Strange 521 error

Hi Guys,

First of all, we already read all topics related to 521 errors and no one is like ours.
I will try to be short and describe our scenario.
We encountered randomly 521 errors, i said randomly because sometimes it does not work from pc, other time from the phone, and sometimes it does not on both. Also it happens to work for me but not for a friend. In the past weeks every thing was fine, but from yesterday seems that these errors are more often.

What we discovered and what we did right now:

  1. If we expose the website directly over an ip it works fine, that means that our services are up (we use kubernetes and add easily a loadbalancer)
  2. at the beginning we thought that the issue was “php-fpm” but we don’t have any issues on logs, and also our subdomain with a nodejs server seems to encounter the same issue.
  3. we stop “ufw” because of k8s and we don’t have any others firewalls on our servers.
  4. Hetzner told us that they do not block any traffic.
  5. we verify ingress logs and services logs, everything seems to be clean
  6. we restarted the entire infrastructure and the issue still goes on.
  7. we added cloudflare ips to ingress whitelist to skip the k8s ratelimit.

Our infrastrure works like: Kubernetes Ingress → nginx → php-fpm

Did anyone of you encountered such an issue ?

Hello,

Have you tried these methods?

At my first sight, without knowing your domain name, it indicates to me it could be due to SSL options at Cloudflare.

So, meaning when :orange: is for your A www and A yourdomain.com, you get 521 error?

On which port does your NodeJS app running on?
Can you check compatible ports with Cloudflare and proxy your NodeJS on/over Nginx on one of the compatible ports (depending if you already have an SSL certificate at your host/origin - using HTTP or HTTP)?

Hi @fritexvz, our website is https://cupoane-reducere.net

We changed the ssl from full(strict) to flexible to see if the error still persists, and the error is still there.

Our nodejs application uses 3000 port, but because we have nginx ingress everything is forwarded from 80 to another service port.

NodeJS uses 3000, and from 80 to another? Is that “another” on the compatible list of Cloudflare ones?
What about egress port?

Currently I have checked and seems to me the websites is loading fine and correctly. Can you confirm?

Yes right now everything works fine, and it is strange because we didn’t do any changes. Like we said before, this issue appears only in some cases, but i can’t realize when or why.

Our infrastructure exposes only 80 and 443 port to internet. Nodejs application is running on a subdomain and all the traffic is forwarded from 80 to 3000.

Another strange behavior from what we saw is that if we access the website from USA the issue appears less often than we access from Europe.

1 Like