By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cloudflare error 521

0

I use ec2+cloudflare, and it runs well before I add their IP in VPC and security group as allow list, after that, when I link to my domain, it shows error 521, and I've followed the step on cloudflare, and reset my vpc and security group, but it doesn't work. It runs well if I link to my ec2 ip, so it seems cloudflare is blocked in somewhere. How do I check it?

security group inbound security group outbound Network ACL inbound Network ACL outbound

I can access my website by ec2 ip, but I can't access my website by my domain set in cloudflare, and I 'm sure the setting is correct in cloudflare

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Security Group
Language
English
rePost-User-0610940
asked a year ago316 views
8 Answers
1

The 521 error code that you're encountering is a HTTP status message from Cloudflare that means the web server refused the connection. Given that you're receiving a 521 error, it's likely that your EC2 instance isn't accepting incoming connections from Cloudflare.

Ensure that your web server (Apache, Nginx, etc.) is set up to accept requests for your domain name, the same one you set in Cloudflare.

Verify your Security Group settings: Confirm that your AWS security groups permit HTTP (port 80) and HTTPS (port 443) traffic from all of Cloudflare's IP ranges. Cloudflare proxies your traffic, which means to your server it appears as if the traffic is coming from Cloudflare.

Check your VPC Network ACLs: AWS Network Access Control Lists (ACLs) can also control the flow of traffic at the subnet level. Make sure that the ACLs associated with your EC2's subnet are allowing inbound and outbound traffic on ports 80 and 443 from Cloudflare's IP ranges.

You can find a list of Cloudflare's IP ranges here: https://www.cloudflare.com/ips/

profile pictureAWS
monroery
answered a year ago
  • rePost-User-0610940
    a year ago

    I allow all traffic in and out for all ip in port 80 and 443, it doesn't work

0
Accepted Answer

Yes the web-server must have HTTPS enabled, configured an have the correct certificate installed.

profile pictureAWS
monroery
answered a year ago
  • rePost-User-0610940
    a year ago

    I enable https, and I can access both http://{my ip}index.html and https://{my ip}/index.html, and also https://{my domain name}/index.html, but I can't access https://{my ip}/login, I think the issue will be solve soon

  • rePost-User-0610940
    a year ago

    Hi, after I enable https and reset WSGI, I solved this problem, thank you for your help

0

Make sure that your DNS settings in Cloudflare are set up correctly: Cloudflare should be directed towards the public IP or Elastic IP of your EC2 instance. This means that there needs to be an "A" record that references your EC2 instance's public IP address. It's crucial that this record is configured to be proxied, indicated by an orange cloud.

profile pictureAWS
monroery
answered a year ago
0

Ok interesting, a few questions. Did you check the VPC's Network ACL's for allowing both Inbound and Outbound traffic? How about making sure the DNS name resolves to the correct IP? Same errors when accessing the webserver over 80? 443? Do you have any Cloudflare WAF rules enabled?

profile pictureAWS
monroery
answered a year ago
0

How about making sure the DNS name resolves to the correct IP? And do you get the same exact error when accessing the webserver over 80 and 443?

profile pictureAWS
monroery
answered a year ago
  • rePost-User-0610940
    a year ago

    I copy the IP from my ec2 instance, and copy it to cloudflare, so I think it's correct. I guess I just get the same error on port 443, port 80 is ok to access

0

You can access over 80 ok, but when using 443 you get a 521 Error?

profile pictureAWS
monroery
answered a year ago
  • rePost-User-0610940
    a year ago

    I can access http://{my ip}, https://{my ip} shows ERR_CONNECTION_REFUSED. but cloudflare redirect http to https, so I guess aws block cloudflare in somewhere

0

Sounds like a certificate problem or web-server/application problem, rather than an AWS problem. 521 error means the web server actively refused the connection, so the request made it to the EC2 instance, proving that network path is good and EC2 is reachable.

Check your web server and certificate configuration to ensure it is properly set up to handle HTTPS requests.

You can also check your Cloudflare SSL/TLS Settings: Double-check your SSL/TLS settings in the Cloudflare dashboard. Ensure that you have the correct encryption mode selected (e.g., Full, Full (Strict), Flexible) and that the SSL/TLS configuration matches the settings on your web server.

profile pictureAWS
monroery
answered a year ago
  • rePost-User-0610940
    a year ago

    If it's a certificate problem, then it will show error 526. I've set all encryption mode in Cloudflare, and get the same error code. and when I try telnet {my IP} 443, it shows "Unable to connect to remote host: Connection refused". My server just use http now, I'll try to use https.

0

security group inbound security group outbound Network ACL inbound Network ACL outbound

I Allow all traffic, ports and protocols, and I don't have any Cloudflare WAF rules How do I make sure the DNS name resolves to the correct IP

rePost-User-0610940
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content