WSS loaded all day today, now barely loading at all? EHOSTUNREACH

Been testing a lot today and finding that I am now being limited severely, not impressed at all; no warnings nothing. Odd though, my HTTPs too the same amount of requests and that hasn’t been limited yet.

Is anyone familiar with this as to why my WSS would be blocked and not my HTTPs?

Maybe due to mixed-content?
Do you get some error at console?

Use websocket with WSS when using HTTPS connection.

Use WS on HTTP connection, but not on HTTPS.
If you want use WSS (websocket over TLS) use HTTPS connection.

What URL scheme and the port are you using?
For example:

wss://test.yourdomain.com:2083 (HTTPS connection)

ws://test.yourdomain.com:8080 (HTTP connection)

Just to note here, ports are an example and compatible with Cloudflare (can be proxied) as listed here:

1 Like

Definitely not, routed correctly, behind proxy on the designated ports allowed by CF. Works 100% but oddly, was giving timeout-errors.

Looked like a rate-limit in all honesty and it wasn’t done on my end or through digital ocean. I reset the servers it was IP limited, and rate-limited.

My solution past this soon is using private lan to connect my internal networks but for WAN->WAN I fear this could happen more often to let’s say a client but I was sending a lot of refreshes.So maybe CF flagged the IP for an hour or two?

Think I can update this,

  errno: 'EHOSTUNREACH',
  code: 'EHOSTUNREACH',
  syscall: 'connect',
  address: '172.64.81.xxx',
  port: 443 }
[CLOSED] 1006

This occured this morning, found all my sites offline and every reconnect revealed the above with new IPs every now and then as proxy changed. This seems to be part of Keep-Alive but I’m not sure I understand where this could be failing?

DO Host(nginx proxy) ->Cloudflare Proxy → Public(You).

Only thing I can think of now is put all the units on a private IP and not use cloudflare as much as possible but that sounds lame. I proxy all my servers currently cause of testing and all sorts taking place now so wouldn’t look nice.

This doesn’t affect me much but would love to fix this before any kind of major launch. Would almost love to hear from CF what this could be as it’s keeping me from paid subscription.

Okay, so here’s the details on the issue since I’m to ask you guys or figure it out.

CloudFlare has blocked my Public IP, this measure is likely temporary and lasts a few hours. In my case I had my servers ran off my Public IP and was actively developing off my IP through CloudFlare Proxies. This is necessary and only temporary (just part of the development process for some).

I have sent them an email about this issue but having this open I’ll update it for others.

My take all from this, it’s unfortunate I have to cut my development time short to wait for this problem to fix itself or reset my proxies to new IPs and work differently. Given it’s my actual Public IP it really sucks cause my use on many sites now are blocked till this is certainly lifted.

I do think if CloudFlare can recognize this issue the solution would be simple. Allow site owners to whitelist IPs of those who intend to develop.

So if I set my domain to allow my IP for development no blocking can occur while working through the site. If my IP is caught in other words defacing other sites with traffic, absurd usage flag/block be best like done now temporarily.

I do hope CF can adapt this or look into my case, I had sent an email and this is unfortunate but luckily good to find out early development but crushing as it delays me forcefully.

My Solution:
Added in my configuration files a developer.enabled flag, if this is true we’ll use my WAN IP and because of SSL issues, we bypass them for local use only and change the headers for this purpose too.

This makes it fast to switch when updates are completed, CloudFlare won’t ever block my address now and for my servers they all will connect through private network, so server<>server is all contain but if a need to connect a server across the world is needed this can go without proxy and strict firewall through my host. All front-facing servers will be what takes traffic through CF soon hopefully.

So maybe a heads up to those to plan early to set up both a local/public environment to avoid this lock-out. Cheers and hopefully my IP is unblocked soon.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.