www and non-www over 444 ports.

system · March 31, 2025, 5:35pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I have getting 521 on my backend server , proxied from cloudflare Website, Application, Performance	1	2308	September 27, 2023
Server working but having error 521 General	6	218	May 12, 2024
(Resolved) Error 521 CloudFlare DNS & Network	1	2000	October 14, 2021
DNS record issue, CNAME and A record updated, error 521 DNS & Network	2	2453	September 28, 2021
Error code 521 after DNS management Turn on Proxy DNS & Network	2	1548	November 18, 2022