Cloudflare error 521 with sub-domain


(Sam Houston) #1

Hello,

I’ve recently tried to add my new Discourse forum as a sub-domain via Cloudflare and we’re receiving an error. Cloudflare gives an “Error 521”, which means my Discourse server (currently on Digital Ocean) is blocking requests from Cloudflare.

Is this a setting on Digital Ocean (that is set by Discourse when they created the account) or is this a setting that I can change within the Discourse installation itself?

I’ve tried whitelisting all of Cloudflare’s IP ranges within Discourse and that hasn’t fixed the issue.


(Jeff Atwood) #2

Sounds like a routing error in your container, are you doing anything unusual that would not be covered in our default setup guide?


(Sam Houston) #3

As far as I know we haven’t changed anything with the Digital Ocean container. Are there any bits in particular that may cause some sort of routing issue?


(Jeff Atwood) #4

Not that I know of. We’ve never heard reference to cloudflare error 521 here, so far, except for this post.

If you are using default stock install settings on the Discourse side, and haven’t done anything unusual with the Ubuntu OS underneath via SSH, I can’t think of anything that would interfere. Note that a lot of the “special” JavaScript functionality that CloudFlare offers will interfere with Discourse, but it sounds like the problem is more fundamental here.

  • Can you access Discourse via IP address with CloudFlare disabled?
  • Can you access Discourse via DNS with CloudFlare disabled?

(Sam Houston) #5

I can access Discourse via IP currently (with Cloudflare enabled), which is how I’ve been managing the forum right now.

I’ll have to work with my dev team to experiment more and see if we’ve changed anything server side. Thanks Jeff for your help so far.


(Ed Arcos) #7

Hi. This is happening to me. Digital Ocean is blocking Cloudflare requests. I thought UFW was enabled either on the server or in the Discourse Docker but it doesn’t seem to be.

Our install is 100% standard, following the 30-minute guide on Digital Ocean. DNS on Cloudflare. If I access via IP or disable Cloudflare on that particular subdomain, everything goes back to normal.

- "templates/cloudflare.template.yml" line is included on app.yml.

We get an 524 error, but basically is the same. Cloudflare cannot reach the server.


(Jeff Atwood) #8

Interesting did you contact Digital Ocean to find out why that may be?


(Ed Arcos) #9

Yeah. I’ll update here whatever answer they give me.

By the way: Ubuntu 16.04.2 x64, 100% standard installation following Discourse’s guide. Baffles me.


(Ed Arcos) #10

Mystery solved. Railgun was the culprit. It is enabled on all subdomains by default even if the subdomain points to a different IP. Created a rule to disable Railgun on the discourse subdomain and problem went away.