Proxmox + Cloudflare = 522

fitzkrawalldo · August 10, 2023, 6:58am

Hello helpers,

we have a problem using Cloudflare and hope you can help us.

Setup:

Cloudflare
Own server incl. sys admin (but no experience with Cloudflare)
Proxmox
Firewall Watchguard
Wordpress (incl. wp rocket cloudflare addon)

What we did:

Regarding to the Cloudflare docu (not allowed to share a link here), we deactivated https redirect on our server (to avoid to many redirects)
We allowlisted all cloudflare ips and checked that no ip’s are blocked

Problem:

We see very often a “522 timeout” or cant connect to the pages at all. When we pause Cloudflare on the machine, it works.
Very important to say, that the WordPress applications work temporary
We see a CPU highload on our server that is set up to host more than 100+ Websites

Is there anything what we missed to set up? I’m pretty sure, that it may related to SSL issues?

fritex · August 11, 2023, 12:19am

Before enabling Cloudflare, did each of the Websites had it’s own SSL certificate, valid and was working over HTTPS correctly?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

May I ask if the Firewall does filter the HTTPS traffic, or has some kind of a checking/verifying the HTTP packets since it sits in between the website and Cloudflare?

~~Could be Cloudflare IPs aren’t allowed on the Proxmox firewall instance?~~

Cloudflare

IP Ranges

This page is intended to be the definitive source of Cloudflare’s current IP ranges.

Helpful articles:

developers.cloudflare.com

Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs

Error Analytics per domain are available within Zone Analytics. Error Analytics allows insight into overall errors by HTTP error code and provides the …

~~Community Tip - Fixing Error 522: Connection timed out~~