Random 520 error

I hope I could fix the bug. At least it was not show up anymore. I changed the hosts:

sudo nano /etc/hosts

Now I could finally see what happens “behind Cloudflare”. There were still some links on the page without ssl. So the page switched from time to time between secure and insecure.

And the second issue was that under Safari there was a nsposixerrordomain 100 error where the page was completely gone.

Stackoverflow says in this case to disable http/2 in the load balancer of AWS. And that helped. Don’t know what it was from both, but it seems to be fixed.

I hope that the error does not come back. Cloudflaire should analyze the error more precisely. Only outputting 520 is not enough.

Hi all,
Do you have any update on this? We keep getting randomly error 520. Did anyone found a working solution? I see on CF’s system status page that these days have a lot of 5xx issues on their network.

Call your host and have them white-label the IP list from cloudflare. Cloudflare sends data through various ip’s and typical servers will throw the 520.

The server is dedicated and CF is whitelisted already. Both IPv4 & IPv6.
We turned off CF and all errors are gone. Strangely there is no error on the server’s logs (apache, nginx, access).
CF support told me that the 520 errors are proxied to CF from the server. I was under the impression that 52x was a CF error.

Got the same issue here !

I openened a support ticket, waiting for a reply. Does anyone has received a reply from CF Team ?

Hi all. Here’s what’s worked for me. Check this: https://support.cloudflare.com/hc/en-us/articles/360029696071-Restoring-original-visitor-IPs-Option-2-Installing-mod-remoteip-with-Apache.
For those who have access to the server configuration, enable the mod_remoteip and configure the httpd.conf via the include editor (Home->Service Configuration->Apache Configuration->Include Editor --> Pre Main Include)
Add there the CF ip’s

i get also 520´s - only randomly (3 times of 10) - but ONLY if i visit my website through our android app (webview)
mobile its working…
disabling the CF proxy - all fine

Are you sure that will fix the problem ?

I’m absolutely positive that it fixed mine. I can’t say about yours because not all faults are the same.

I’m also having those random 520 errors on all of my WordPress sites and had to disable DNS proxy so i don’t get the errors.
I’m using latest Plesk on my VPS and have no clue why they started to happen! Can someone help?

In our case, the traffic is CF proxied to an EC2 instance via a load balancer. Disabling HTTP/2 on the load balancer eliminated the intermittent 520 errors. I’m not a network specialist by any means but seems like CF and AWS implementations of the protocol are at odds.

Having the same issue here. Intermittent 520 errors with CF in front of an AWS ALB. Disabling CF, the errors go away. Followed CF’s troubleshooting steps but they haven’t worked. Opened a support ticket with them and they marked as resolved without doing anything, so I re-opened it a few days ago and waiting to hear back.

I’ll give the mod_remoteip approach a try, as well as disabling HTTP/2, but we really should not have to disable HTTP/2 for this to work. If there is an incompatibility between CF and AWS for HTTP/2, that needs to be fixed

EDIT: tried the mod_remoteip workaround, and I’m still getting 520s. Disabling HTTP/2 is greyed out for me in CF, so can’t try that.

I can confirm that mod_remoteip does the trick.
Remember to clear browser cookies. If you don’t, you’ll still get 520 errors.

We use ArgoTunnel and ever since the 9th we were getting random 522 errors. Never been an issue before. It was across various servers in our network and the only fix, so far, was toe turn off the tunnel and even the DNS proxy.

Also submitted a ticket to CF and they were initially responsive but then stopped about 18 hours ago. I’ve sent them a number of emails with various logs and screen shots with debugging info but nothing back yet. We run IIS so I can’t try the Apache mod suggested. But I can get the site to work once I disable the DNS proxy.

Disable HTTP/2 on AWS load balancer instead. CF uses HTTP/2 as standard and is keen to force HTTP/3 on free accounts soon, whatever other calamities it may bring. The overall initiative is positive though.

ALB Attributes1225×472 32.6 KB

I just wanted to add this for everyone as it’s a real pain in the bum.

Some how Apache (Httpd) was installed along side my existing Nginx (even though I never had or installed or configured Apache).

After uninstalling Apache all issues went away.

UPDATE:

OK, the errors went away for a short time. Or maybe I did not test enough. I have 100% identified this issue to my additional security headers i am adding via nginx. These have been in place for over a year and only now have started causing issues. Below is the header attribute that was causing the pain.

add_header “Report-To:” "{“group”:“default”,“max_age”:31536000,“endpoints”:[{“url”:"https://twiliobilling.report-uri.com/a/d/g"}],“include_subdomains”:true}";

Hope that helps =)

Unfortunatly i’m running Plesk on a VPS - i can’t remove Apache and i don’t know why and how to solve this issues. The only way they go away is if i change CloudFlare proxy to DNS only on the DNS settings. If i proxy i got the error…
Can someone help?

Hi Net,

I just updated my answer. Please check to see if you are using any custom SSL related headers. The following header caused problems for me. Removed it, and no more errors.

add_header “Report-To:” "{“group”:“default”,“max_age”:31536000,“endpoints”:[{“url”:"https://twiliobilling.report-uri.com/a/d/g"}],“include_subdomains”:true}";

Hi again, it look like as the errors appear they are gone… for now!

I just hope they stay this way

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.