Requests not reaching server

I have a domain name whose subdomains I’m managing in Cloudflare. I’ve had two subdomains working for the past few months. Yesterday I wanted to add one more, but I ran into issues where the request was timing out no matter what I did. I even changed the reverse proxy config to return 500 straight away, but it is still timing out.

Server: https://requests.juanferrer.dev

Nginx config:

server {
    listen 80;
    listen [::]:80;
    server_name requests.juanferrer.dev;

    location / {
        return 500 "Reached me";
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name requests.juanferrer.dev;

    location / {
        return 500 "Reached me";
    }
}

But this is what I see:

Output from curl -Is https://requests.juanferrer.dev:

HTTP/2 522
date: Fri, 10 Nov 2023 11:48:05 GMT
content-length: 0
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e411OHbwGFbqbHhh3FfVaWau9%2F3uxGGJjv%2FHApV0MXwAvTqdWyLVoSd7P80lGGYMSe1uBvMoWR5FThPFScrscC34lSxuy2afrTADg0na1CM8keMeHUdi1hmyTH%2FVapPkQlW5k2DC0NueUtt%2Bkz5%2F%2Bgh63BQnDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823e0fbcbe1e1c8e-AMS
alt-svc: h3=":443"; ma=86400

The logs from Nginx show regular traffic, but nothing new when trying to reach that URL.

Any ideas?

Connecting on http:// gives a 301 redirect to https:// so that’s likely being done by Cloudflare as you say those requests don’t hit your origin.

HTTPS just seems to stall then timeout with error 522 from Cloudflare. Do requests direct to the origin work ok?

I also think the 301 is done by Cloudflare.
Direct requests do reach the origin, although I haven’t been able to get an SSL certificate yet due to this problem. However, it immediately returns the SSL error, no timeouts.

Here you go, check it yourself: http://86.165.154.141, https://86.165.154.141. Don’t be naughty, though.

Not sure on the Cloudflare’s proxy behaviour for a missing certificate, I assume it should error immediately. (Just double check the A record in the DNS is correct - obvious I know but sometimes easily missed!)

You can get an origin certificate from Cloudflare to use temporarily. Or use certbot with DNS validation.

I’m not sure if when querying your IP address it’s taking the same path as it would with a domain name for HTTPS. For HTTP it does, but Cloudflare is redirecting that so can’t see if HTTP through Cloudflare reaches the origin.

Alright, I did the certbot with DNS and now I have a valid SSL certificate. https://86.165.154.141 now shows the expected 500 error, but it still times out through Cloudflare.

For completeness, here’s the A record:

Proxied or not, the same error appears.

And just as I clicked submit, I saw it… I’ll be closing this, don’t hit me. Thank you for your help!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.